[mini2nut]

Alright, my son plays WoW and has recently had his account hacked. We both think he got a keylogger from one of the addons he downloaded and it stole his account and password. Is there anyway I can check if he has a keylogger on his computer? And if the program finds it, how can I get rid of it? Thanks for your help.

[AuroraDizon]

WoW has many add ons because at one time they had a contest to do simple things, but people got out of hand and WoW tells people not to use 3rd party applications anymore. (husband gave me that information) Delete everything you downloaded installed and possibly even your entire WoW program (make sure you have your discs to reinstall). Then get anti-virus, spyware scanners. My suggestion is to download them install update and then restart in safe mode and run all your scans from there.If you don't have an antivirus I suggest AVG FreeAVG also has Anti-SpywareSpyBot LavasoftSuperantispywareYour other options are to 'roll back your computer to an earlier time', clean reinstall etc.

[mini2nut]

OK, I already downloaded Ad-Aware and AVG Anti-Virus program and ran them. I guess what I have to do now is just reboot in safe mode and scan. And would it be easier just to system restore to a week ago?Thanks

[AuroraDizon]

update them for newest sigs before you go into safe mode, then scan and see if anything pops up. It should tell you if its a keylogger, trojan or tracking cookie etc.

[TheNameless]

You might also want to get a good AV to check for these things, such as Avira (free or paid) or NOD32 (paid), as not all anti-spyware applications go beyond checking for "commercial" keyloggers.

[mini2nut]

I have the AVG Anti-Virus download. So I think that will take care of the AV I need

[TheNameless]

Alright, just wanted to make sure we didn't over-look something. wink

[mini2nut]

[quote name='TheNameless']Alright, just wanted to make sure we didn't over-look something. winkHehe, I think I'm gonna go scan the other PC right now. So all I do is boot it up, then tap F8 a few times and click safe mode, then use AVG and Ad-Aware scanners?

[AuroraDizon]

yea, make sure your packages are updated before you scan in safe mode if you don't connect to networkingDon't forget to change all passwords that may of been stolen!

[mini2nut]

Ok booted up my computer, logged on, checked for updates, then clicked restart on my PC. As it was booting up I kept tapping F8 and came up with this menu.Please select boot device:1st Floppy DrivePM-LITE-ON COMBO SOHC-5235K3M-ST3160 8275ASIBA GE SLOT 0148 v1217Which 1 do I choose?

[mini2nut]

Ad-Aware found 4 data miners, called tracking cookies, a IECache entry, a TAC of 3, with 2-5-4-5 hits.Startin AVG now

[TheNameless]

That's the boot menu.You should probably try the F10-F12 keys instead, every manufacturer has a different key for mode transitions.

[mini2nut]

Alright, gonna try it right now. When I do happen to choose the right button, what will the menu look like or will it just tell me booting in safe mode?

[TheNameless]

It will look like a DOS box, aka, black screen with large letters. There will be 3-4 options, you want "Safe Mode." Don't worry about networking or anything, and make sure it's not just with the command prompt option.If that doesn't work, a more generic solution:Start Menu-->Run-->type in msconfig and hit enter-->Click on the BOOT.INI tab and check the box next to "/SAFEBOOT" under the Boot Options section-->Reboot and you will be in Safe Mode. After you are done tinkering around in Safe Mode and you are ready to reboot back to normal boot, you have to do that again while in Safe Mode and un-check the "/SAFEBOOT" option then reboot again.

[mini2nut]

Alright thanks. I got the safe mode to boot up using the run option Now I am just gonna do a full system scan with Ad-Aware and AVG.

[TheNameless]

You may post what it finds (if it finds anything at all). Some members, including myself, may be able to point you in the right direction as to what more you have to do (if anything), and what to prevent further infection.Hope you bring happy tidings.

[mini2nut]

Ok, AVG scanned and didn't find anything new. Yesterday when I scanned however, it had a lot of things. They are currently in the virus vault, and I am wondering what option I should do.

[TheNameless]

The virus vault keeps you safe from the viruses, if you wish, you may delete them completely.As for the spyware it found, none of them are as dangerous as a "keylogger." All of those just track your behavior.

[SpiritWind]

{size:18px}[/size]:D Hi Mini2nut : Nowadays, there are more than just "viruses" in an antiVIRUS's "vault"; therefore, extreme caution should be used BEFORE "Deleting" anything from it . Since you are now using AVG FREE "Edition" of their antiVIRUS program, you should educate yourself on HOW it should be used. This is best done by visiting their forum at http://forum.grisoft...rum/index.php?0 and reading through some of their threads, particularly their "Sticky"s . Regarding possibly "Deleting" from the "Vault", I recommend you read closely http://forum.grisoft...orum/read.php?4,41284,backpage=,sv= . Questions about the Results of your Ad-Aware Scan(s) are best asked on their Support Forums at www.lavasoftsupport.com/ .

[mini2nut]

Should I just delete the IE caches?