Hello,<BR minmax_bound="true">I am a steam user with an incredibly amount of money put into my steam account (estamation: $100). I have recently downloaded a file that has put a keylogger INTO my computer. When I start my computer (thank god i do not have steam to start up when i turn on my computer) the steam login window appears. I wondered to myself, "why would steam A: ask my for my account because I only use one, and B: be on when I start my computer?" so I thought it was a trick so i clicked retrieve lost account. The program closed and never restarted again, until i restart my computer. I have not encountered any viruses on my computer and I ran only Norton Antivirus 2005 and it has found nothing on my computer. So again i thought to myself every keylogger needs a place where the 'data' (or in this case my steam ID and pass) would go. So i unplugged my LAN/Ethernet cable out of my computer and when i put in a false ID and pass it said (and i am not quoting percisly) "Connection error could not reach ftp.tripod.com" and the internet site is real you may go there but u need a log on name and a password. <BR minmax_bound="true"><BR minmax_bound="true">P.S. any thoughts on how i can get rid of this Keylogger without buying software that is $100.

P.S.S. I did post this exact thing in Steam forums also they haven't gotten to me and i hope they help me out.

---

YeaY! Fer MesPehling WerDs

The expression for success is
(energy x enthusiasm)

~Zein

I don't quite understand your problem Zein. The steam window appears every time you start your computer....?

Anyway, the best way to remove a virus is to reformat. When a virus scanner "cleans" or "deletes" all the infected files, you can never be to sure that the infection is gone from your computer. A reformat and a fresh install is the best option, even though it is a pain in the ass.

---

Aaron's Stuff

the best way to remove a virus is to reformat.

You are a fool.

If you did that every time you got a virus from using Windows you'd never be running the thing long enough to actually do anything.

Look up the keylogger online, you'll find removal instructions.

---

Blame it on Microsoft, God does.

I'd rather not risk anything and be on the safe side. I have had experiences in the past with viruses destroying my computer and the virus scanners doing nothing.

Anyway.. maybe the word "best" wasn't the best choice, but reformatting is a 100% guaranteed to get rid of the virus.

---

Aaron's Stuff

That's the thing, formatting isn't 100% guaranteed to get rid of anything.

---

Blame it on Microsoft, God does.

Explain :razz:

---

Aaron's Stuff

That's the thing, formatting isn't 100% guaranteed to get rid of anything

really? that's pretty scary if it's true...yikes! : O

In the end reformatting is a good choice. There are so many ways a malicious program can start itself in Windows, it's almost impossible to track it down to the root. Even with a virus/spyware scanner installed. I once wasted 5 hours+ of trying to track down a piece of malware on a friend's PC, and then realized that formatting is the only way to get rid of it - and the fasted method in the end.

If you're lucky, someone has figured out a guide for removing it, so you could use it. Other than that, reformatting might save you a lot of time.

And where the hell did you download that file!? :biggrin:

---

Why snark works.

ok guys thanks for the help ill try, not reformatting but looking it up on line.

---

YeaY! Fer MesPehling WerDs

The expression for success is
(energy x enthusiasm)

~Zein

It depends on how you format the drive ... if you delete the partition and re-install, it's very unlikely the thing will be executed again (though the data will still be there, since formatting just re-writes the tables that explain how to use the disk and what's on it)

However, it's a silly thing to do, the worst case scenario for most viruses and spyware is that you take the drive out of the computer put it in another one and do some proper scanning form there. The other computer is relatively safe as it isn't executing the virus. It also means that you will be able to get rid of it more effectively since you wont have Windows getting in the way. Viruses like to tackle system files and viruses scanners don't have permission to really alter those.

You can also do a virus and spyware scan in diagnostic mode, this means that unless the virus is in the core Windows system files (which are actually protected from everyone) it isn't going to run, making it so you can get rid of it.

The reason why formatting doesn't always work is people use windows formatting or they just re-install ... but that doesn't destroy the registry and re-build it, which is where most virus' store their recovery information and get Windows to re-initialize them.

Anyway, if it's a common virus (most are) there will be removal instructions online (such as all it's registry entries and where it installs it self), if you get rid of those things, then run a virus scan, all infected files (not sure if anything is infected in this case, since it's a keylogger ... which generally just monitors your keyboard input) will be cleaned.

Just get the instructions, go into diagnostic mode (run >> msconfig >> diagnostic) and get rid of the thing.

I have been curious, though, if there's been virus recovery tools distributed through web-sites that read the entire disc when idle and looks for viruses that have been written over by a formatting ... because I'll tell you right now, it's not that difficult to do that.

The only sure way you can actually get data off your drive is to zero out the drive about four times (since sometimes it hits between the gaps ... this is how the FBI gets data off your drive that you deleted :razz: ) then format and install and junk.

But that's even more of a pain in the ass.

---

Blame it on Microsoft, God does.

How do you zero out a hard drive? Everything i find on google is trying to sell me something or has bad information.

---

Reality has become a commodity.

How do you zero out a hard drive?

Well, the first step is to get yourself a hammer... a stone or brick would work too but a hammer or axe would be most efficient.

I think you can figure out step two.
In all seriousness, I believe you need to boot to a program which writes zeros to the whole drive. I bet there's something like that on sourceforge.net

Crono is right though, that's going a bit overboard when the likelihood is you can get rid of it without such drastic measures.

---

o

I don't understand.. reformatting a drive is deleting everything. Your not just reinstalling windows, you are reformatting the drive, either to the same file system or a different one eg from ntfs to ntfs or ntfs to fat32. I highly doubt that a virus will ever stand the chance against a reformat.

---

Aaron's Stuff

I knew a guy who used to build corporate mainframes and he told me some whore (wrong spelling?) stories about viruses. Some will install themselves in the motherboards and change the password so you can't access them. Worse yet they would turn up the buss/clock speed to the point that it burns the board out.
And yes, i have know people who have reformatted their drives and still they will turn them selves on and populate the desktop with porn shortcuts.

---

Reality has become a commodity.

How do you zero out a hard drive?

http://dban.sourceforge.net/
Haven't tried it, but I heard it works.

I don't understand.. reformatting a drive is deleting everything. Your not just reinstalling windows, you are reformatting the drive, either to the same file system or a different one eg from ntfs to ntfs or ntfs to fat32. I highly doubt that a virus will ever stand the chance against a reformat.

You'd think that ... but no, that isn't how it works.

A drives properties are held at the beginning of the partition in some sort of table (the way the table is set up depends on the file system used) ... this table lists where each type of sector/area is and (usually in block numbers, which is file system dependent) directories and all that jazz. So, when you delete something, for instance, it just clears out this reference in the table, it doesn't actually go to that spot and write some value over all the space the file was using. Same thing with a format.

When you format a drive, it doesn't touch the entire disc, that would be silly. It writes a new boot sector (if it's a bootable drive or OS install) then it creates the new file table, based on what file system you're installing. ... At no point does it go through the hard disc and write over all of the ACTUAL data, it just cuts off the access point.

Now, if you had a program that scanned the disc for viruses, based on binary patterns and such, it could re-activate the virus.

And, yes, if a virus gets administrative access to your machine and the ability to write to CMOS it can do physical damage to your computer by messing with clock speeds and memory timings.

The possibilities are endless, but most viruses aren't like this, because the common viruses are downloaded by people and distributed with some pre-made GUI. Home computers rarely get attacked in such extreme ways ... companies and organizations on the other hand, well, people personally try to break those all the time.

---

Blame it on Microsoft, God does.

Hmmm interesting.

But what if I have the option for a normal format and a quick format (which takes a while). Could the quick format be what you just described or does that apply to both the quick and the normal format?

Because thats what options I get when I reformat a windows machine.

---

Aaron's Stuff

Normal and Quick format don't actually format the drive any differently. The only difference is that normal formatting checks the disk for errors once it's done creating the new partition table.

To answer the question you'll probably have next: Why does it take so long if it isn't writing to the entire drive?

Because the storage device being formatted must be completely scanned so proper tables can be made. Before a format, an existing drive really has no official place specs can be read from. Sure, you could access some information from the devices firmware, but that doesn't generally give all the information needed (like where platters end and begin, for example and how to split that all up into block values).

---

Blame it on Microsoft, God does.

Heh thats pretty interesting stuff.

---

Aaron's Stuff

How do you zero out a hard drive?

http://dban.sourceforge.net/
Haven't tried it, but I heard it works.

Thanks! I read up on it and i have it booked marked for when i need it. At its highest setting it will rewrite the entire hard drive with random numbers 35 times in a row. The CIA couldn't pull a single coherent bite of it after that. Sweet!

---

Reality has become a commodity.

No problem, hope everything turns out to work.

RedWood said:
Thanks! I read up on it and i have it booked marked for when i need it. At its highest setting it will rewrite the entire hard drive with random numbers 35 times in a row. The CIA couldn't pull a single coherent bite of it after that. Sweet!

looks like you've got something to hide there :kitty:

---

i eat paint

Reading your data on a formatted HD isn't something special that only FBI or CIA can do, you can easily do it with programs like Encase. Like every program, it has its' price tag though.

Yes. I can't remember the program right now, but I used to use this one HDD recovery tool. It was really nice and allowed you to get old data and junk. I was using it for copying partitions and fixing MBRs though :smile:

Anyway, it was free. I wish I could remember the name though.

---

Blame it on Microsoft, God does.