• Status: Solved
  • Priority: High
  • Security: Public
  • Views: 66
  • Last Modified:

Remove Spyware / Keylogger from Windows 10 Laptop

A friend is using Windows 10 (which is kept up to date).
He also has AVG Antivirus.
He normally uses Paypal for purchases (without any problems).

This morning, within an hour of using his actual Visa Debit Card on Government
website (motortax.ie) his card number was fraudulently used on some dating website.
(The bank phoned and cancelled the transaction and his card).

I'm going to run some scans tomorrow
- MalwareBytes scan in safe mode
- Hitman pro

Any other suggestions?
6 Solutions
SeanSystem EngineerCommented:
Really Malware bytes and AVG will cover everything.

I would help him clean up the laptop and remove any programs he doesn't use and check his startup to make sure there isn't anything funky in there. Odds are it got installed with some junk software so be sure to clean up any software that he recently installed.
Personally I rely on Bleepingcomputer.com for all my Virus Removal needs :

Here is an article that has a good all around approach to removing spyware and PUP applications :

Reference : https://www.bleepingcomputer.com/virus-removal/remove-autofixer-pro-2018-pup

  1. STEP 2: Use Rkill to terminate suspicious programs.
  2. STEP 3: Uninstall programs via Windows control panel.
  3. STEP 4: Use Malwarebytes AntiMalware to Scan for Malware and Unwanted Programs
  4. STEP 5: Scan and clean your computer with Zemana AntiMalware.
  5. STEP 6: Use AdwCleaner to remove adware from a computer.
  6. STEP 7: Use HitmanPro to scan your computer for badware
  7. STEP 8: Run Secunia PSI to find outdated and vulnerable programs.
JohnBusiness Consultant (Owner)Commented:
If Windows 10 V1709 or greater, also do a full scan with Windows Defender as that has become a very good AV tool for Windows 10. The inclusion of EMET helps here.
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

Rich MCommented:
The advice above with bleeping computer is very good.  However, we don't chase malware or viruses anymore.  Download Windows 10 using the media creation tool, takes an hour to reload Windows 10.  Or use the reset option.  If there is something keylogging, why risk it? Just copy needed files off.
Best would be to lock the credit card for now and get a new one since that will be the only way to make sure it won't be abused again.
If you are perfectly sure that the usage on the computer was the only usage, restore the pc from a trusted backup if possible. If you are not sure, so if it could have happened somewhere else (as in "life on the street"), you may still trust that machine but of course have its startup items scanned by using autoruns offline by a person with skills (better than virus scanning).
It's entirely possible that https://www.motortax.ie/ has been hacked (I see that the site is currently "down for maintenance"), or there is even a remote chance that somebody working in one of their IT or admin department departments with access to card payment details has committed fraud.  This is more common in banking services and other similar places than the companies or organisations would care to admit.  Crooked employees can easily pass card details on to friends or acquaintances or even sell the information.
EirmanChief Operations ManagerAuthor Commented:
Thanks everyone - All advise taken on board.
Thank you Eirman

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now