As title. Asking for a friend as he formerly played wow. I saw his Character online while playing starcraft II. He's done a full scan with MSE but nothing detected. On the plus side it looks like it was a gold farmer. He now is lvl 82, has 525 mining, plus 30 days of game time courtesy of a game card bought on-line!
remove hd from machine, and scan on a fully updated machine, with antivirus, and maybe malwarebytes antimalware. most av will find keyloggers
+1 to what RichCreedy said. If that doesn't find it then either scrap that hdd, or tell your friend not to use the same email and password across multiple websites.
Thanks for the suggestions guys. Can keyloggers be so difficult to find that you have to scrap the HDD?
There's never a need to scrap it literally - a format will get rid of anything. Most of the time, a good antivirus will find keyloggers.
Down load a program called rapport. I use it with my bank log in details, it's designed purely to block key loggers. I'm guessing if it's on the PC it will protect everything rather than just bank log ins. Then again if you've been hacked it might be worth reinstalling and changing all thye pass words.
keylogger can be ran strictly from memory.. after an exploit or embedded in certain software, it can be ran without writing anything to the disk.. that's what most guys don't understand- real hackers leave as little to investigate as possible in the aftermath =] even migrated into it's own process (this will show up like in task manager- but they usually migrate into a known process like explorer.exe or notepad.exe.. av can catch this) he was probably a puppet visiting certain websites and running dubious software is my guess.. too late the writer got what he wanted like in a browser exploit.. the memory exploited might only be good as long as the browser is open- so the hacker has a limited time to migrate it into a more stable process.. or he could choose to let it ride.. upload the keylogger and get lucky- av doesn't work in that case
If this guy has had some details compromised (Starcraft 2) then they may have also got other important information (banking information for example). This guys needs to: Format his hard drive and re-install windows. Change every password and log in he has. Monitor his bank accounts carefully over the next few days for suspicious activity. Ensure he has good quality up to date virus and malware protection. Some people rave about windows security essentials but others do not rate it. As an example you can buy Norton Antivirus OEM for about a tenner which is the cost of a (small) round of drinks. Take a crash course in basic computer security - concentrating on why it is not a good idea to download a lot of crap on to your PC and basic browser safety. He needs to do this NOW. It may seem like overkill, but if this was my machine I would settle for nothing less than the above. I personally know 2 people who have had bank accounts cleared out after installing key loggers and it was not a fun experience for them.
i see loads of machines that have problems with rapport malwarebytes, paid for version will do a flash scan of memory items everytime it updates, which can be hourly
Yeah, from personal experience I found rapport to be a pita One day it just stopped working. Personally I've got the paid version of Malwarebytes and its never let me down so far.
The version I use is downloaded direct from Natwest, it does nothing else other than protect my bank log in from key loggers. Maleware byte and programs like it are ok but you still have to do a scan manually. The way I use raport it's there all the time protecting pass words against key loggers. It works perfectly for me the way I use it.
as i said paid for version, can be set to check memory after every update, which mine does free version doesn't run in the background, paid for does
