Foolproof way of removing a keylogger?

September 18, 2010 at 21:17:29
Specs: Windows 7

BEFORE READING MY SUMMARY - I would appreciate it if you read these questions I need answered and only post information or questions regarding a solution to my question!

1. Are you able to provide a step-by-step procedure to wipe my BIOS and HDD without any risk of cross-contamination?

2. Can you possibly provide me information to pinpoint what virus/keylogger this system has so that I can identify where it came from and prevent it from accessing the computer in the future?

For several weeks now, I have been working on my friend's computer, in hopes of removing a keylogger. I know for a fact that he has/had a keylogger. His World of Warcraft account was stolen, and the person has been stealing ~$50.00 a month for the past 6 or so months out of his bank account until my friend finally realized it was happening.

I formated his computer using the Windows 7 Professional OS Disc. His WoW account was returned to his possession. About a week or so later, the account was stolen once again. His e-mail and password was changed prior on my system.

Let's not argue about whether or not he has a keylogger. Let's assume the worst-case-scenario. I would like to know a foolproof way of removing a keylogger. I understand now that viruses can actually infect the BIOS, which infects the HDD. I would also not like to argue about whether or not you agree with the previous statement. In this day and age, anything is possible. Realize there was a time when people also said that software cannot run on multiple platforms; they said it was impossible. Now look at these puppies!

If I format the HDD, the BIOS could re-infect the HDD. If I flash the BIOS, the HDD could re-infect the BIOS? This is where I need your help. How can I safely and effectively clear the BIOS and the HDD without purchasing additional hardware?

These are the programs I've used to scan his computer so far. The results have been quite minimal, and they have only picked up toolbars for the most part. Maybe I deleted it? Maybe not? I want to be 100% sure. Realize that I'm not too much of a "newbie" when it comes to problems like this one. I have done my research and taken steps that make sense before running the programs, such as disabling system restore, and updating the programs before running them. (No two programs were ever running at the same time, the computer's internet was disabled, all programs were ended before the program was running, and the OS was running in safe-mode when necessary)

- Clean Up!
- Ad-Aware
- Microsoft Windows Malicious SOftware Removal Tool
- Malwarebytes' Anti-Malware
- Spybot - Search and Destroy
- SmitFradudfix
- ESET Smart Security

All of these programs (including several online scans that I no longer remember) returned nearly nothing ... Therefore, let's assume he still has it and help me figure out a way to flash the BIOS and format the HDD without any chances of cross contamination!

Here are his relevant system specs if you are interested:

Intel Core i5 750 @ 2.67GHz
4.00GB RAM
64-bit Windows 7 Professional

I would like to thank you in advance for all of your dedication and hard work. If you require further information, I will be happy to provide you with anything, including logs, website history, etc.

See More: Foolproof way of removing a keylogger?

Report •

September 20, 2010 at 10:17:18
Sounds like a good problem my only question is what kind of BIOS is on the PC?

As far as wiping the hard drive check out the SARDU suite, you sound pretty computer savvy so I think it'll be a cinch for you. Its free and has add-ons for wiping and imaging and the like. You will want to make sure you add on all of the utilities, this is great for just about any viruses as well. Also you'll want to download a copy of Ultimate Boot CD and run a complete DOD wipe on the HDD. This write 0s to the hard drive 3x over. Wiping the BIOS is tricky, I can help more if you reply with the manufacturer and version. Another great utility you need to download is the Sophos command line tool it is found Download the SAV32CLI and IDE file, follow the instructions and it will find your Keylogger, also after you build your Sardu CD use Bitdefender rescue to scan the PC and it will kill it with out the OS being used. The best way to keep him from getting it again is install ZoneAlarm! its free firewall version will let you know when others are trying to connect.

I will tell you now im not arguing your points but I do not believe in any sense of it that the BIOS is infected. Typically BIOS infections are rare. In any case, run a panda scan, youll have a copy if you make the SARDU disk right or you can go to

Ill be glad to help if you need any other info.


Read my blog for tech updates/reviews/troubleshooting

Report •
Related Solutions

Ask Question