An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Topic Options
#31777 - 11/15/14 04:29 AM Best Removal Tool for Keystroke Capture
slolerner Offline


Registered: 08/25/09
Loc: New York City
My friend may have downloaded some malware from a company pretending to offer Norton Antivirus. She allowed them access to her desktop, in other words, allowed someone to control her computer from over the phone.I suspect it installed a keystroke capture.

It was done on a WINDOWS machine, but it is networked so ?may? spread to macs on same network. She is also using numerous ipads, ipods, etc.
_________________________
Mid 2010 MacBook Pro 13"
2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5
1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD
HP Laserjet 6MP printing postscript via 10/100 Intel print server
Netgear WN2500RP Range Extender (Ira rocks!)
Linksys WRT1900AC Wireless Router
Brother MFC-9340CDW Color Laser
iPad Air

Top
#31779 - 11/15/14 07:51 AM Re: Best Removal Tool for Keystroke Capture [Re: slolerner]
artie505 Online


Registered: 08/04/09
Has your friend run an anti-malware scan?

There's no way to remove what you can't identify.

Nuke & pave sounds like the only sensible option. frown
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#31781 - 11/15/14 08:26 AM Re: Best Removal Tool for Keystroke Capture [Re: artie505]
slolerner Offline


Registered: 08/25/09
Loc: New York City
Neither she or I know how to do that on a windows machine. Can you suggest what a program she can run that will pick up unidentified malware? Sophos picked up a bot on my computer several years ago.

Top
#31785 - 11/15/14 10:57 AM Re: Best Removal Tool for Keystroke Capture [Re: slolerner]
joemikeb Online

Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
There are any number of anti-virus/anti-malware applications for Windows. A Google search for anti-malware windows will yield copious results including comparison tests of various products. Even Microsoft now offers their own "Safety Scanner" for Windows.

There is little worry that Windows malware can spread to Macs unless the Macs are running Windows in some environment or other. Malware on her PC could monitor and "phone home" traffic on the LAN that includes traffic to and from Macs, but that is about it.
_________________________
joemikeb • moderator

Top
#31787 - 11/15/14 04:34 PM Re: Best Removal Tool for Keystroke Capture [Re: slolerner]
artie505 Online


Registered: 08/04/09
Since your friend isn't certain that she's actually got a problem, she can't be certain that something identified by an anti-malware scan is the problem she's worried about having.

I'll suggest that anything other than nuke & pave leaves her at risk.

(Is she seriously running a Windows box withOUT anti-malware software? shocked )

Edit: Sorry for maybe belaboring the obvious, but I hope your friend has been told in no uncertain terms to avoid doing anything that can be used against her later on until her issue is sorted out.


Edited by artie505 (11/16/14 02:08 AM)
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#31789 - 11/16/14 07:58 AM Re: Best Removal Tool for Keystroke Capture [Re: artie505]
joemikeb Online

Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
While It has been a long time since I made my living training tech support "engineers" for Microsoft it has not been that long since I helped a friend to recover their PC after an incident, and while I generally agree with the philosophy behind artie505's nuke and pave suggestion there are several potential gotchas in it.
  1. The only reinstall copy of Windows that most Windows users have is in a disk image type file on the hard drive. Nuking the hard drive nukes that image as well.
  2. The image can be burned to a CD/DVD but if the user already has the malware it is highly likely the image file has also been infected so unless the optical disk was burned before the infection occurred, reinstalling from that image simply reinstalls the malware. (Very few Windows users even know how to burn the optical disk or that they should burn one much less take the time to do it.)
  3. There are a number of free Windows anti-virus/malware applications available including Clam AV (the Windows version of ClamX AV). But most of these only detect the virus signature in incoming files and move the suspect file to a quarantine folder. They have no true disinfecting capabilities.
  4. The tools with disinfecting capabilities cost money to buy and typically an annual subscription fee to keep up to date, but prices are coming down with volume and competition.
  5. It is safe to assume there have been numerous patches to the version of Windows since the image file was created and getting back up to current status can be a long and tedious process.
All of this is why PC repair shops can, and often do charge $300 to disinfect a $500 Windows PC. For only a "small" additional charge the user may get a optical disc copy of the installed version of Windows and an anti-virus/malware package installed. The annual subscription fee to keep the anti-virus/malware up to date is, of course, extra and paid to the publisher of the software.

One of the free Anti-virus/malware detection applications may be able to detect the presence of the particular malware on your friend's PC, but disinfecting her PC will almost certainly not be free. My suggestion would be to download and run one, or more, of the free anti-virus/malware applications and IF malware is detected or your friend is not convinced she is malware free, take the PC to a reputable local PC repair shop and have them disinfect, provide a bootable Windows install disc, and install a [/u]ood[/u] anti-virus/malware application. The cost of that is part of the cost of owning a PC and running Windows. (We never said that out loud when I worked for Microsoft.)


Edited by joemikeb (11/16/14 08:11 AM)
Edit Reason: Typos
_________________________
joemikeb • moderator

Top
#31790 - 11/16/14 08:15 AM Re: Best Removal Tool for Keystroke Capture [Re: slolerner]
joemikeb Online

Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Take a look at this PC Magazine review of anti-virus/malware applications. All of these have good reputations. Kaspersky is a Russian product brought to you from the heart of malware development country.


Edited by joemikeb (11/16/14 08:17 AM)
Edit Reason: add comment on Kaspersky
_________________________
joemikeb • moderator

Top
#31796 - 11/17/14 01:01 AM Re: Best Removal Tool for Keystroke Capture [Re: joemikeb]
artie505 Online


Registered: 08/04/09
If I were slolerner's friend I'd be up on the roof looking down after reading your post.

In her situation, my fear would be that my actually having let somebody into my "home" may have enabled the installation of something that's neither recognized, nor even recognizable, as any know in-the-wild malware, but is perhaps a proprietary thing that would fly beneath the radar.

I think she is truly catch-22'd. frown
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#31798 - 11/17/14 07:36 AM Re: Best Removal Tool for Keystroke Capture [Re: artie505]
slolerner Offline


Registered: 08/25/09
Loc: New York City
???

Top
#31804 - 11/18/14 01:39 AM Re: Best Removal Tool for Keystroke Capture [Re: slolerner]
artie505 Online


Registered: 08/04/09
It seems to me like your friend's caught between a rock and a hard place.

As per joemike, reformatting her HDD will likely be impossible for her to do, and my thought is that an "anti-" scan may not find what, if anything, has been insinuated onto her HDD, and that leaves her maybe having to spend an awful lot of money to get a knowledgeable PC pro to get her back on track...not an admirable position to be in. frown
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#31807 - 11/18/14 06:28 AM Re: Best Removal Tool for Keystroke Capture [Re: slolerner]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
Originally Posted By: slolerner
My friend may have downloaded some malware from a company pretending to offer Norton Antivirus.

If they're not within range of you to physically help, probably the path of last resistance and best solution is to track down a reputable/competent pc service provider in their area and send them there. Hopefully someone more intelligent than greek-squad.
_________________________
I work for the Department of Redundancy Department

Top
#31814 - 11/18/14 08:35 AM Re: Best Removal Tool for Keystroke Capture [Re: Virtual1]
slolerner Offline


Registered: 08/25/09
Loc: New York City
I had her download the Microsoft tool which claims to clean up all maware and sign up for LifeLock credit protection.

I already told her to change all her passwords.


Edited by slolerner (11/18/14 08:37 AM)
Edit Reason: more

Top
#31818 - 11/19/14 12:02 AM Re: Best Removal Tool for Keystroke Capture [Re: Virtual1]
artie505 Online


Registered: 08/04/09
Sorry to belabor this, but I think it's too important to allow it to slide under the radar, so, specifically: If you were in the same situation as slolerner's friend

Quote:
She allowed them access to her desktop, in other words, allowed someone to control her computer from over the phone. (Emphasis added)

and had absolutely no idea what they did, would you feel secure with little more than an anti-malware scan, or would you be fearful that they perhaps installed something malicious that's unrecognizable as malware by a scanner (and, presumably, well hidden, too)?


Edited by artie505 (11/19/14 03:34 AM)
Edit Reason: Clarification
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#31820 - 11/19/14 03:32 AM Re: Best Removal Tool for Keystroke Capture [Re: slolerner]
artie505 Online


Registered: 08/04/09
If they installed a keystroke logger they already know her new passwords. frown

Edit: Ain't it ironic? You really need to tell her to go to an Internet cafe to change her passwords again and to take care of her critical business from there until her problem is resolved. shocked wink

Edit 2: Have her read WiFi security | Networking | FineTunedMac first.


Edited by artie505 (11/19/14 04:20 AM)
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#31839 - 11/21/14 01:30 AM Re: Best Removal Tool for Keystroke Capture [Re: artie505]
artie505 Online


Registered: 08/04/09
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top

Moderator:  joemikeb, MacManiac