Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Reinstalled Windows 7 upgrade to remove keylogger eBlaster

22 Jan 2011   #1
Joad

Windows 7 Home Premium 64 bit SP1
 
 
Reinstalled Windows 7 upgrade to remove keylogger eBlaster

An ex-girlfriend remotely installed the keylogger eBlaster which is made by SpectorSoft. After research, I decided to reinstall my Windows 7 Home Premium 64 bit upgrade disc.

I booted from the DVD drive and arrived at a screen that showed two partitions: recovery and the existing W7 files. I deleted the W7 partition and proceeded with the installation which went fine.

Now, I wonder if some of the eBlaster files could have been installed on the recovery portion of the hard drive. Seems unlikely but need to be sure. Also, there is now a third partition called "System Reserve" at 100 MB. Could that be the work of eBlaster? I assume the recovery partition holds the original Vista OS. Should I leave it alone or delete that partition?

Thanks in advance.


My System SpecsSystem Spec
.
22 Jan 2011   #2
theog

Microsoft Community Contributor Award Recipient

ME/XP/Vista/Win7
 
 

My System SpecsSystem Spec
22 Jan 2011   #3
Anthony

Microsoft Community Contributor Award Recipient

MS Windows 7 Professional 64-bit SP1
 
 

Everything is fine Joad! Good Job!!

The 100MB is for the windows 7 install (do not delete)
As for the recovery partition I'm not sure, (should be fine) someone will be along to advise you what to do. (probably a Scan)
My System SpecsSystem Spec
.

22 Jan 2011   #4
Joad

Windows 7 Home Premium 64 bit SP1
 
 

The article you linked states:

This will show you how to do a Clean Install using a retail Upgrade Windows 7 installation disc.

The upgrade disc I used is an OEM.
My System SpecsSystem Spec
22 Jan 2011   #5
Bill2

Windows 7 x64 pro/ Windows 7 x86 Pro/ XP SP3 x86
 
 

The recovery partition would be untouched unless you had system restore turned on and restore points got written to recovery which can happen if you're not careful. Some OEMs have or at least used to have this idiotic default setup whereby restore points would be saved that way, ultimately causing the recovery partition to become unusable apart from giving annoying low disk space warnings. Of course, if your computer was not setup that way, you should be fine.

In addition, would suggest you delete all old restore points saved onto a non-windows partition (if any). One thing you can do is to completely ditch the recovery partition option and instead image your nice new clean install using macrium reflect. Do this after you've got all apps and drivers installed and tweaked. That way you can restore the system in a jiffy without bothering with software reinstalls.

If you had made recovery disks before this trauma, they are equivalent to having the recovery partition.
My System SpecsSystem Spec
22 Jan 2011   #6
Joad

Windows 7 Home Premium 64 bit SP1
 
 

Quote   Quote: Originally Posted by Bill2 View Post
The recovery partition would be untouched unless you had system restore turned on and restore points got written to recovery which can happen if you're not careful. Some OEMs have or at least used to have this idiotic default setup whereby restore points would be saved that way, ultimately causing the recovery partition to become unusable apart from giving annoying low disk space warnings. Of course, if your computer was not setup that way, you should be fine.

In addition, would suggest you delete all old restore points saved onto a non-windows partition (if any). One thing you can do is to completely ditch the recovery partition option and instead image your nice new clean install using macrium reflect. Do this after you've got all apps and drivers installed and tweaked. That way you can restore the system in a jiffy without bothering with software reinstalls.

If you had made recovery disks before this trauma, they are equivalent to having the recovery partition.
Trauma is the appropriate word.

Just learned how to view Disk Management and apparently the recovery partition is empty. It shows capacty @ 11.72 GB with 11.72 GB free. Not sure how it got deleted. Maybe during the original upgrade process?
My System SpecsSystem Spec
25 Jan 2011   #7
gregrocker

 

It may have its files hidden. Boot free Partition Wizard bootable CD, rightclick Recov Partition to Explore to see if files are intact. If not, you can rightclick it again to Wipe it with a set of zeroes to overwrite any infected or corrupt code. Then Create a new partition or Resize Win7 into the deleted space.

Hopefully you made the Recovery Disks before clean reinstalling. But you apparently have an Installation DVD which is a much better option anyway.

If you didn't wipe the partiition where you reinstall Win7, there could be infected code on it as well, so you might want to start over by wiping the entire HD using PW CD Disk tab, or the tutorial earlier posted by theog to wipe HD with Diskpart.

You can use any retail installer whether OEM, upgrade or full version to reinstall your version of Win7.
My System SpecsSystem Spec
20 Feb 2011   #8
Joad

Windows 7 Home Premium 64 bit SP1
 
 

I was unable to confirm or deny the existence of the keylogger after I did the reinstall. I decided to do a clean install of Windows 7 with the DVD upgrade disk. I deleted everythng on the hard drive and proceeded with a clean install. Microsoft verified Windows 7 with no issues.

I was certain this would kill the keylogger but a friend suggested that a sophisticated keylogger could hide files in the BIOS and reinstall itself after the clean install. If so, I guess I am stuck with it.

I read on the Spector Soft/eBlaster website that its keyloggers use Windows Explorer to send activity emails to its client so I blocked both instances - 32 and 64 bit - of Windows Explorer with Zone Alarm.

If there are any other things I can do, I would appreciate the feedback.
My System SpecsSystem Spec
20 Feb 2011   #9
richnrockville

Windows 7 Pro x64 SP1
 
 

Quote   Quote: Originally Posted by Joad View Post
I blocked both instances - 32 and 64 bit - of Windows Explorer with Zone Alarm.
If there are any other things I can do, I would appreciate the feedback.
I am not a fan of Zone Alarm, especially when one of their updates a while back really crumped a lot of machines.

You might want to look at a AV with a firewall.

I use Vipre premium and it seems to protect most of my friends and clients without being intrusive. vipre.com will get you close.

Just a thought, not a sermon.

Rich
My System SpecsSystem Spec
20 Feb 2011   #10
gregrocker

 

I hoped you wiped the HD as suggested using a 3rd party tool or DISKPART Clean All command as deleting or formatting erases nothing and infected code is still there otherwise.

Use free MS Security Essentials or Avast 5 with the Win7 firewall for best performance. Malwarebytes is good for on-demand scanning.
My System SpecsSystem Spec
Reply

 Reinstalled Windows 7 upgrade to remove keylogger eBlaster




Thread Tools




Similar help and support threads
Thread Forum
Reinstalled windows. No drivers
I have an Asus U36SD Last night I reinstalled windows for a clean install on windows disk After finishing and loading up windows I have no drivers so no connection to any peripherals I can't install them from the web because all Internet drivers are gone and I can't install from USB Because...
Drivers
Reinstalled windows now getting BSOD
reinstalled Windows 7 Home Premium 64 bit on my pc and now i randomly get a bsod during loadup or after i load to desktop. here is the problem details and a zipped file of the diagnostic. help is appreciated. Problem Event Name: BlueScreen OS Version: 6.1.7600.2.0.0.768.3 Locale ID: 1033...
BSOD Help and Support
Want to upgrade from XP to Win 7 to remove keylogger
I have windows XP and a keylogger, currently blocked with Zemana antikeylogger, and would like to do a clean install, to remove the keylogger. I have Speed Demon SSD's with ghost back up. How do I do a clean removal of any info on the ghost backup? And can the keylogger have any files embedded in...
General Discussion
Reinstalled Windows 7, now won't read HDD
It's because my 2nd hard drive says "access denied" when it shouldn't be. It probably doesn't recognize me as the main user, but it's pissing me off that I can't get to my library of main programs.
Hardware & Devices
Reinstalled windows, no audio. HELP!
I reinstalled Win 7 ult 32-bit on my dimension 8300 and mistakenly formated the disk, erasing everything this time. Once installation was complete, i no longer have sound. Everything else works how it used to. The crazy thing is that there are no yellow or red exclamaion or question marks in...
Sound & Audio
Remove OEM XP install and upgrade to Win 7 ?
I have another computer with XP Media Center installed by HP. I want to wipe this drive and install Win 7 Pro from the upgrade disk. The existing C: drive has both the XP installation and a hidden "recovery/restore partition. Here's my plan: 1) Via Acronis or DiskWizard...I will delete...
Installation & Setup


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 13:14.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App