Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Reinstalled Windows 7 upgrade to remove keylogger eBlaster

22 Jan 2011   #1
Joad

Windows 10 Home
 
 
Reinstalled Windows 7 upgrade to remove keylogger eBlaster

An ex-girlfriend remotely installed the keylogger eBlaster which is made by SpectorSoft. After research, I decided to reinstall my Windows 7 Home Premium 64 bit upgrade disc.

I booted from the DVD drive and arrived at a screen that showed two partitions: recovery and the existing W7 files. I deleted the W7 partition and proceeded with the installation which went fine.

Now, I wonder if some of the eBlaster files could have been installed on the recovery portion of the hard drive. Seems unlikely but need to be sure. Also, there is now a third partition called "System Reserve" at 100 MB. Could that be the work of eBlaster? I assume the recovery partition holds the original Vista OS. Should I leave it alone or delete that partition?

Thanks in advance.


My System SpecsSystem Spec
.
22 Jan 2011   #2
theog

Microsoft Community Contributor Award Recipient

ME/XP/Vista/Win7
 
 

My System SpecsSystem Spec
22 Jan 2011   #3
Anthony

Microsoft Community Contributor Award Recipient

MS Windows 7 Professional 64-bit SP1
 
 

Everything is fine Joad! Good Job!!

The 100MB is for the windows 7 install (do not delete)
As for the recovery partition I'm not sure, (should be fine) someone will be along to advise you what to do. (probably a Scan)
My System SpecsSystem Spec
.

22 Jan 2011   #4
Joad

Windows 10 Home
 
 

The article you linked states:

This will show you how to do a Clean Install using a retail Upgrade Windows 7 installation disc.

The upgrade disc I used is an OEM.
My System SpecsSystem Spec
22 Jan 2011   #5
Bill2

Windows 7 x64 pro/ Windows 7 x86 Pro/ XP SP3 x86
 
 

The recovery partition would be untouched unless you had system restore turned on and restore points got written to recovery which can happen if you're not careful. Some OEMs have or at least used to have this idiotic default setup whereby restore points would be saved that way, ultimately causing the recovery partition to become unusable apart from giving annoying low disk space warnings. Of course, if your computer was not setup that way, you should be fine.

In addition, would suggest you delete all old restore points saved onto a non-windows partition (if any). One thing you can do is to completely ditch the recovery partition option and instead image your nice new clean install using macrium reflect. Do this after you've got all apps and drivers installed and tweaked. That way you can restore the system in a jiffy without bothering with software reinstalls.

If you had made recovery disks before this trauma, they are equivalent to having the recovery partition.
My System SpecsSystem Spec
22 Jan 2011   #6
Joad

Windows 10 Home
 
 

Quote   Quote: Originally Posted by Bill2 View Post
The recovery partition would be untouched unless you had system restore turned on and restore points got written to recovery which can happen if you're not careful. Some OEMs have or at least used to have this idiotic default setup whereby restore points would be saved that way, ultimately causing the recovery partition to become unusable apart from giving annoying low disk space warnings. Of course, if your computer was not setup that way, you should be fine.

In addition, would suggest you delete all old restore points saved onto a non-windows partition (if any). One thing you can do is to completely ditch the recovery partition option and instead image your nice new clean install using macrium reflect. Do this after you've got all apps and drivers installed and tweaked. That way you can restore the system in a jiffy without bothering with software reinstalls.

If you had made recovery disks before this trauma, they are equivalent to having the recovery partition.
Trauma is the appropriate word.

Just learned how to view Disk Management and apparently the recovery partition is empty. It shows capacty @ 11.72 GB with 11.72 GB free. Not sure how it got deleted. Maybe during the original upgrade process?
My System SpecsSystem Spec
25 Jan 2011   #7
gregrocker
Microsoft MVP

 

It may have its files hidden. Boot free Partition Wizard bootable CD, rightclick Recov Partition to Explore to see if files are intact. If not, you can rightclick it again to Wipe it with a set of zeroes to overwrite any infected or corrupt code. Then Create a new partition or Resize Win7 into the deleted space.

Hopefully you made the Recovery Disks before clean reinstalling. But you apparently have an Installation DVD which is a much better option anyway.

If you didn't wipe the partiition where you reinstall Win7, there could be infected code on it as well, so you might want to start over by wiping the entire HD using PW CD Disk tab, or the tutorial earlier posted by theog to wipe HD with Diskpart.

You can use any retail installer whether OEM, upgrade or full version to reinstall your version of Win7.
My System SpecsSystem Spec
20 Feb 2011   #8
Joad

Windows 10 Home
 
 

I was unable to confirm or deny the existence of the keylogger after I did the reinstall. I decided to do a clean install of Windows 7 with the DVD upgrade disk. I deleted everythng on the hard drive and proceeded with a clean install. Microsoft verified Windows 7 with no issues.

I was certain this would kill the keylogger but a friend suggested that a sophisticated keylogger could hide files in the BIOS and reinstall itself after the clean install. If so, I guess I am stuck with it.

I read on the Spector Soft/eBlaster website that its keyloggers use Windows Explorer to send activity emails to its client so I blocked both instances - 32 and 64 bit - of Windows Explorer with Zone Alarm.

If there are any other things I can do, I would appreciate the feedback.
My System SpecsSystem Spec
20 Feb 2011   #9
richnrockville

Windows 7 Pro x64 SP1
 
 

Quote   Quote: Originally Posted by Joad View Post
I blocked both instances - 32 and 64 bit - of Windows Explorer with Zone Alarm.
If there are any other things I can do, I would appreciate the feedback.
I am not a fan of Zone Alarm, especially when one of their updates a while back really crumped a lot of machines.

You might want to look at a AV with a firewall.

I use Vipre premium and it seems to protect most of my friends and clients without being intrusive. vipre.com will get you close.

Just a thought, not a sermon. :)

Rich
My System SpecsSystem Spec
20 Feb 2011   #10
gregrocker
Microsoft MVP

 

I hoped you wiped the HD as suggested using a 3rd party tool or DISKPART Clean All command as deleting or formatting erases nothing and infected code is still there otherwise.

Use free MS Security Essentials or Avast 5 with the Win7 firewall for best performance. Malwarebytes is good for on-demand scanning.
My System SpecsSystem Spec
Reply

 Reinstalled Windows 7 upgrade to remove keylogger eBlaster




Thread Tools




Similar help and support threads
Thread Forum
New KB3184143 Update to Remove Windows 10 Upgrade Offer
Source: Remove software related to the Windows 10 free upgrade offer - KB3184143
News
What programs can I safely remove to make room for Windows 10 upgrade?
I have an 80gb SSD and am removing everything possible because I am concerned that there won't be enough space for the Windows 10 upgrade. From what i've read, the windows.old folder where the old system is stored can be 30gb or more. Currently, I only have 20gb available. The Windows 10 app says...
Software
Program to remove Windows 10 upgrade updates in Windows 7
I was watching this link: How to remove Windows 10 upgrade updates in Windows 7 and 8. It got too complex, too long, and it seemed to be getting off track. I felt the fixes were a little too technical for me and my experience level. Therefore I'm starting a new thread to get suggestions for...
General Discussion
Surefire way to remove possible keylogger?
Hello. Recently I accidentally mis-clicked on a suspicious link, and later found out it was a keylogger once I had money stolen from me. I'm temporarily secure at the moment from losing anything valuable online, and I want to know methods for detecting a keylogger if you have one installed without...
System Security
Want to upgrade from XP to Win 7 to remove keylogger
I have windows XP and a keylogger, currently blocked with Zemana antikeylogger, and would like to do a clean install, to remove the keylogger. I have Speed Demon SSD's with ghost back up. How do I do a clean removal of any info on the ghost backup? And can the keylogger have any files embedded in...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:24.
Twitter Facebook Google+