Keylogger installed? How to remove it?

Hello Forum,

A friend of mine had recently her green card stolen. Some weeks later she started to apply for a replacment card by filling out a PDF form on her computer with Windows 8.1. She then decided otherwise and stopped filling out the form. Not even 15 minutes later she got a phone call from a woman who pretended to be from the USCIS (the US immigration agency), asking her why she stopped filling out the form and offering her to help her to get a replacement green card. My friend was confused, kind of believing that the woman was indeed from USCIS, but luckily did not give her any information in that phone call. Since then my friend got apparently some emails, allegedly from this woman, and now another phone call in which this woman again tried to get some information out of my friend.

It seems to me that my friend has some malware on her computer that keeps track of what she is doing or typing and then sends this information somewhere - and that without the installed (and paid for) Norton security software giving any alarm.

What can I do to help my friend to find out what is going on on her computer, and how can she get rid of a possibly installed malware?

Thanks for your help!

desertman

Try these steps:

---

Launch System Configuration (msconfig)

Services tab:
Startup tab:press [ Ok ]

Restart your system.

---

Restart your machine in case there are any system operations pending

Click here to download Old Timer-TFC.
>> save the application to your Desktop.
:info: Old Timer-TFC is a standalone application, there is no install.

Save your work and close all open windows.
TFC will close ALL open programs including your browser!

Right click, run as administrator TFC

Click the Start button to begin the cleaning up temporary files and folders.
Do not work on other things while TFC is running - most applications use some sort of temporary files. Just let TFC run by itself on the machine until it completes.

Restart your machine immediately after TFC completes.

---

AdwCleaner by Xplode:
Run the following steps in the General Changelog Team tutorial:

Malware is often difficult to eradicate - it is even more difficult if more than one path is taken on different sites.

As you have posted the issue here on SevenForums, also post any logs here on SevenForums - not on the General Changelog Team (GCT) site. SevenForums members might ask you to launch other on-demand scanners that are not familiar to GCT.

When your system is clean of malware, launch AdwCleaner a final time and click the Uninstall button.

---

Follow this tutorial:
Scan for Malware using Malwarebytes Anti-Malware Free

---

Please be sure to post the logs from AdwCleaner and Malwarebytes.

Depending on what those two utilities find and clean, there might be additional scanners recommended.

@Bart - For others interested, per info on TFC, it does not support Win 8 ? Is there a similar program for Win 8 ?

Sounds to me more of a coincidence. The best malware guide is available at READ & RUN ME FIRST Malware Removal Guide (incl. spyware, virus, trojan, hijacker) - MajorGeeks Support Forums

torre said:

@Bart - For others interested, per info on TFC, it does not support Win 8 ? Is there a similar program for Win 8 ?

Click to expand...

Hmmm, I run TFC on Win8 and Win10TP without issue.

Are you basing your statement on the OSes listed, or did I miss an explicit ... won't run on Windows higher than ....

Thanks torre.

Slartybart said:

torre said:

@Bart - For others interested, per info on TFC, it does not support Win 8 ? Is there a similar program for Win 8 ?

Click to expand...

Hmmm, I run TFC on Win8 and Win10TP without issue.

Are you basing your statement on the OSes listed, or did I miss an explicit ... won't run on Windows higher than ....

Thanks torre.

Click to expand...

Just basing the question on the specs from the link: (OS listed)

Operating System:Windows XP/Vista/7
32-bit program. Can run on both a 32-bit and 64-bit OS

Click to expand...

TFC Download

Thanks for all your answers. As it turns out my friend did not download a PDF and filled that out but rather went onto a commercial (and fraudulent) website to apply for a replacement green card. No wonder that they called her (trying to get her credit card numbers) - she herself gave them her phone number. At the moment she does not even know whether she actually gave them the numbers and whether they charged anything - she seems to be not completely on top of this.

No malware, just another case of someone who fell for an Internet scam.

Ask your friend to sort through this carefully:

USCIS pages:

• Homepage | USCIS
  
  
• Replace a Green Card | USCIS
  
  
• Application to Replace Permanent Resident Card | USCIS
• I-90 Application form (PDF) : http://www.uscis.gov/sites/default/files/files/form/i-90.pdf
  
  
• Employment Authorization Document | USCIS

These USCIS documents are identification papers for immigrant persons. They provide the means to employment and credit. It is important that your friend notifies the organization of her loss and completes the application for a replacement.

She can block the eMails, but phone calls are more difficult to block.

If you can tell me what eMail client she uses, I can provide the 'block eMail from this bad user' information. I recommend deleting it from the server - never mind saving it to look at - just get rid of it. If the scammers catch on that their eMail isn't getting through they might switch sender ids, but if the email does not come from a .gov account, it probably isn't worth investigating - too tempting to click 'n see - ooops.

Just an FYI.... An alternate program for this is EEK.... use from a USB drive plug in....

Emsisoft Emergency Kit
Emsisoft Free Emergency Kit: Portable malware scanner | Free removal of Viruses, Bots, Spyware, Keyloggers and Trojans