How To Get Rid Of KGB Keylogger Program

Discussion in 'privacy problems' started by Trooper, Apr 16, 2005.

Thread Status:
Not open for further replies.
  1. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Hi All,

    I have a friend whos significant other has installed KGB Keylogger to snoop on them. :'(

    Anyways, it seems even when logging in as administrator, the program does not show up in add/remove programs.

    Any ideas on how to get rid of this stuff? Without formatting and a fresh install of XP would be nice. :D However if that is what needs to be done, I will advise them that is it!

    Thanks,

    Jag
     
  2. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    Spy Sweeper does a good job against many keyloggers. A no-restrictions free trial is available at:
    http://www.webroot.com/downloads/

    You might also try AdAware and SpyBot but their record with keyloggers isn't so great.

    Good luck!
     
  3. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Thank you Gerard. I will pass the link along.

    Regards,

    Jag
     
  4. S!x

    S!x Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    51
    Location:
    Ohio, USA
    Re: Any ideas on how to get rid of this stuff?

    The keylogger or the significant other? :D


    Raytown makes the only dedicated anti-keyloggers that i am aware of.
    http://www.anti-keylogger.com/

    No signature base
    Protection against windows text capturing
    Protection against keystroke capturing
    Protection against clipboard capturing
    Protection against active window screenshoting
    Protection against desktop screenshoting
    Protection against attacks of spy programs
    Protection against hardware keyloggers
    Full UNICODE support
    Immediate and constant "on-the-fly" protection
    Fast and easy installation and configuration
    Free upgrades and lifetime support
    30 Day Money Back Guarantee.

    I have not tried it myself against any keyloggers, but i have heard good things about it - although nothing is 100%.
     
    Last edited: Apr 16, 2005
  5. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    That's good stuff man. LOL

    Well as it turns out, she went ahead and reformatted with the help of her brother, so hopefully that program is now gone.

    Thanks for the help,

    Jag :D
     
  6. wolfpack

    wolfpack Guest

    Hi Jaguar,

    Could you by any chance let us know if the keylogger your asking about is the free version, $30 or $40 version? If not, no problem. I was just interested in testing this keylogger to see what anti-malware programs can pick it up.

    I haven't actually tested any programs against the above mentioned keyloggers but a couple more programs that can find some keyloggers are X-Cleaner free http://www.xblock.com/download-freeware.shtml Also there is a payware version of X-Cleaner available that is superior to the free version.

    You could try the free 30 day trial of Security Task Manager http://www.neuber.com/taskmanager/index.html I have been told it does very well in the detection of many different keyloggers. This program does not rely on a signature database to find keyloggers, so my bet is it would find it.

    Anti-Keylogger as mentioned above by S!x is no doubt a good program but it is somewhat expensive at $60 and only a 4 hour trial. If a 4 hour trial is enough then that may be good, if it's just a one time thing. Though I think the link is http://www.anti-keyloggers.com the other link goes to privacy Keyboard.

    One thing to keep in mind is the keyloggers under $100 or so, are usually far easier to detect with these different anti-spyware programs than anything over $100. But you really can't tell until it is tested.

    Programs like MSAS, SpySweeper, X-Cleaner, Spybot, Ad-aware, Bazooka SpywareDoctor and other anti-spyware programs basically rely on signatures to find keyloggers, so if they don't have the sigs you won't usually find the keylogger. That is if your going to install one of these programs and try to find a keylogger after it has already been installed on a computer. Still they are very useful programs to have and just may find the keylogger.

    I guess I'm too late in posting this as the problem has been resolved. Oh well maybe someone else will get some help from it.
     
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    How was this keylogger installed in the first place? Where do these programs install - to the C:\ drive?

    If the user had some type of lockdown program such as ShadowUser or Deep Freeze, wouldn't this have prevented the keylogger from sticking around following a reboot?

    --
    Rmus
     
  8. mr.x

    mr.x Guest


    Yes they would remove any such keylogger at reboot, provided you had the programs installed prior to getting the keylogger.
     
  9. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    So, why don't more people use such programs and prevent the hassles of having to detect and remove such junk, or at worst, in the example of the original poster, having to reformat?

    ---
    Rmus
     
  10. mr.x

    mr.x Guest

    It "seems" that many computer users just don't have the time to learn about computer security and programs like this. Or maybe they just aren't that concerned with it.

    Too bad they aren't more people aware of them, I think they could help a lot of people to avoid constant infections from malware. Although keep in mind even these programs can't protect someone who just allows everything to run without any thought about what they're allowing outside of shadowmode/unfrozen.

    I think if M$ implimented this type of program into Window$ itself, it would reach a far wider audience. The best we can do is let others know about how to better secure their computers and hope they listen.
     
  11. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    I've seen discussions about these programs in other forums, but most usually die out rather quickly --- doesn't seem to be that much interest, as you point out. Too bad ---

    ---
    Rmus
     
  12. controler

    controler Guest

    Hi

    SOme of the new Keyloggers are using rootkit technology.
    I sure don't know that much about shadowuser or deepfreeze but have read the threads on them.
    Would a rootkit be stopped by a program like shadowuser?
    I am sure PG would catch it if you didn't get click happy.

    Bruce
     
  13. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    I don't use ShadowUser, but according to their website, once in Shadow Mode, any changes to the system are done in a virtual snapshot and have no effect on the the system after a reboot.

    Maybe Mr. X can shed more light on SU.

    As for Deep Freeze, which I use, after reading several articles on Root Kits, I wrote their Tech support and received this answer:

    ------------------------
    Thanks for the email; any change made to the system when Deep Freeze is
    enabled will be removed upon reboot - including root kits.

    The 'super virus' that is listed in that article still needs to communicate
    with the hard disks to save information and it will be affected by our
    software just like any other application.

    Regards,

    xxxx
    Manager, Technical Support
    Faronics Technologies USA, Inc.
    ------------------------------------

    "Any other application" of course would include software keyloggers.

    ---
    Rmus
     
  14. controler

    controler Guest

    Thanks for the info.

    Then for sure you would have to install either deepfreeze or shadowuser on a very clean system.
    Why would you need PG then? Or is your virtual instance of windows still unprotected? I really can't see how even using a virtual instance of Windows is 100 percent safe. Why can't the Virtual instance still communicate with the hard drive? It has to.

    Bruce
     
  15. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    Yes.

    There are many opinions as to what else you need. SU or DF should be just the last line of defense, as it doesn't prevent malware from entering the system; it just removes it upon reboot. The decision as to whatever else you decide to use should be made according to what you feel your needs are. For more info and discussion search the forums for Deep Freeze and Shadow User.

    I can't speak to SU. I know that DF does not use a snapshot - their Tech support confirmed that to me, saying that their program operated at lower level and did not use a snapshot.

    ---
    Rmus
     
  16. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    To wolfpack et al,

    To my understanding the KGB Keylogger that was used was the "free" version so I was told. Altho my friend is not very tech savvy, that was relayed to me. ;)

    The reason the pc was reformatted is because lack of patience in me getting back to her with an answer.. just fyi. :rolleyes:

    As far as SU and DF, you guys all bring up valid points. Definitely food for thought.

    Thanks for all the replys and great links.

    Kind Regards,

    Jag
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.