Keylogger found user names/passwords

Hi! .. I tried a keylogging proggy (Spylo) on the PC, to check out useage. 98SE and IE6.
It immediately found old pass names and passwords in the system, from at least a year ago!! And some of them aint good to keep
I tried unchecking the auto fill in forms stuff, etc.
Where are they, and can anything be done about SELECTIVELY wiping them?
You need more details?
Thanks, and keep up the good work!

Al bags in the rural plains of the UK.

 

HI Bags and welcome

Well, I don't know about selectively wiping UserNames/Passwords, but you are already in the right forum for the program to wipe them all...

MRUBlaster. It will clean your history, MRU's [Most Recently Used] tracks very well, also Cache, IE Temp files if you like. Cookies [You CAN selectively keep the ones you want.]

I would opt for that to wipe out all traces. You also have the option to have a number of "passes" to write data over the old so it cannot be retrieved [not under normal means anyway].

http://www.wilderssecurity.net/mrublaster.html

What it can do [from site]:

Protect your privacy - MRU-Blaster can detect and clean over 25,000 MRU lists and other stores of hidden information on your computer!

Each time you use it, it wipes out all Passwords, etc. so keeps your system private. Also drop-down listings which can tell others where you've been etc.

Cheers, TAS

 

I've been using MRU blaster for some time now so I decided to download Spylo too to see if MRU is actually removing passwords and keystrokes.

Well TAS, it does not. All keystrokes, online passwords as well as pgp passwords remained logged in Spylo after MRU scan, clean, and computer shutdown and restart. Beware.

Please inform if there's a workaround on this via MRU except to determine if someone has secretly loaded this type of software on my system.

J.K.

 

HI John K.

Well that's interesting. I am going by simply when I do a scan with MRU, and then go to a forum, I have lost all my preferences for that forum and I have to re-log back in, UserName/Password.

So it's obviously removing them for that, but what I would like to know is where it's putting them then, if you say you can still see them with this Spylo. I have MRU set to do multiple passes also, so would like to test this.

Got an addy?
Would like to see for myself.

Cheers, TAS

EDIT: Reading your post, you say it remained "logged in Spylo" etc. after a MRU Scan.
Does this mean it's just a logfile within Spylo itself, or you DID ANOTHER SCAN with this program and it STILL PICKED UP ALL THE INFO.

Judging by the wording of your post it could simply be just a log file in Spylo giving all the info. This of course would be acceptable, as it's purely a LOG FILE [plain text] and therefore MRU Scan would NOT detect and delete.

If this is NOT the case, then it's a mystery, as I am sure Javacool would be interested.

TAS

 

Hi again ..
Heres what I found out..
Spylo, amongst others I tried, like Spector, Kee..something .. retrieve this data .. passwords, logins, from some (binary?) string in the Registry. It found an entry from 2002 on mine.
Now, I use Usenet, and found a programme called "Internet Explorer Password revealer" I d/loaded and ran it .. found loads of stuff, including the passwords, names, all search entries and logins, and inside leg measurements, etc. (Contact me if you want the prog.)
It will selectively modify or delete entries, export to clpbrd, text file, etc.
Thats it so far!

Makes you wonder what XP gets up to under that pretty shell!

PS Ive been lurking for a year, and used MRUB for quite a while, and even Paypal'd this proggy!

SYL Al.

 

download spylo from

http://www.simtel.net/pub/pd/60899.html

or

http://download.com.com/3000-2092-10190777.html

and see for yourself.

The program does 2 things:

(1) keeps a key stroke log,

(2) saves screen shots as jpg images. The jpgs are easy enough to find in the prog directory. The key stroke log is invisible (at least to me) and is its most dangereous feature and which I found that mru-blaster does not remove. How and where this info is stored is beyond me.

I removed the program because its a performance drag saving all those screen shots, but what if its installed as a trojan?

 

Sound like this one? (See screenshot).

If so, already detected by SpyCop. Pete

 

Yes, the function is here, but I am not able to go there - see Plug-ins problems thread - I am lucky i was ONCE able to go to Plugins and enable Cookie Blaster and IE Temp Files Blaster - that was the ONLY time I was able to go to Plugins, the other times the Plugins screen TRIES to appear, but only its outline becomes visible... and - see the Plug-ins problem thread

 

Another program to look at password stored by IE, OE and MSN :
http://riedersoft.myftp.org:85/~users/nirsoft/utils/pspv.html