Hi All,

I have a friend whos significant other has installed KGB Keylogger to snoop on them. :'(

Anyways, it seems even when logging in as administrator, the program does not show up in add/remove programs.

Any ideas on how to get rid of this stuff? Without formatting and a fresh install of XP would be nice. :D However if that is what needs to be done, I will advise them that is it!

Thanks,

Jag

Spy Sweeper does a good job against many keyloggers. A no-restrictions free trial is available at:
http://www.webroot.com/downloads/

You might also try AdAware and SpyBot but their record with keyloggers isn't so great.

Good luck!

Thank you Gerard. I will pass the link along.

Regards,

Jag

{QUOTE-> Any ideas on how to get rid of this stuff? <-QUOTE}
The keylogger or the significant other? ;D


Raytown makes the only dedicated anti-keyloggers that i am aware of.
http://www.anti-keylogger.com/

No signature base
Protection against windows text capturing
Protection against keystroke capturing
Protection against clipboard capturing
Protection against active window screenshoting
Protection against desktop screenshoting
Protection against attacks of spy programs
Protection against hardware keyloggers
Full UNICODE support
Immediate and constant "on-the-fly" protection
Fast and easy installation and configuration
Free upgrades and lifetime support
30 Day Money Back Guarantee.

I have not tried it myself against any keyloggers, but i have heard good things about it - although nothing is 100%.

That's good stuff man. LOL

Well as it turns out, she went ahead and reformatted with the help of her brother, so hopefully that program is now gone.

Thanks for the help,

Jag ;D

Hi Jaguar,

Could you by any chance let us know if the keylogger your asking about is the free version, $30 or $40 version? If not, no problem. I was just interested in testing this keylogger to see what anti-malware programs can pick it up.

I haven't actually tested any programs against the above mentioned keyloggers but a couple more programs that can find some keyloggers are X-Cleaner free http://www.xblock.com/download-freeware.shtml Also there is a payware version of X-Cleaner available that is superior to the free version.

You could try the free 30 day trial of Security Task Manager http://www.neuber.com/taskmanager/index.html I have been told it does very well in the detection of many different keyloggers. This program does not rely on a signature database to find keyloggers, so my bet is it would find it.

Anti-Keylogger as mentioned above by S!x is no doubt a good program but it is somewhat expensive at $60 and only a 4 hour trial. If a 4 hour trial is enough then that may be good, if it's just a one time thing. Though I think the link is http://www.anti-keyloggers.com the other link goes to privacy Keyboard.

One thing to keep in mind is the keyloggers under $100 or so, are usually far easier to detect with these different anti-spyware programs than anything over $100. But you really can't tell until it is tested.

Programs like MSAS, SpySweeper, X-Cleaner, Spybot, Ad-aware, Bazooka SpywareDoctor and other anti-spyware programs basically rely on signatures to find keyloggers, so if they don't have the sigs you won't usually find the keylogger. That is if your going to install one of these programs and try to find a keylogger after it has already been installed on a computer. Still they are very useful programs to have and just may find the keylogger.

I guess I'm too late in posting this as the problem has been resolved. Oh well maybe someone else will get some help from it.

{QUOTE-> Hi All,

I have a friend whos significant other has installed KGB Keylogger to snoop on them. :'(

<-QUOTE}

How was this keylogger installed in the first place? Where do these programs install - to the C:\ drive?

If the user had some type of lockdown program such as ShadowUser or Deep Freeze, wouldn't this have prevented the keylogger from sticking around following a reboot?

--
Rmus

{QUOTE->
If the user had some type of lockdown program such as ShadowUser or Deep Freeze, wouldn't this have prevented the keylogger from sticking around following a reboot?

--
Rmus <-QUOTE}


Yes they would remove any such keylogger at reboot, provided you had the programs installed prior to getting the keylogger.

{QUOTE-> Yes they would remove any such keylogger at reboot, provided you had the programs installed prior to getting the keylogger. <-QUOTE}
So, why don't more people use such programs and prevent the hassles of having to detect and remove such junk, or at worst, in the example of the original poster, having to reformat?

---
Rmus

It "seems" that many computer users just don't have the time to learn about computer security and programs like this. Or maybe they just aren't that concerned with it.

Too bad they aren't more people aware of them, I think they could help a lot of people to avoid constant infections from malware. Although keep in mind even these programs can't protect someone who just allows everything to run without any thought about what they're allowing outside of shadowmode/unfrozen.

I think if M$ implimented this type of program into Window$ itself, it would reach a far wider audience. The best we can do is let others know about how to better secure their computers and hope they listen.

{QUOTE-> It "seems" that many computer users just don't have the time to learn about computer security and programs like this. Or maybe they just aren't that concerned with it.
... The best we can do is let others know about how to better secure their computers and hope they listen. <-QUOTE}
I've seen discussions about these programs in other forums, but most usually die out rather quickly --- doesn't seem to be that much interest, as you point out. Too bad ---

---
Rmus

Hi

SOme of the new Keyloggers are using rootkit technology.
I sure don't know that much about shadowuser or deepfreeze but have read the threads on them.
Would a rootkit be stopped by a program like shadowuser?
I am sure PG would catch it if you didn't get click happy.

Bruce

{QUOTE-> Hi

Would a rootkit be stopped by a program like shadowuser?
Bruce <-QUOTE}

I don't use ShadowUser, but according to their website, once in Shadow Mode, any changes to the system are done in a virtual snapshot and have no effect on the the system after a reboot.

Maybe Mr. X can shed more light on SU.

As for Deep Freeze, which I use, after reading several articles on Root Kits, I wrote their Tech support and received this answer:

------------------------
Thanks for the email; any change made to the system when Deep Freeze is
enabled will be removed upon reboot - including root kits.

The 'super virus' that is listed in that article still needs to communicate
with the hard disks to save information and it will be affected by our
software just like any other application.

Regards,

xxxx
Manager, Technical Support
Faronics Technologies USA, Inc.
------------------------------------

"Any other application" of course would include software keyloggers.

---
Rmus

Thanks for the info.

Then for sure you would have to install either deepfreeze or shadowuser on a very clean system.
Why would you need PG then? Or is your virtual instance of windows still unprotected? I really can't see how even using a virtual instance of Windows is 100 percent safe. Why can't the Virtual instance still communicate with the hard drive? It has to.

Bruce

{QUOTE-> Thanks for the info.

Then for sure you would have to install either deepfreeze or shadowuser on a very clean system. <-QUOTE}
Yes.

{QUOTE-> Why would you need PG then? <-QUOTE}
There are many opinions as to what else you need. SU or DF should be just the last line of defense, as it doesn't prevent malware from entering the system; it just removes it upon reboot. The decision as to whatever else you decide to use should be made according to what you feel your needs are. For more info and discussion search the forums for Deep Freeze and Shadow User.

{QUOTE->
Or is your virtual instance of windows still unprotected? I really can't see how even using a virtual instance of Windows is 100 percent safe. Why can't the Virtual instance still communicate with the hard drive? It has to. <-QUOTE}
I can't speak to SU. I know that DF does not use a snapshot - their Tech support confirmed that to me, saying that their program operated at lower level and did not use a snapshot.

---
Rmus

To wolfpack et al,

To my understanding the KGB Keylogger that was used was the "free" version so I was told. Altho my friend is not very tech savvy, that was relayed to me. ;)

The reason the pc was reformatted is because lack of patience in me getting back to her with an answer.. just fyi. ::)

As far as SU and DF, you guys all bring up valid points. Definitely food for thought.

Thanks for all the replys and great links.

Kind Regards,

Jag