Graal Forums

Graal Forums (https://forums.graalonline.com/forums/index.php)
-   Era Main Forum (https://forums.graalonline.com/forums/forumdisplay.php?f=162)
-   -   Removing the "Era Hotkeys" Keylogger (https://forums.graalonline.com/forums/showthread.php?t=87498)

cbk1994 08-20-2009 02:13 AM
Removing the "Era Hotkeys" Keylogger
 
Post approved by Darlene.

This keylogger has been infecting a lot of people lately, and it's worth posting instructions for removing.

Checking if you have it
If you've opened the "Era Hotkeys" program, or otherwise think you might have it, the easiest way to do it is by clicking "Start", "Run", and typing in "%Temp%". Now, look for a file called "keylog.dat", "keylogd.dat", or "svchost.exe". If it's there, you're most likely infected. If not, you probably aren't, but you may want to try the next few steps just in case.

Confirming you have it
If the last step showed that you are infected, or you still think you may be, there is another, more foolproof step you can take. Download HijackThis, install it, then open it. Click the button that says "Do a system scan and save a logfile".

http://img196.imageshack.us/img196/6929/hjthis.png

Once you've scanned, a window should pop up in Notepad looking like this:

http://img196.imageshack.us/img196/3417/logfile.png

Copy everything in the Notepad file, and open up this HijackThis log analyzer. Paste in your logfile, and click "Analyze".

http://img196.imageshack.us/img196/695/analyzew.png

Look through the results. If you see something that looks like this (it may not display the exact message, but it should show up as "nasty"), you have it. If not, you don't.

http://img196.imageshack.us/img196/6827/nastyv.png

Removing the keylogger

If you have it, go to the HijackThis results window that should have opened when you did a scan. Find the entry mentioned, check the box, and click "Repair checked items".

http://img196.imageshack.us/img196/8844/checknfix.png

Confirm that you want to repair it, and then perform another scan and analyze (using the website posted above) to ensure that your system is now clean.

Empty your temp folder

Now, go to the temp folder again by clicking Start, Run, then typing in "%Temp%".
http://img196.imageshack.us/img196/9347/gotemp.png

Close all open programs, including ones in the system tray if possible (AIM, etc), and delete all files in this temp folder.

Restart your computer, and the keylogger will be gone.


Contact me over the forums (forum PM) or in-game if you have questions. Do not post them on the forums.


All times are GMT +2. The time now is 08:15 PM.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2025, vBulletin Solutions Inc.
Copyright (C) 1998-2019 Toonslab All Rights Reserved.