Windows 8 and 8.1 Forums


Keylogger installed? How to remove it?

  1. #1


    Posts : 7
    Windows 8.1

    Keylogger installed? How to remove it?


    Hello Forum,

    A friend of mine had recently her green card stolen. Some weeks later she started to apply for a replacment card by filling out a PDF form on her computer with Windows 8.1. She then decided otherwise and stopped filling out the form. Not even 15 minutes later she got a phone call from a woman who pretended to be from the USCIS (the US immigration agency), asking her why she stopped filling out the form and offering her to help her to get a replacement green card. My friend was confused, kind of believing that the woman was indeed from USCIS, but luckily did not give her any information in that phone call. Since then my friend got apparently some emails, allegedly from this woman, and now another phone call in which this woman again tried to get some information out of my friend.

    It seems to me that my friend has some malware on her computer that keeps track of what she is doing or typing and then sends this information somewhere - and that without the installed (and paid for) Norton security software giving any alarm.

    What can I do to help my friend to find out what is going on on her computer, and how can she get rid of a possibly installed malware?

    Thanks for your help!

    desertman

      My System SpecsSystem Spec

  2. #2


    Penn's Forest
    Posts : 216
    Win8.1 Pro | Win10TP Pro - boot to VHD


    Try these steps:

    Launch System Configuration (msconfig)

    Services tab:
    Hide all Microsoft services
    Press the [ Disable all ] button

    Startup tab:
    Press the [ Disable all ] button
    Enable/select your Antivirus real time application if it is present in the list (not all are)
    Enable/select your Touchpad is you have any customized keys or functions
    press [ Ok ]

    Restart your system.

    Restart your machine in case there are any system operations pending

    Click here to download Old Timer-TFC.
    >> save the application to your Desktop.
    Old Timer-TFC is a standalone application, there is no install.

    Save your work and close all open windows.
    TFC will close ALL open programs including your browser!

    Right click, run as administrator TFC

    Click the Start button to begin the cleaning up temporary files and folders.
    Do not work on other things while TFC is running - most applications use some sort of temporary files. Just let TFC run by itself on the machine until it completes.

    Restart your machine immediately after TFC completes.

    AdwCleaner by Xplode:
    Run the following steps in the General Changelog Team tutorial:

    Malware is often difficult to eradicate - it is even more difficult if more than one path is taken on different sites.

    As you have posted the issue here on SevenForums, also post any logs here on SevenForums - not on the General Changelog Team (GCT) site. SevenForums members might ask you to launch other on-demand scanners that are not familiar to GCT.

    When your system is clean of malware, launch AdwCleaner a final time and click the Uninstall button.

    Follow this tutorial:
    Scan for Malware using Malwarebytes Anti-Malware Free


    Please be sure to post the logs from AdwCleaner and Malwarebytes.

    Depending on what those two utilities find and clean, there might be additional scanners recommended.
      My System SpecsSystem Spec

  3. #3


    Posts : 375
    Win 8.1 64bit


    @Bart - For others interested, per info on TFC, it does not support Win 8 ? Is there a similar program for Win 8 ?
      My System SpecsSystem Spec

  4. #4


    Central IL
    Posts : 3,468
    Linux Mint 17.2


    Sounds to me more of a coincidence. The best malware guide is available at READ & RUN ME FIRST Malware Removal Guide (incl. spyware, virus, trojan, hijacker) - MajorGeeks Support Forums
      My System SpecsSystem Spec

  5. #5


    Penn's Forest
    Posts : 216
    Win8.1 Pro | Win10TP Pro - boot to VHD


    Quote Originally Posted by torre View Post
    @Bart - For others interested, per info on TFC, it does not support Win 8 ? Is there a similar program for Win 8 ?
    Hmmm, I run TFC on Win8 and Win10TP without issue.

    Are you basing your statement on the OSes listed, or did I miss an explicit ... won't run on Windows higher than ....

    Thanks torre.
      My System SpecsSystem Spec

  6. #6


    Posts : 375
    Win 8.1 64bit


    Quote Originally Posted by Slartybart View Post
    Quote Originally Posted by torre View Post
    @Bart - For others interested, per info on TFC, it does not support Win 8 ? Is there a similar program for Win 8 ?
    Hmmm, I run TFC on Win8 and Win10TP without issue.

    Are you basing your statement on the OSes listed, or did I miss an explicit ... won't run on Windows higher than ....

    Thanks torre.
    Just basing the question on the specs from the link: (OS listed)



    Operating System:Windows XP/Vista/7
    32-bit program. Can run on both a 32-bit and 64-bit OS
    TFC Download
      My System SpecsSystem Spec

  7. #7


    Posts : 7
    Windows 8.1


    Thanks for all your answers. As it turns out my friend did not download a PDF and filled that out but rather went onto a commercial (and fraudulent) website to apply for a replacement green card. No wonder that they called her (trying to get her credit card numbers) - she herself gave them her phone number. At the moment she does not even know whether she actually gave them the numbers and whether they charged anything - she seems to be not completely on top of this.

    No malware, just another case of someone who fell for an Internet scam.
      My System SpecsSystem Spec

  8. #8


    Penn's Forest
    Posts : 216
    Win8.1 Pro | Win10TP Pro - boot to VHD


    Ask your friend to sort through this carefully:

    USCIS pages:



    These USCIS documents are identification papers for immigrant persons. They provide the means to employment and credit. It is important that your friend notifies the organization of her loss and completes the application for a replacement.

    She can block the eMails, but phone calls are more difficult to block.

    If you can tell me what eMail client she uses, I can provide the 'block eMail from this bad user' information. I recommend deleting it from the server - never mind saving it to look at - just get rid of it. If the scammers catch on that their eMail isn't getting through they might switch sender ids, but if the email does not come from a .gov account, it probably isn't worth investigating - too tempting to click 'n see - ooops.
      My System SpecsSystem Spec

  9. #9


    Posts : 3
    Windows 8.1 Pro


    Just an FYI.... An alternate program for this is EEK.... use from a USB drive plug in....

    Emsisoft Emergency Kit
    Emsisoft Free Emergency Kit: Portable malware scanner | Free removal of Viruses, Bots, Spyware, Keyloggers and Trojans
      My System SpecsSystem Spec

Keylogger installed? How to remove it?
Related Threads
I have Win 8 Retail Final Professional English x64 I have installed and uninstalled many apps from the Windows Store. But I have realized that, after having uninstalled some of them I didn´t like, if I go to "Your Applications" and select "Applications not installed in this computer" I still...
KB2919442 installed then not installed in Windows Updates & Activation
Hi, I'm using Windows 8.1 Pro 64 Bit If I go to Control Panel/Windows Update/View Update History KB2919442 is shown as installed successfully on the 12 March 2014 "BUT" if I go to Control Panel/Windows Update/Installed Updates there is no KB2919442 listed. If I download KB2919442 directly...
Hi, There used to be an easy way under Windows 7 to disable the "highlight newly installed programs". I cannot however find how to disable this. Any help would be appreciated, Thanks, Dwarfboysim
Today's Windows 8 update (from patch Tuesday this week) installed Bing Desktop. Now I have this ugly green desktop, and Bing does not show up in the installed applications. Suggestions welcomed... Todd
so I was downloading the updates to windows 8.1, but it wasn't going anywhere so I rebooted. Then on reboot, I try again and it's not showing up on the store. I hit the back button a few times and saw the link again, but it says it's already installed. Now I am pretty sure it didn't get...
Is there a way to remove/uninstall the pre-installed Flash Player in 8 CP? I can't update to the latest flash version for IE. keep getting http://i.minus.com/jbwqQmPj9bs1SK.jpg http://i.minus.com/j7ajjGLkmz85Q.jpg As the screenshot depicts, it trys to update itself, but fails as a...
Eight Forums Android App Eight Forums IOS App Follow us on Facebook