How do I test for Keystroke loggers ....

Networking/Security Forums -> Spyware // Adware // Trojans Discussion

Author: websquad PostPosted: Sun Jun 13, 2010 11:27 pm    Post subject: How do I test for Keystroke loggers ....
    ----
I just had my GoDaddy.com account compromised, and the folks there suggested I may have a keystroke logger. I'm running XP/Pro 32-bit. All patches are up-to-date. I use Secunia Personal Software Inspector to help police my software status. I'm running Norton Internet Security 2010, and just did a full scan, with no hits. I also downloaded Spybot Search and Destroy and did a scan, and got a bunch of hits. I saved the report in a text file, and then had the program clean up the mess. A subsequent scan turned up empty.

Is there a better way to test for keystroke loggers? Have I done due diligence?

Thanks ...

Moderator note: moved from Exploits - capi

Author: CoreDefendLocation: USA PostPosted: Mon Jun 14, 2010 4:45 am    Post subject:
    ----
Many times, keyloggers are installed in a different "ring" of the operating system and you cannot detect or stop it from the user view.

A couple of things you can try:

1. Install another AV program.
2. If you can get physical access, boot from an AV disk and do a scan before the OS loads.
3. Install a software firewall like Comodo. This will detect all traffic. Since the keylogger needs to send its information back, the firewall will detect that traffic and notify you and let you determine if it's malicious.

When you reference due diligence are you asking for yourself or for regulatory compliance?

Thank you,

Author: websquad PostPosted: Mon Jun 14, 2010 5:48 am    Post subject:
    ----
1. Can you suggest an AntiVirus program? (Prefer one that is free .... LOL) Do you recommend Comodo Internet Security? I fail to see that it can be booted from a CD-ROM drive. Also, I have a RAID-1 configuration on both drives "C" and "D" ... if the AV boot disk boots a copy of Linux, then it will likely treat these as four physical drives instead of two logical drives.

2. I can boot from my CD-ROM ... however, note the RAID-1 issue (above).

3. You suggested the Comodo firewall .... is this superior to Norton Internet Security 2010 firewall (which I am now using)?

4. Regulatory Compliance is not an issue; however, I develop/maintain websites for 20 non-profit corporations using a pro bono business model, and feel obligated to protect their trust in me ...

Thanks ....

Author: manoj9372 PostPosted: Mon Jun 14, 2010 11:23 am    Post subject: hhhhmm
    ----
It looks you have been infected by a "FUD" key-logger
I have experienced these kind of things,

Things to do

1)look at the auto-start up for suspicious programs
if possible disable all of them for your security

2)install key-scrambler premium software
It will encrypt your key-strokes or use a virtual keyboard like "OSK"

3)use some traffic analyzer software like wire-shark and look for suspicious traffic

4)Do a hjt scan and post the results in this forum,it will be good for you.

5)Use a good fire-wall like zone-alarm premium(my recommendeation)
for your security..

hope it may help you...

Author: CoreDefendLocation: USA PostPosted: Mon Jun 14, 2010 1:53 pm    Post subject:
    ----
websquad wrote:
1. Can you suggest an AntiVirus program? (Prefer one that is free .... LOL) Do you recommend Comodo Internet Security? I fail to see that it can be booted from a CD-ROM drive. Also, I have a RAID-1 configuration on both drives "C" and "D" ... if the AV boot disk boots a copy of Linux, then it will likely treat these as four physical drives instead of two logical drives.

2. I can boot from my CD-ROM ... however, note the RAID-1 issue (above).

3. You suggested the Comodo firewall .... is this superior to Norton Internet Security 2010 firewall (which I am now using)?...


For free AV, I have been partial to Avira's AntiVir. Try using Bart's PE:

http://www.nu2.nu/pebuilder/

This is a Windows-based boot disk. You can add many plugins like AV, File Explorer, RAID drivers, etc...

I like Comodo Firewall, I have it set to "Training Mode", it alerts/annoys me, but I can verify all traffic.

Manoj9372 has a good point to check the auto-start. You can also use HijackThis for your startup items:

http://free.antivirus.com/hijackthis/

If that does not work, I would still try the boot disk option, if the keylogger was loaded with the OS, your user account might not have the rights to disable/stop/delete it.

Author: websquad PostPosted: Mon Jun 14, 2010 6:22 pm    Post subject: Reality Check
    ----
(1) In the next 3-4 days I'm scheduled to replace Windows XP/Pro 32-bit with Windows 7/Pro 64-bit, which will involve a complete rebuild of the drive "C" RAID-1 array.

(2) I have a nice new laptop that I am using to access sensitive accounts whilst this key logger thing remains undiscovered & undiagnosed.

(3) Since the XP/Pro to 7/Pro upgrade wipes the hard disk, it seems to me that my best course would be to expedite the OS upgrade, and thereby take care of any lurking malware in the process. Does this make sense?

(4) ALSO, in these posts I see no encouragement for my use of Norton Internet Security 2010 on my platforms: does this community consider that product substandard?

Thanks ...

Author: websquad PostPosted: Wed Jun 16, 2010 11:32 pm    Post subject: Windows 7 Reformat
    ----
On a forum (eVGA) associated with my motherboard and one of my two Graphics cards, one of the contributors suggested that unless I was going to get rid of my hard drives (and therefore wanted 100% protection of any personal data) I would be OK to just use Windows 7 to reformat my Drive C array and that there would be no need to break the RAID, run DBAN on both drives, and then rejoin the array.

Does this make sense?

Author: jhonas PostPosted: Fri Oct 29, 2010 12:07 pm    Post subject:
    ----
Keystroke loggers come in two types: hardware and software and they will store your passwords and other sensitive data you type. There is a better way to test and security from these keystroke loggers that is Run an antispyware scan with my preferred software. Because this antispyware software gives the full security These are the software I use on a regular basis. I recommend you do a scan with Spyware software to protect your desktop from dangerous Keystroke loggers.



Networking/Security Forums -> Spyware // Adware // Trojans Discussion


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group