Keylogger found user names/passwords

Discussion in 'MRU Blaster Forum' started by Bags, Jun 26, 2003.

Thread Status:
Not open for further replies.
  1. Bags

    Bags Registered Member

    Joined:
    Jun 26, 2003
    Posts:
    2
    Location:
    Rural plains of England .. Where the cows live
    :eek:

    Hi! .. I tried a keylogging proggy (Spylo) on the PC, to check out useage. 98SE and IE6.
    It immediately found old pass names and passwords in the system, from at least a year ago!! And some of them aint good to keep :p
    I tried unchecking the auto fill in forms stuff, etc.
    Where are they, and can anything be done about SELECTIVELY wiping them?
    You need more details?
    Thanks, and keep up the good work!

    Al bags in the rural plains of the UK.
     
  2. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    HI Bags and welcome :)

    Well, I don't know about selectively wiping UserNames/Passwords, but you are already in the right forum for the program to wipe them all...

    MRUBlaster. It will clean your history, MRU's [Most Recently Used] tracks very well, also Cache, IE Temp files if you like. Cookies [You CAN selectively keep the ones you want.]

    I would opt for that to wipe out all traces. You also have the option to have a number of "passes" to write data over the old so it cannot be retrieved [not under normal means anyway].

    http://www.wilderssecurity.net/mrublaster.html

    What it can do [from site]:

    Protect your privacy - MRU-Blaster can detect and clean over 25,000 MRU lists and other stores of hidden information on your computer!

    Each time you use it, it wipes out all Passwords, etc. so keeps your system private. Also drop-down listings which can tell others where you've been etc.

    Cheers, TAS
     
  3. John K.

    John K. Guest

    I've been using MRU blaster for some time now so I decided to download Spylo too to see if MRU is actually removing passwords and keystrokes.

    Well TAS, it does not. All keystrokes, online passwords as well as pgp passwords remained logged in Spylo after MRU scan, clean, and computer shutdown and restart. Beware.

    Please inform if there's a workaround on this via MRU except to determine if someone has secretly loaded this type of software on my system.

    J.K.
     
  4. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    HI John K.

    Well that's interesting. I am going by simply when I do a scan with MRU, and then go to a forum, I have lost all my preferences for that forum and I have to re-log back in, UserName/Password.

    So it's obviously removing them for that, but what I would like to know is where it's putting them then, if you say you can still see them with this Spylo. I have MRU set to do multiple passes also, so would like to test this.

    Got an addy?
    Would like to see for myself. :)

    Cheers, TAS

    EDIT: Reading your post, you say it remained "logged in Spylo" etc. after a MRU Scan.
    Does this mean it's just a logfile within Spylo itself, or you DID ANOTHER SCAN with this program and it STILL PICKED UP ALL THE INFO.

    Judging by the wording of your post it could simply be just a log file in Spylo giving all the info. This of course would be acceptable, as it's purely a LOG FILE [plain text] and therefore MRU Scan would NOT detect and delete.

    If this is NOT the case, then it's a mystery, as I am sure Javacool would be interested. :)

    TAS
     
  5. Bags

    Bags Registered Member

    Joined:
    Jun 26, 2003
    Posts:
    2
    Location:
    Rural plains of England .. Where the cows live
    Hi again ..
    Heres what I found out..
    Spylo, amongst others I tried, like Spector, Kee..something .. retrieve this data .. passwords, logins, from some (binary?) string in the Registry. It found an entry from 2002 on mine.
    Now, I use Usenet, and found a programme called "Internet Explorer Password revealer" I d/loaded and ran it .. found loads of stuff, including the passwords, names, all search entries and logins, and inside leg measurements, etc. (Contact me if you want the prog.)
    It will selectively modify or delete entries, export to clpbrd, text file, etc.
    Thats it so far!

    o_O Makes you wonder what XP gets up to under that pretty shell! :doubt:

    PS Ive been lurking for a year, and used MRUB for quite a while, and even Paypal'd this proggy! ;) :D

    SYL Al.
     
  6. John K.

    John K. Guest

    download spylo from

    http://www.simtel.net/pub/pd/60899.html

    or

    http://download.com.com/3000-2092-10190777.html

    and see for yourself.

    The program does 2 things:

    (1) keeps a key stroke log,

    (2) saves screen shots as jpg images. The jpgs are easy enough to find in the prog directory. The key stroke log is invisible (at least to me) and is its most dangereous feature and which I found that mru-blaster does not remove. How and where this info is stored is beyond me.

    I removed the program because its a performance drag saving all those screen shots, but what if its installed as a trojan?
     
  7. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Sound like this one? (See screenshot).

    If so, already detected by SpyCop. Pete
     

    Attached Files:

  8. Zidane

    Zidane Registered Member

    Joined:
    Jul 12, 2003
    Posts:
    63
    Location:
    Czech Republic, Europe, World, Space
    Yes, the function is here, but I am not able to go there - see Plug-ins problems thread - I am lucky i was ONCE able to go to Plugins and enable Cookie Blaster and IE Temp Files Blaster - that was the ONLY time I was able to go to Plugins, the other times the Plugins screen TRIES to appear, but only its outline becomes visible... and - see the Plug-ins problem thread :)
     
  9. Florent

    Florent Guest

Loading...
Thread Status:
Not open for further replies.