Warning

I second all this and I'm also an IT security professional that works for a financial institution and has to protect other people's money. Cleaners are fine and good but the ultimate fix is fdisk and reinstall and if your really paranoid use a disk called DBAN on sourceforge.net.

As far as software firewalls I don't really trust them. With a few lines of a script Win XP SP2 firewall can be disabled but report to the user that it is turned on and the AV is current when in reality the box is wide open.

i am surprised you dont run this as well since it is bouncing in and out of the top spot all the time

http://www.webroot.com/?rc=266&ac=629&WT.SRCH=1

We run the corp version of that on my network at the office.

Simple solution for next time:

Partition your drive, or buy a small drive for your operating system.

Install everything on the partition/small drive, and keep your regular files seperate so all you have to do is reformat the partition/small drive, and everything else remains intact.

Then all you need to do is reinstall and you're back to normal.

Yeah, I've seen XP security center get tricked b4. Another system I was working on had an improper uninstall of ZoneAlarm (I think) so the only reason Win still thought it was still active was the presence of one file, if I remember correct... that and the registry. Annoyed the hell out of me cuz the file was "in use."

And yes, partitions are wonderful. Often n00b hackers always code for C:\, when in fact my C:\ is just an empty partition.

since we're dropping professions....I'm a network security architect for the largest insurance company in the world....


now that we're on an even playing field....anyone that would suggest a reformat has NO experience with a computer...and therefore your entire argument is null & void. The very idea that you, coming from a background in which information is the essential commodity, would suggest a reformat is asinine.

there ARE keyloggers that can be injected as dlls....I took the liberty to assume that anyone with experience hooking and subclassing an operating systems functions would not be wasting their time or effort programming a keylogger for guild wars....

That said. there are numerous ways to detect a keylogger...it's your system you have complete control over it. Windows doesn't have a mind of it's own YOU control it. If there is a keylogger on your system there are better ways to detect and remove it than to reformat your hard drive.

In my 6 years as a developer/architect/programmer I have never ONCE had to reformat a hard drive.....the very idea that you would reformat a hard drive to get rid of something like a keylogger, a preschool style of hacking, is completely absurd.

Okay. I've been watching these forums for a while, and I've seen you post quite a bit. So far I've been rather undecided / indifferent about you. That is until now. Now that you are directly attacking me by saying something like the above ("... anyone that would suggest a reformat has NO experience...") you've only proven to me, and likely a whole host of other people, that you are way too full of yourself. The World's Largest Insurance company? Whom might that be? Not that I actually care. I said what I said about my profession becuase I'm not some average joe basement computer enthusiast. I've gone to school for this, although now I bet you'll tell me about all the many degrees you have at World Renowned Institutions... go for it.

Get over yourself.

And BTW, its common knowledge with Network Administrator's everywhere to be a healthy habit to reformat a system at least once a year as part of a regular and view quite often as required maintainence.

I didn't go to college...I honestly don't care how you view me...and don't tell people to reformat their hard drives...it's awful advice

Wrong

It is a TROJAN

if you have Norton or Microsoft anti-spyware on the system it WILL find it if auto-protect is loaded.

This is my business, and 75% is cleaning contaminated systems of these pests. One other program I HIGHLY recommend is the Cleaner by MooSoft. Trojan and worm hunter only.
The biggest problem with ganers is lack of maintinance. The soultion is always "format" and start over. Bullcaca. If you had downloaded the MS security patches regularly and did weekly or frequent scans, this wouldn't be an issue.

And speaking of signatures, it is simply an old keylogger customized for Guild Wars, nothing more. I have a "mule" I use to visit all of these wretched sites to specifically test the programs I use, and I haven't found one yet which caused me to have to format a customer's computer.

I would opt for the computer wipe or let someone with some knowledge in computers clean it for you.
also in the future it might be a good idea to do some of the following things.

use firefox or opera. These are alternative browsers that also run on windows and offer much beter standard security then IE does. (IE is short for Internet Explorer, the browser that ships with windows) firefox link opera link
I would opt for firefox, since it's safe, fast and doesn't have a banner like opera.
(Opera is commercial software, firefox is opensource)

If for some reason you don't want to use anything else then IE or you don't have the security clearance on your computer to install firefox or opera. (or whatever)
Then you should make IE a bit more secure. To do this you need to look under options or preferences of the browser, somewhere there it will list a few zones.
Now you want to put the internet zone on it's highest security setting.
I'm pretty sure this will break all sorts of woozy effects on all sorts of sites, but at least you will be safe.

also copy this file hosts.txt
into one of the following directories depending on your version of windows. (also useful for other Os'es since the list is pretty much filled with al sorts of sites i never need to visit)
Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC
Win 98\ME = C:\WINDOWS
If you are uncertain which version you have, simply copy the file to each of those directories.

every time you want to go to a site. Like say guildwarsguru.com, the computer actually first looks up what IP number that name has. (because the internet works with IP numbers and not names)
The computer does this by querying a server called a DNS (Domain Name Server) however it also looks for a file called hosts on your own computer.
And if the hosts file has a rule about a certain website name, it will use that value.
So if for instance the ip of guildwarsguru.com was 67.15.63.192 but your hosts file listed it as 127.0.0.1 then your browser (and all other software) would try to find the guildwarsguru site at 127.0.0.1. And off course will not find it.
Now the file above lists a very very very long list of sitenames that only have spyware and commercials and viruses or whatever. (the crap of the crop) and redirects it to 127.0.0.1.
127.0.0.1 btw is a set IP in computer land, it is always your own computer.

more information about this file can be found here hosts file guide page

but really if you can just use another browser.

And while where at that topic, you might also want to switch email client.
As you probably have already heard, viruses and trojans via email are hot, and outlook is there prime target for abuse. So switching to a alternative e-mail client gives you a great way to protect yourself against viruses via email.
Take for instance Thunderbird (from the same people as firefox)
It's a opensource mail client that doesn't have all the security bugs that outlook has and has some nice features on top of that. thunderbird link

Now i also wanted to write something about switching away from windows all together but i'm getting a bit tired of trying to remember how windows worked, so i will simply conclude by saying that you should probably be using linux and the gnome desktop. linux link

The only down side is that not all games work on linux, but there already is a slight trend of also offering games for linux. (doom3,quake3,ut2k4,neverwinter nights,some more)

There are also some programs that don't have a equivalent on linux.
there is at the moment no full featured flash editor for linux. (there is a basic one though)
there is no graphical printing/publishing suite. (quark express, photshop CMYK stuff) (although there are some programs on the rise, but there still starting up)

for the rest everything is accounted for and then some more that simply isn't found on windows.
www.gnomefiles.com has a pretty good user friendly list of whats available for the gnome desktop.

I Knew you couldn't leave the schooling thing alone.

However, I can give out any advice I want. In the cases relating to computers and networking it will be adviced based on my education and experience in this field. If you do not like it, that is quite alright. If you feel the need to voice your concerns, again that is quite all right. But don't assume for a second you can take away my right to offer that advice.

Also, just reading that post again: Not all keyloggers found in Guild Wars 3rd party programs will have been programmed specifically for Guild Wars. There is a good chance that most people trying to exploit those programs to gain passwords no little or no programming to begin with. They simply know where to find the tools, and how to use them - much like myself.

1) Right-click the shortcut icon for Guild Wars
2) Select Properties
3) In the Target field, add -password=***** (replace asterisks with your password)
4) Never type your password again

Well i'm a computer programmer for one of the smallest webdevelopment companys in the entire world and personally think you are giving un-safe advice.

looking at how your write so easily about removing these problems i'm betting you never had to sit at helpdesk. With all do respect to the people i'm going to insult, but people are basicly dumb. They don't understand the system and don't want to understand the system.
The simplest thing for these people is to cut there losses and simply format and reinstall. (or if there really uncertain about there abilities let someone else do it)

Also there are numerous viruses that almost force you to reinstall. although these types of viruses aren't seen much anymore, there used to be dozens of boot sector viruses that destroy your filesystem in the wild.

and the fact that you never had to format/reinstall your computer is a non-argument, since your are aware of the danger and can indentify possible threats.
The average joe can't and won't and will think the flashing banner that hurts there eyes promising a great enhancement for there e-mail to send images is just very cool and will install it and then tell all there friends to get it too since it's so cool.

you are correct...I have never had a helpdesk job..

my comment regarding never having to format a computer included the 70,000 computers on my corporate LAN. Data is our business...I would never jeopardize our business because I didn't want to use a more logical work around

I think for regular users who might accumulate a lot of spyware, a reformat is nice and simple compared to learning all about network security, examining processes and whatnot.

Two of you are professionals and you could prbably get to the bottom of these things and just get rid of the offending virus/trojan/keylogger but a lot of people don't want to go to those lengths. Could reformatting and re-installing be that bad? Hopeflly they patch it ASAP after doing so.

I had offered to help in numerous ways. even as far as using remote access to clean his OS. Formatting bad for two reasons...

1) you lose all of your information
2) hard drives were not meant to be wiped out...reformating renderes sections of your hard drive unuseable. It also causes corruption in Hard Drive sectors. Hard Drives that are formatted often die quicker than hard drives that are not formatted.

1. You don't have to lose all your information... this is what network storage is for. Or in the case of home computers, get a friend to bring his/her system over to copy off all your music / documents / save games etc.
2. Seriously I legitamately want to know your source of information on this point. If it was true, most of the HDDs that I've ever worked on should be half dead / unuseable by that logic. Yet they aren't. Not that it matters because most computers need to be replaced / upgraded every three years anyway. Keeping to a yearly maintainence wipe that would only total to three drive wipes.

Why do security intensive organizations practice intensive formatting procedures when recycling old equipment? Where they take the drive and with special software format it as all 1's, then all '0s, back and for a dozen times just to be sure the information that was stored on it is irretrievable.

Are you sure about this? Known trojans will have known signatures, but a custom coded one which hasn't been propagated to any hacker web sites can be completely unique, unknown sig and possible new heuristics. A software firewall might be able to detect them when they attempt to open and outbound connection/port, but how do you find them without resorting to netstat?

Reformatting is a last resort, but it seriously IS the safest solution with no guesswork. If you have a standardized PC disk image and network-backup software, restoration takes as little as an hour or so.

Another side benefit: your registry gets streamlined since old no-longer-used entries which aren't properly removed by uninstallers get completely removed. This speeds up boot time, frees more memory, etc. A PC-engineer buddy of mine logged more than 10,000 registry changes made by just 1 software title. Now imagine this multiplied by every software title you load on your PC.

Thank you, Divinity's Creature, for trying to get this back on track.

Algren and Teklord:

Would each of you post your suggestions as to your opinion on the best ways to get rid of key loggers and/or links to any helpful websites/programs that might help? Perhaps links to articles supporting your respective positions would be nice as well.

As for the dumb customer: You're right, people generally are rather stupid. But the only way to become wiser is to gather advice, weigh the evidence, read a bit and make your own choices or pay someone to make your choices for you.

Please, Algren & Teklord: Your summaries?

like teklord said, a lot of information can be backuped.
And afterwards chcked for viruses and other such nonsense in a controlled enveriment. (say a live-cd or something)

While your statement is true, you fail to put atension on the scope of the damage. Sure perhaps when i reformat a hard disk a few sectors will go bad. boohoo. a half a billion good ones remain.

and if i do this a lot my disk will surely die sooner. The avarage life expecancy of 20 years or so, will perhaps after numerous formats be reduced to say 10.
well Are you still using a disk from 10 years ago?

(And don't give me any "at my company we still use 10 year old scsi disks on our servers" because they are manufactored to last, and are not the type of disk your talking about)

For non-experts, this is like trying to stuff a Peterbuilt diesel in a Volkswagen. The fact that "not all" games and programs work is the red flag that will always handicap Linux. Great system for tweaks, bad for novices.

Time is money. You can make more money but you can't make more time, and time is the commodity that Linux takes from a novice.

BAAAAAAAAAAAAAAAAD!!!!

Dont even need a keylogger to findout the pw..

I can see it now ....

"Yey I can see his desktop......., whats this a guild wars icon? I wonder if ......... omg he didn't ...... yes he did .... yippy skippy!!"

clear and utter bullshit, it's this kind of FUD (Fear Uncertainty and Doubt) that is stopping people for seeing linux for themselves.
There are many distro's that let people from all level of computer knowledge run linux.

and i don't know what distro you tried but all user friendly distros get you up and running in no time.
i would even say that installing programs under linux is far easier then under windows or even OSX. By simply selecting the program you want from a vast pre-defined list of programs and then pressing a single button to download&install&configure it for you system, ready to use for expert or novice.

Well, I'd say try the spybot/adaware/etc to see if they locate anything. If you don't have an anti-virus program, get a free scan from trendmicro.. If this doesn't find anything, my suggestion would be this: Press Ctrl-Alt-Del to open up the task manager, then click the "Processes" tab. Open up a browser and go to google, and type in each of the names that is in that list and do a search.

There should be several sites that pop up telling you what that process does- either saying "lsass.exe is a system process of the Microsoft Windows security mechanisms" or something like that, or saying something like "Filename: nvsc32.exe. Name: NvCplScan Description: Added by a variant of the IRC.BOT TROJAN!". If you find something that either is a known virus/trojan/keylogger, or does not come up with reliable hits, then that's something to investigate.

If you don't find anything suspicious there, then my recommendation would be to reformat, unless you're knowlegeable about configuring windows, in which case, you shouldn't need advice from forums to clean up your computer.

So: before just throwing out everything on your harddrive, reformatting, then installing everything again, a process that will take several boring hours at the least, I'd recommend seeing if you can easily find the keylogger just by locating the process, killing it, deleting it from your computer, and removing it from the applications to load when your computer starts(it'll likely still leave stuff in the registry, but that's definately not something a beginner wants to mess with). If it's found by security programs, they'll generally remove the offending program. If they don't find it, but you locate it under the running processes, kill the process, and if you need to, find someone with a lot of knowlege about computers to help you remove it. If all else fails, reformatting is pretty much guaranteed to get rid of it, but unfortunately, it's the least convenient of the methods available.

Also, be careful about what you download, especially for computer games. If a program is hosted by GWGuru, we'll have a link to download it from the site, not from the forums. I'd be very wary about downloading anything based on a post in the forums here, since there's thousands of posts a day, and only a few moderators- meaning that lots of people will likely see a post before we notice it and can take action. If you are looking for a certain program, as there are real GW utilities out there which are useful and not malicious, try to get those from a direct-download from a major fansite or straight from the developer.

With suggested browers for security Ill go with fire fox ..... /nods

Ive been using it for a while now (as recomended by numerous friends) Reasons.

Security.....
Built in popup blocker...
tabbed viewing.... (genus for forum viewers... somthing that IE7 is going to implement on release)
RSS bookmarks (another thing IE7 is going implement)

and for those of you that like the Irony.... check this

that's only if your distro supports a portage tree or apget style application retriever...granted most do. but that's not a built in feature of the linux or BSD kernel. I for one am with you....I can't stand windows and wouldn't use it outside of a necessity.

Aniewiel: the keylogger in this case is probably a process or application running on his system...I wouldn't be surprised if it was called "keylog.exe" or "keylogger.exe"...or some variation of...He should just look for it in his applications/processes window and shut it down/remove it. If it's not there I'll put together an application that will scan common windows DLL files for hooksets that shouldn't be there.

P.S.: The Gimp = Graphics Editor for Linux...it's not quite as good as photoshop but it's damn close...and it's free.

They have a dmg calc. on the gw guru homepage. Ive used this many times and never had my acct stolen. And you don't have to download it.

Nobody uses Microsoft anitspyware or AntiVIR? I find those 2 programs the best, and if they cant get it out, I normally get stuff out by deleting unknown folders. And if that doesnt work I top it off with reinstallion lol.

I use Microsoft Antispyware, Scan Spyware and Trend Micro Offiscan for viruses. They work beautifully together. Scan Spyware does a better job than Microsoft Antispyware, I think, but Microsoft Antispyware alerts you if new programs have been installed and will ask for an OK before allowing certain processes to run on the system. I love it because it always updates and always autoscans at two AM apparently, which I may set to earlier to scan weekly at least.

I think the Dmg Calc with the keylogger is different. I heard awhile back about a version of the same program from a specific site that had a keylogger. I don't remember where it was at, unless that was something else completely. My boyfriend uses Norton to scan stuff, he found a keylogger in a supposed cheat program for GW listed here and posted the screenshots for all to see. Definately some hairy stuff out there...

How's this;

Consumer acceptance of Linux (percentage) is the equlivent of ONE kernel of corn in a silo. Keep telling yourself that Linux makes the world go round. We'll keep playing and working.

uhm...Linux DOES make the world go round. even the Microsoft LAN is powered by a linux backbone...contrary to what you believe...nobody with a brain is running a LAN Utilizing a Windows backbone.

My old HS is running a series of windows servers, and my dad's the one who operates and maintains them. There is nothing absolutely nothing wrong with them. Only when the damn people leave the air conditioning off during the summer so the servers fry due to being too hot, but thats beside the point.

And how about we not turn this into a Linux vs. Windows vs. Mac OS debate mkay? This is about a keylogger in a program correct? Unless the topic hs been lost already, then there isn't a reason for this to stay open anymore...