Step 1 - Downloading the scanner tool

IT has created a scanning tool that will detect malware which has been identified as being used in the recent social engineering attack on University of Maine users. This tool will not remove the exploit, only detect its presence. If a rootkit is found on your system, please go to Step 2 to download the removal tool.

To create a bootable disk, download the following iso file:

Use a CD burning program such as Nero or Roxio to create a bootable disk. If you do not have a CD burning program on your system a free one is available from CNET at:

If you prefer, you can come to the IT Help Center in the basement of Shibles to receive a free CD for scanning.

Boot your computer using the CD and say yes when prompted to scan. If a threat is found please return to this page for further instructions.

Step 2 - Running the Removal Tool

If you have performed a scan and the Ardamax keylogger was found, please download and run the following tool to remove the threat:

If another keylogger was found, such as Perfect Keylogger, please contact the Help Center at 581-2506 for assistance with removal.

Once you are finished with the scanning and removal of the threat, please go to:

Remove any current anti-virus programs you may have installed and download and install the latest Symantec Anti-Virus. This is an enterprise class anti-virust program provided to all University Faculty, Staff, and Students. In order to be effective, your antivirus software needs to be updated daily (you can set it to auto-update) and actively running at all times.

For more information about security best practices, please visit:

Copyright ©2006 University of Maine, Information Technologies. Some rights reserved.
This site was designed to meet Section 508 Guidelines (see our accessibility statement.)
Created and maintained by the Faculty Development Center, IT. Site Statistics.