Getting Rid of a Keylogger

Whilst roaming about the net, I seem to have picked up a keylogger. I know this because I got an email today with my user name and a valid password for a site I frequent in the subject line. The email is threatening me with embarrassing details being broadcast to everyone in my address book unless I provide a bitcoin, yadda yadda yadda.

I have seen these phishing emails before, but they have never had my password before, so I know I've been keylogged. My question is, how do I find the logger and how do I get rid of it? I am running Malwarebytes and it didn't find it. I also used SuperAntiSpyware and Windows Defender, but nothing showed up there either. I have changed my passwords using another PC, but I want to clean my machine from this. I'm using 1909, fully updated.

Anyone have any ideas?

I've seen what you describe 3 times this past year. Hurry up and save your data.

Then follow Pejole2165 advice in post #2 "best course of action is a clean install, removing all existing partitions in the process and using a Windows setup media created on a known clean machine."

Its a scam, they got your password from a site you use which was breached, this happens to many sites. Same thing happened to me, got my password from the Avast forum which was breached a few years ago. If you use the same password for any other sites just change it, otherwise just delete email and do not worry.

I get one every week claiming to have activated my web cam and videoed me not having a webcam I know its a con

Oh I definitely know it is a con, but I use this PC for development work and VPN into work. I also do my banking on it...

I've done full scans on the entire 5 drives I have and found nothing with three different AVs, so I don't think I have a keylogger. Unless it's so sophisticated it doesn't show up. I'm not too worried about the email itself as I haven't done anything embarrassing with my machine and I don't have the webcam that they said they activated. I have deleted both emails.

I guess I have to assume that my Hotmail account was hacked. I have changed all the passwords that I can, so I guess I might be OK. I am taking my image drive offline for a while though. Better safe than sorry.

Thanks for all of your help, everyone.

Gurn Blanston said:

Oh I definitely know it is a con, but I use this PC for development work and VPN into work. I also do my banking on it...

I've done full scans on the entire 5 drives I have and found nothing with three different AVs, so I don't think I have a keylogger. Unless it's so sophisticated it doesn't show up. I'm not too worried about the email itself as I haven't done anything embarrassing with my machine and I don't have the webcam that they said they activated. I have deleted both emails.

I guess I have to assume that my Hotmail account was hacked. I have changed all the passwords that I can, so I guess I might be OK. I am taking my image drive offline for a while though. Better safe than sorry.

Thanks for all of your help, everyone.

It looks like you are keeping up with what you need to do.
I've seen 3 incidences over this past year very similar to yours.
--- One of those users let it go on too long before dealing with: to make a long story short, a clean install was the solution.
I'm not aware of an AV finding anything relating to what was going on similar to your case.
--- See if AdwCleaner finds anything. I use Downloads - AdwCleaner - ToolsLib