Remove Spyware / Keylogger from Windows 10 Laptop

A friend is using Windows 10 (which is kept up to date).
He also has AVG Antivirus.
He normally uses Paypal for purchases (without any problems).

This morning, within an hour of using his actual Visa Debit Card on Government
website ( his card number was fraudulently used on some dating website.
(The bank phoned and cancelled the transaction and his card).

I'm going to run some scans tomorrow
- MalwareBytes scan in safe mode
- Hitman pro

Any other suggestions?
LVL 24
EirmanChief Operations ManagerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SeanSystem EngineerCommented:
Really Malware bytes and AVG will cover everything.

I would help him clean up the laptop and remove any programs he doesn't use and check his startup to make sure there isn't anything funky in there. Odds are it got installed with some junk software so be sure to clean up any software that he recently installed.
Personally I rely on for all my Virus Removal needs :

Here is an article that has a good all around approach to removing spyware and PUP applications :

Reference :

  1. STEP 2: Use Rkill to terminate suspicious programs.
  2. STEP 3: Uninstall programs via Windows control panel.
  3. STEP 4: Use Malwarebytes AntiMalware to Scan for Malware and Unwanted Programs
  4. STEP 5: Scan and clean your computer with Zemana AntiMalware.
  5. STEP 6: Use AdwCleaner to remove adware from a computer.
  6. STEP 7: Use HitmanPro to scan your computer for badware
  7. STEP 8: Run Secunia PSI to find outdated and vulnerable programs.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JohnBusiness Consultant (Owner)Commented:
If Windows 10 V1709 or greater, also do a full scan with Windows Defender as that has become a very good AV tool for Windows 10. The inclusion of EMET helps here.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Rich MCommented:
The advice above with bleeping computer is very good.  However, we don't chase malware or viruses anymore.  Download Windows 10 using the media creation tool, takes an hour to reload Windows 10.  Or use the reset option.  If there is something keylogging, why risk it? Just copy needed files off.
Best would be to lock the credit card for now and get a new one since that will be the only way to make sure it won't be abused again.
If you are perfectly sure that the usage on the computer was the only usage, restore the pc from a trusted backup if possible. If you are not sure, so if it could have happened somewhere else (as in "life on the street"), you may still trust that machine but of course have its startup items scanned by using autoruns offline by a person with skills (better than virus scanning).
It's entirely possible that has been hacked (I see that the site is currently "down for maintenance"), or there is even a remote chance that somebody working in one of their IT or admin department departments with access to card payment details has committed fraud.  This is more common in banking services and other similar places than the companies or organisations would care to admit.  Crooked employees can easily pass card details on to friends or acquaintances or even sell the information.
EirmanChief Operations ManagerAuthor Commented:
Thanks everyone - All advise taken on board.
Thank you Eirman
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 10

From novice to tech pro — start learning today.