How to tell if keyloggers and real spyware implanted?

Discussion in 'other security issues & news' started by InsuranceGuy, Jun 17, 2005.

Thread Status:
Not open for further replies.
  1. InsuranceGuy

    InsuranceGuy Registered Member

    Joined:
    Jun 17, 2005
    Posts:
    2
    If someone had physical control of my computer and loaded keylogging and password recovery software on my computer, how do I find it?

    I ran Hijackthis, spybot search and destroy as well as Adaware and everything looks clean.

    Is it possible that I still have something that will save my passwords against my will as well as logging my keystrokes? Even if it isn't emailed, if this person accesses my computer, can they recover this info?

    TIA
     
  2. wolfpack

    wolfpack Guest

    If your looking for a keylogger with Spybot or Ad-aware, your not likely to find it with these programs. They're good at finding general spyware, but not too good at finding keyloggers.

    And if you don't know what your doing with Hijackthis you should be very careful what you delete with it. It would be best to post a hijackthis log at a qualified forum and let the experts there examine it. They will be able to properly notify you of what you can and cannot delete with it, if any keylogger is found on your system. Here's one such forum http://www.dslreports.com/forum/security But sadly even Hijackthis won't find everything so here's a few other programs that excel at sniffing out hidden keylogger and trojan programs.

    First I would recommend downloading and running the free 30 day trial of Security Task Manager http://www.neuber.com/taskmanager/index.html This program is very good at finding keyloggers and other trojan type software. Runs on 98/ME/2k/XP.

    Also I would suggest the free trial of Unhackme to find any harder to find rootkit like keyloggers that may be lurking on your system. Only works on 2k/XP. http://www.greatis.com/unhackme/index.html

    Another good free program for finding trojans and some spyware/riskware is Ewido Security Suite. http://www.ewido.net/en It's only for 2K/XP operating systems though, so if your running an older OS you won't be able to use it.

    But A2 (another free anti-trojan) will run on 98/ME/2K/XP and you may find it helpful as well. http://www.emsisoft.com/en/software/free

    And if someone has physical access to your computer, and you think you may be the victim of a hardware keylogger, take a look here for some info on hardware keyloggers. http://www.keyghost.com/Index.htm (link originally posted by Paranoid here https://www.wilderssecurity.com/showthread.php?t=84679 ).

    Best of luck, and let us know how things go.
     
  3. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
  4. wondering1

    wondering1 Guest

    Hi Richrf,

    Could you elaborate on how we can use SI Filemon to detect malware or keyloggers? What are we looking for? I mean, any examples of what we should be looking for?

    For example, let's say I did have a keylogger, or other password stealing program on my computer, what entries should I be looking for in Filemon? I'm new to this tool so I'm just looking for any help on how to use it effectively and properly to detect malware.

    Thanks for your time and help.
     
  5. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Hi InsuranceGuy, Welcome To The Forums!

    Wish I had some easy answers for you, but it's all about research.
    You might have a look at the Intrusion Detection FAQ among many other fine Articles & Tutorials.

    In response to your final questions .... yes, and you tell me?

    There is a literal plethora of tools available that, while originally engineered for network diagnostics ....
    are the same ones used and modified by those with too much time on their hands.


    Hi wondering1,

    Lacking quality time with Filemon, you may find Reverse-Engineering Malware of interest.
    Here you'll find a brief example using both Filemon and Regmon under System Monitors.



    Best to you both,
    GF
     
    Last edited: Jun 18, 2005
  6. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    Even though I have not installed or used this, I have heard it is quite effective at not only determining if a rootkit is installed, but at (supposedly) removing all of it as well:

    F-Secure Blacklight

    It is still in beta for another couple of weeks, and then I believe will not be available as a standalone, but rather will be incorporated into other F-Secure products. If you think you might have a rootkit, it might be worth a try to test it out (and then give us a full report on how effective and worthy you think it is for others to try ;) )
     
  7. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi,

    In message #14 of this thread, Paranoid2000 suggests a way that Process Explorer and Filemon may be helpful in detecting keylogger processes.

    https://www.wilderssecurity.com/showthread.php?t=83939&highlight=filemon

    Hope this helps,
    Rich
     
  8. InsuranceGuy

    InsuranceGuy Registered Member

    Joined:
    Jun 17, 2005
    Posts:
    2
    Lots of good stuff posted here.

    I will run a few of them and see what happens.

    Quick question, is it possible to search for files altered on a certain day?
    If I know the unauthorized access was on a specific day, what kind of files would I search for that were altered on that day?
     
Loading...
Thread Status:
Not open for further replies.