Recently Kaspersky and Windows Defender have been detecting "Win32/Ardamax" which I believe is a keylogger. How would I go about getting rid of this? Every time I quarantine it, it manages to create itself again.
Anyone here know any security tools I can remove this bugger with?
Thanks.
Where's it creating itself? Temporarily remove write permissions to that folder if it's not that important?
Quote from: Newby on November 19, 2007, 09:09:27 PM
Where's it creating itself? Temporarily remove write permissions to that folder if it's not that important?
It's creating itself everywhere:
deleted: Trojan program Trojan-Spy.Win32.Ardamax.e File: C:\System Volume Information\_restore{6266DC8F-C35B-468E-AC12-296E6D4F50B6}\RP5\A0000091.exe
deleted: Trojan program Trojan-Spy.Win32.Ardamax.e File: C:\RECYCLER\S-1-5-21-1177238915-1035525444-682003330-1003\Dc4.exe
deleted: Trojan program Trojan-Spy.Win32.Ardamax.e File: C:\WINDOWS\SYSTEM32TWEG.EXE
etc, etc, etc...
Thanks for your reply.
Reformat. Best option. You can't trust the system once it has been compromised. :|
I agree, that would certainly be the best option. But, sadly, I just finished transferring my files from my other computer over to this one the other day. I would have to start all over again.
I'll keep checking security forums to see if any of my posts get replies.
Thanks again.
Disable system restore. Delete the trojan. Empty recycle bin. Reboot. Check again.
It looks like most of the regenerated ones you asked about are on the system restore or in the recycle bin. By cleaning those up, you might get it.
But Newby's right, once you're infected, you can never be sure it's gone.