Help removing Ardamax Keylogger

[Confliction]

Hello,
I received a call from my dad today saying that he has a virus on his PC. From what he told me I thought it was the Windows XP Recovery virus.
He mentioned that all his files had disappeared along with desktop icons. I had dealt with that virus before so I gave him the steps to remove it over the phone.
I had him run the Malwarebyte's scan, and the results were devastating. I can't remember the exact number ( 50+ thousand ) files were infected. I had him read
me one and it turned out to be Ardamax Keylogger. To be honest, i'm not sure that PC has ever been cleaned properly. Nor did it have sufficient security.
Anyway...I am looking for instructions to tell my dad to hopefully get rid of the virus and recover/Un-hide his files.
I talked him through the "View hidden files/folders" steps. I don't want my parents to lose all of their important files..mainly pictures and emails.
Any help is greatly appreciated.

Thanks!

[Ada]

Anti-Spyware Removal

1. Update your anti-spyware.

2. Restart your computer in safe mode. (Start--->Run--->type msconfig--->open "Boot" tab--->check safe mode)

3. Run an anti-spyware scan and remove.

4. Restart your computer in regular mode. (Start--->Run--->type msconfig--->open "Boot" tab--->uncheck Safe Mode)

Manual Removal (if anti-spyware can't remove.)

1. Open the registry editor. (Start--->Run--->type regedit)

2. Find and delete the value name of the keylogger.

3. Exit the registry editor, and open task manager. (Ctrl+Alt+Delete)

4. Open the "Processes" tab, and check for and end the process name of the keylogger.

5. Exit task manager.

[Confliction]

Ardamax Keylogger info:
absolutely invisible to anyone. Ardamax Keylogger is not visible in the task bar, system tray, Windows 2000/XP/2003/Vista/Windows 7 Task Manager, process viewers (Process Explorer, WinTasks etc.), Start Menu and Windows Startup list.


The scan detects it, but when you try and fix the issues the program you are using shuts down. It's as if the virus knows it's going to be terminated so it prevents you from
doing so.

[S Templar]

QUOTE
2. Restart your computer in safe mode. (Start--->Run--->type msconfig--->open "Boot" tab--->check safe mode)
4. Restart your computer in regular mode. (Start--->Run--->type msconfig--->open "Boot" tab--->uncheck Safe Mode)

Just read this post - Do Not put a check mark against /safeBoot - in Boot ini in msconfig.

You risk being stuck in Safe Mode and each time your start your Pc - Safe Mode is where you will go.
And there is not an easy resolution to being stuck in Safe Mode.

[Tinna]

Manual Removal (if anti-spyware can't remove.)

1. Open the registry editor. (Start--->Run--->type regedit)

2. Find and delete the value name of the keylogger.

3. Exit the registry editor, and open task manager. (Ctrl+Alt+Delete)

4. Open the "Processes" tab, and check for and end the process name of the keylogger.

5. Exit task manager.

Nice sharing, thank you so much. Well, as a mac user, i am using a mac keylogger for parental control. It is a kind of mac spy software. I don't need to worry about how to remove it because that it can be uninstalled. So when i don't need it, i just uninstall it. Then, everything is ok.