Windows 10: adamax keylogger - regedit will not run

  1.    16 Sep 2015 #1

    adamax keylogger - regedit will not run


    Hit by some ugly malware that seems to prevent me from running regedit or malwarebytes. gangnamgame.net pops up after a reboot as well as adamax keylogger.When I try to run either one of them nothing at all happens. No errors, no window or anything. The spyware is adamax keylogger which I only know because it shows up every time in the task window and gangnamgame.net launches itself in firefox. I need to run regedit to remove it but I'm guessing the malware itself is what is preventing me from doing so.

    I'm not a pc novice and am very aware of all of the BS out there but this one has really done me in.

    Any help would be greatly appreciated.
      My ComputerSystem Spec


  2. Posts : 13,415
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       16 Sep 2015 #2

    Try one of the fixes listed here & see if one of these will restore access to the registry. If you have no luck with this in normal mode, you may wish to try some of these scanners/suggestions in safe mode.

    5 Ways To Re-enable Registry Editor When Disabled By Virus

    Another suggestion is to use RKill to try & terminate the process, then run malware scanners to try to remove it. Do NOT reboot after running RKill.

    RKill Download

    As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill you should immediately scan your computer using some sort of anti-malware or anti-virus program so that the infections can be properly removed.
    Suggested scanners would be Malwarebytes, AdwCleaner & TDSSKiller to be sure you don't have a rootkit.

    Another option is the one listed here, d/l Autoruns by Sysinternals & use the program to kill it from there.

    Remove gangnamgame.net pop-up on startup (Uninstall Guide)

    Other Sysinternals tools that may help.

    RegJump

    Process Explorer

    Process Explorer

    The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.
      My ComputerSystem Spec


  3. Posts : 705
    Windows 10 Pro x64
       16 Sep 2015 #3

    Borg 386 said: View Post
    ...
    Wow! Pretty comprehensive answer. Nice post!

    @byounker,
    Please take note that some of the 'smarter' infections may attempt to prevent you from downloading or installing the necessary tools for disinfection. In which case you would need to rename the file in question to fool the infection into thinking it is ok.
      My ComputerSystem Spec


  4. Posts : 11,234
    W10Prox64
       16 Sep 2015 #4

    WhyMe said: View Post
    Wow! Pretty comprehensive answer. Nice post!


    @byounker,
    I might add, if you need to, there is a rescue disk available from Kaspersky which runs at boot (outside the OS) and may help clear things up enough for you to get control again.
      My ComputerSystem Spec


  5. Posts : 13,415
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       17 Sep 2015 #5

    WhyMe said: View Post
    Please take note that some of the 'smarter' infections may attempt to prevent you from downloading or installing the necessary tools for disinfection. In which case you would need to rename the file in question to fool the infection into thinking it is ok.
    Yepperz, good point. I forgot to mention RKill is available to d/l with different file names to allow it to run when some of these PIA's have blocked certain files from running.

    Below are a list of RKill download links using different filenames. We offer RKill under different filenames because some malware will not allow processes to run unless they have a certain filename. Therefore when attempting to run RKill, if a malware terminates it please try a different filename offered below.
      My ComputerSystem Spec


 

Related Threads
Does Windows 10 really include a keylogger? in AntiVirus, Firewalls and System Security
Here is Ed Bott's take of the matter: Here we go again. With Windows 10, Microsoft has adopted a rapid-update development cycle. Maybe that faster pace is affecting the tech press too, because it took less than a week for the first ...
Solved regedit changes in General Support
Made a change in HKLM, so that my numloc keys worked on start-up, previous version. Upgraded via update to 10166, Be advised for this change to become effective had to restart comp again. I know its SOP for reg changes but, on an upgrade. SO...
Will insiders be able to disable the so called keylogger once the current insider build is upgraded to the insider rtm build?
Hello all, I guess this time Microsoft will have to face many problems.... I don't know why people say "There is a keylogger in Windows 10 Technical Preview". They say Microsoft collects their personal Data because they heard this from others. I...
Windows 10's 'built-in keylogger'? Ha ha, says Microsoft no, it just monitors your typing Source A Guy
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 15:33.
Find Us