An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Best Removal Tool for Keystroke Capture
#31777 11/15/14 12:29 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
My friend may have downloaded some malware from a company pretending to offer Norton Antivirus. She allowed them access to her desktop, in other words, allowed someone to control her computer from over the phone.I suspect it installed a keystroke capture.

It was done on a WINDOWS machine, but it is networked so ?may? spread to macs on same network. She is also using numerous ipads, ipods, etc.


Mid 2010 MacBook Pro 13"
2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5
1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD
HP Laserjet 6MP printing postscript via 10/100 Intel print server
Netgear WN2500RP Range Extender (Ira rocks!)
Linksys WRT1900AC Wireless Router
Brother MFC-9340CDW Color Laser
iPad Air
Re: Best Removal Tool for Keystroke Capture
slolerner #31779 11/15/14 03:51 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Has your friend run an anti-malware scan?

There's no way to remove what you can't identify.

Nuke & pave sounds like the only sensible option. frown


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Best Removal Tool for Keystroke Capture
artie505 #31781 11/15/14 04:26 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
Neither she or I know how to do that on a windows machine. Can you suggest what a program she can run that will pick up unidentified malware? Sophos picked up a bot on my computer several years ago.

Re: Best Removal Tool for Keystroke Capture
slolerner #31785 11/15/14 06:57 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
There are any number of anti-virus/anti-malware applications for Windows. A Google search for anti-malware windows will yield copious results including comparison tests of various products. Even Microsoft now offers their own "Safety Scanner" for Windows.

There is little worry that Windows malware can spread to Macs unless the Macs are running Windows in some environment or other. Malware on her PC could monitor and "phone home" traffic on the LAN that includes traffic to and from Macs, but that is about it.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Best Removal Tool for Keystroke Capture
slolerner #31787 11/16/14 12:34 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Since your friend isn't certain that she's actually got a problem, she can't be certain that something identified by an anti-malware scan is the problem she's worried about having.

I'll suggest that anything other than nuke & pave leaves her at risk.

(Is she seriously running a Windows box withOUT anti-malware software? shocked )

Edit: Sorry for maybe belaboring the obvious, but I hope your friend has been told in no uncertain terms to avoid doing anything that can be used against her later on until her issue is sorted out.

Last edited by artie505; 11/16/14 10:08 AM.

The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Best Removal Tool for Keystroke Capture
artie505 #31789 11/16/14 03:58 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
While It has been a long time since I made my living training tech support "engineers" for Microsoft it has not been that long since I helped a friend to recover their PC after an incident, and while I generally agree with the philosophy behind artie505's nuke and pave suggestion there are several potential gotchas in it.
  1. The only reinstall copy of Windows that most Windows users have is in a disk image type file on the hard drive. Nuking the hard drive nukes that image as well.
  2. The image can be burned to a CD/DVD but if the user already has the malware it is highly likely the image file has also been infected so unless the optical disk was burned before the infection occurred, reinstalling from that image simply reinstalls the malware. (Very few Windows users even know how to burn the optical disk or that they should burn one much less take the time to do it.)
  3. There are a number of free Windows anti-virus/malware applications available including Clam AV (the Windows version of ClamX AV). But most of these only detect the virus signature in incoming files and move the suspect file to a quarantine folder. They have no true disinfecting capabilities.
  4. The tools with disinfecting capabilities cost money to buy and typically an annual subscription fee to keep up to date, but prices are coming down with volume and competition.
  5. It is safe to assume there have been numerous patches to the version of Windows since the image file was created and getting back up to current status can be a long and tedious process.
All of this is why PC repair shops can, and often do charge $300 to disinfect a $500 Windows PC. For only a "small" additional charge the user may get a optical disc copy of the installed version of Windows and an anti-virus/malware package installed. The annual subscription fee to keep the anti-virus/malware up to date is, of course, extra and paid to the publisher of the software.

One of the free Anti-virus/malware detection applications may be able to detect the presence of the particular malware on your friend's PC, but disinfecting her PC will almost certainly not be free. My suggestion would be to download and run one, or more, of the free anti-virus/malware applications and IF malware is detected or your friend is not convinced she is malware free, take the PC to a reputable local PC repair shop and have them disinfect, provide a bootable Windows install disc, and install a [/u]ood[/u] anti-virus/malware application. The cost of that is part of the cost of owning a PC and running Windows. (We never said that out loud when I worked for Microsoft.)

Last edited by joemikeb; 11/16/14 04:11 PM. Reason: Typos

If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Best Removal Tool for Keystroke Capture
slolerner #31790 11/16/14 04:15 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Take a look at this PC Magazine review of anti-virus/malware applications. All of these have good reputations. Kaspersky is a Russian product brought to you from the heart of malware development country.

Last edited by joemikeb; 11/16/14 04:17 PM. Reason: add comment on Kaspersky

If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Best Removal Tool for Keystroke Capture
joemikeb #31796 11/17/14 09:01 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
If I were slolerner's friend I'd be up on the roof looking down after reading your post.

In her situation, my fear would be that my actually having let somebody into my "home" may have enabled the installation of something that's neither recognized, nor even recognizable, as any know in-the-wild malware, but is perhaps a proprietary thing that would fly beneath the radar.

I think she is truly catch-22'd. frown


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Best Removal Tool for Keystroke Capture
artie505 #31798 11/17/14 03:36 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
???

Re: Best Removal Tool for Keystroke Capture
slolerner #31804 11/18/14 09:39 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
It seems to me like your friend's caught between a rock and a hard place.

As per joemike, reformatting her HDD will likely be impossible for her to do, and my thought is that an "anti-" scan may not find what, if anything, has been insinuated onto her HDD, and that leaves her maybe having to spend an awful lot of money to get a knowledgeable PC pro to get her back on track...not an admirable position to be in. frown


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Best Removal Tool for Keystroke Capture
slolerner #31807 11/18/14 02:28 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Originally Posted By: slolerner
My friend may have downloaded some malware from a company pretending to offer Norton Antivirus.

If they're not within range of you to physically help, probably the path of last resistance and best solution is to track down a reputable/competent pc service provider in their area and send them there. Hopefully someone more intelligent than greek-squad.


I work for the Department of Redundancy Department
Re: Best Removal Tool for Keystroke Capture
Virtual1 #31814 11/18/14 04:35 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
I had her download the Microsoft tool which claims to clean up all maware and sign up for LifeLock credit protection.

I already told her to change all her passwords.

Last edited by slolerner; 11/18/14 04:37 PM. Reason: more
Re: Best Removal Tool for Keystroke Capture
Virtual1 #31818 11/19/14 08:02 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Sorry to belabor this, but I think it's too important to allow it to slide under the radar, so, specifically: If you were in the same situation as slolerner's friend

Quote:
She allowed them access to her desktop, in other words, allowed someone to control her computer from over the phone. (Emphasis added)

and had absolutely no idea what they did, would you feel secure with little more than an anti-malware scan, or would you be fearful that they perhaps installed something malicious that's unrecognizable as malware by a scanner (and, presumably, well hidden, too)?

Last edited by artie505; 11/19/14 11:34 AM. Reason: Clarification

The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Best Removal Tool for Keystroke Capture
slolerner #31820 11/19/14 11:32 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
If they installed a keystroke logger they already know her new passwords. frown

Edit: Ain't it ironic? You really need to tell her to go to an Internet cafe to change her passwords again and to take care of her critical business from there until her problem is resolved. shocked wink

Edit 2: Have her read WiFi security | Networking | FineTunedMac first.

Last edited by artie505; 11/19/14 12:20 PM.

The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Best Removal Tool for Keystroke Capture
artie505 #31839 11/21/14 09:30 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Moderated by  joemikeb, MacManiac 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.030s Queries: 44 (0.022s) Memory: 0.6475 MB (Peak: 0.7638 MB) Data Comp: Zlib Server Time: 2024-03-28 17:05:15 UTC
Valid HTML 5 and Valid CSS