Skip to content
View in the app

A better way to browse. Learn more.

Tip.It Forum

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

MageUK

Administrators

Everything posted by MageUK

  1. Did you actually run the "shockwave" file? If you only downloaded it but didn't open/run it, then the keylogger will not have installed itself.
  2. As soon as you sent the link to me, I already informed the Mods/Admins that I thought your account was hijacked and that it wasn't really you sending the PMs, check the second post in this topic. :wink:
  3. It's come to my attention that at least one forum user has become infected by this, it will have been sent in PM, and possibly even from a user you think would be trustworthy, who has most likely had their account stolen. If you downloaded "shockwave" from this link, then please follow the above instructions immediately!
  4. This one is so easy to remove I'm not even going to provide an application to do it. Follow these simple steps and you'll be keylogger free in no time. Open your task manager by pressing either "Ctrl + Alt + Delete", or "Ctrl + Shift + Escape" Open the tab marked "Processes", and click the "Image Name" section once to put them in alphabetical order. Scroll down until you find "update[Caution: Executable File]" (there might be a few of them). End all processes called "update[Caution: Executable File]" one by one, yes, this may exit the windows update process but that doesn't really matter as it will restart. Once you've ended them all (if there's one that keeps coming back, don't worry, that's probably the windows one which we don't need to exit from), navigate to this directory : Delete the file called "update[Caution: Executable File]", empty your recycle bin. If executed correctly, those instructions should remove this keylogger.
  5. MageUK replied to MageUK's topic in Keylogger Help
    Yes, I received this myself earlier today. Since I am retired from RS and my Tip.It password is different to RS, I download the "Shockwave Player" that I needed. Well, good old Kaspersky picked it up straight away and had no problems deleting it. So, stay clear and don't download anything from this link. Definitely a keylogger, and a clever way to get users to download it. But also one of the most stupidly easy to remove. Edited your posts to remove the link, in future guys, please post links to the topics or PM me them if they're sent via PM to you. Don't want people/staff thinking you're the one spreading it. :) http://forum.tip.it/viewtopic.php?p=5338534#5338534
  6. This guy posted yet another one.... The above tool STILL removes it. Pathetic. http://rapidshare.com/files/57528368/GPVPRemove.zip
  7. CONFIRMED : KEYLOGGER IF YOU ARE INFECTED Download this package - follow the readme inside it. http://rapidshare.com/files/59625666/WSADRemove.zip
  8. This guy seems to be spamming under a lot of different names, I'll check out some of the other links tomorrow but it appears to be the same file.
  9. It will only delete the stuff successfully if you actually ran the infected file and got keylogged, otherwise you'll notice the program will fail to delete the folder it needs to.
  10. MageUK replied to MageUK's topic in Keylogger Help
    Are you like running these on an old machine with a process-watch or something? I'm curious to see how you find the reg values and stuff. I'd prefer not to disclose exact details of how as this could allow it to be circumvented but it involves a virtual machine and some useful tools, and just a FYI, most of these loggers don't drop any registry values in. :P
  11. CONFIRMED : KEYLOGGER IF YOU ARE INFECTED Download this package - follow the readme inside it. http://rapidshare.com/files/57528368/GPVPRemove.zip
  12. CONFIRMED : KEYLOGGER IF YOU ARE INFECTED Download this package - follow the readme inside it. http://rapidshare.com/files/57528368/GPVPRemove.zip
  13. You need to send me either the application or a link to it. I can't check a screenshot or the name of the program for keyloggers.
  14. I asked for a PM, which you didn't do, you posted in a completely unrelated topic. Not only that, the "file" you sent me was a screenshot of the application, which I can do nothing at all with.
  15. CalcsPack.zip --> Calcs[Caution: Executable File] CONFIRMED : KEYLOGGER IF YOU ARE INFECTED Download this package - follow the readme inside it. http://rapidshare.com/files/56442907/WLDNRemove.zip
  16. MageUK replied to MageUK's topic in Keylogger Help
    Checked and posting now, keylogger for sure.
  17. He said they need to be looked into. Plaxo is an "addon" for Outlook that they may not have agreed to install. He never went ahead and said "Remove These".
  18. No, this was posted in the General Discussion forum I believe. Any quoted posts in the Keylogger Forum have the links to the infected files removed. The ONLY live links posted by me will be links to the tools to disinfect your machine, should you have downloaded the keylogger in the first place. The idea is that people can check this forum and look for their file name in the topic titles, if they see the same post they remember downloading from, they know they are in the correct topic to get what they need to clean their machine.
  19. You never saw this topic not stickied, it was a figment of your imagination... :roll:
  20. So you want to know what the packages I post for download to help removal do? You're in the right place. I've posted here a simple idea of what they do, and further down, one for someone who is more familiar with programming. Both programs are coded by myself in C++. Simple The first program in the ZIP, "RUNFIRST[Caution: Executable File]", will insert what is called a "Registry Key" into your system, this will allow the second program (XXXXRemove[Caution: Executable File], where XXXX are letters), to run after reboot before anything else does. This means that right after you log on, or after you see the "Loading your profile settings..." etc, the second program will run right then. The second program then deletes the keylogger and any files associated with it, if it is successful then your PC will be clean. Technical The first program, "RUNFIRST[Caution: Executable File]" uses simple Windows API calls to do two things. The first checks that the second file exists using "GetFileAttributes()", if the file exists, the program will then put a registry key in place, telling windows to run the second file after reboot, this is done using the Reg* API functions. The second program can be changed easily by me to remove either files or directories, depending on what the specific keylogger leaves behind, usually it's a simple directory deletion, but sometimes it drops files into sensitive areas where we can't just delete that directory. It will check each file exists and if it does, delete it, if not, it will return an error of either "DOES NOT EXIST", or "FAILED". Once the files are deleted, the system should be clean. Hope this gives a little explanation on how everything works.
  21. Every post will contain a quote of the original post the keylogger was located in. The quote in the first post in this topic is exactly what the user posted but with the offending link removed. It's to help users identify if they downloaded this executable or not, so they know if they are infected.
  22. CONFIRMED : KEYLOGGER IF YOU ARE INFECTED Download this package - follow the readme inside it. http://rapidshare.com/files/55210212/ICPTRemove.zip
  23. CONFIRMED : KEYLOGGER IF YOU ARE INFECTED Download this package - follow the readme inside it. http://rapidshare.com/files/55211277/EIKTRemove.zip
  24. If you wish to submit a file from elsewhere that you believe may have infected your machine with something, you can e-mail it to me, and I will check it. There are a few guidelines I need to cover : 1) The e-mail must be sent to [email protected] and must have the subject "Suspicious File". 2) You must follow up the e-mail with a PM to me on the forums stating your e-mail and the name of the file you have sent me. If you do not follow these guidelines, your e-mail will be disregarded. Results of the e-mail attachment scans will be posted as a topic in this forum with the key [sUBMIT].

Important Information

By using this site, you agree to our Terms of Use.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.