• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

How do I test for Keystroke loggers ....

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Spyware // Adware // Trojans Discussion

View previous topic :: View next topic  
Author Message
websquad
Just Arrived
Just Arrived


Joined: 13 Jun 2010
Posts: 0


Offline

PostPosted: Sun Jun 13, 2010 11:27 pm    Post subject: How do I test for Keystroke loggers .... Reply with quote

I just had my GoDaddy.com account compromised, and the folks there suggested I may have a keystroke logger. I'm running XP/Pro 32-bit. All patches are up-to-date. I use Secunia Personal Software Inspector to help police my software status. I'm running Norton Internet Security 2010, and just did a full scan, with no hits. I also downloaded Spybot Search and Destroy and did a scan, and got a bunch of hits. I saved the report in a text file, and then had the program clean up the mess. A subsequent scan turned up empty.

Is there a better way to test for keystroke loggers? Have I done due diligence?

Thanks ...

Moderator note: moved from Exploits - capi
Back to top
View user's profile Send private message
CoreDefend
Forum Fanatic
Forum Fanatic


Joined: 25 May 2010
Posts: 16777215
Location: USA

Offline

PostPosted: Mon Jun 14, 2010 4:45 am    Post subject: Reply with quote

Many times, keyloggers are installed in a different "ring" of the operating system and you cannot detect or stop it from the user view.

A couple of things you can try:

1. Install another AV program.
2. If you can get physical access, boot from an AV disk and do a scan before the OS loads.
3. Install a software firewall like Comodo. This will detect all traffic. Since the keylogger needs to send its information back, the firewall will detect that traffic and notify you and let you determine if it's malicious.

When you reference due diligence are you asking for yourself or for regulatory compliance?

Thank you,
Back to top
View user's profile Send private message Visit poster's website
websquad
Just Arrived
Just Arrived


Joined: 13 Jun 2010
Posts: 0


Offline

PostPosted: Mon Jun 14, 2010 5:48 am    Post subject: Reply with quote

1. Can you suggest an AntiVirus program? (Prefer one that is free .... LOL) Do you recommend Comodo Internet Security? I fail to see that it can be booted from a CD-ROM drive. Also, I have a RAID-1 configuration on both drives "C" and "D" ... if the AV boot disk boots a copy of Linux, then it will likely treat these as four physical drives instead of two logical drives.

2. I can boot from my CD-ROM ... however, note the RAID-1 issue (above).

3. You suggested the Comodo firewall .... is this superior to Norton Internet Security 2010 firewall (which I am now using)?

4. Regulatory Compliance is not an issue; however, I develop/maintain websites for 20 non-profit corporations using a pro bono business model, and feel obligated to protect their trust in me ...

Thanks ....
Back to top
View user's profile Send private message
manoj9372
Just Arrived
Just Arrived


Joined: 04 May 2010
Posts: 0


Offline

PostPosted: Mon Jun 14, 2010 11:23 am    Post subject: hhhhmm Reply with quote

It looks you have been infected by a "FUD" key-logger
I have experienced these kind of things,

Things to do

1)look at the auto-start up for suspicious programs
if possible disable all of them for your security

2)install key-scrambler premium software
It will encrypt your key-strokes or use a virtual keyboard like "OSK"

3)use some traffic analyzer software like wire-shark and look for suspicious traffic

4)Do a hjt scan and post the results in this forum,it will be good for you.

5)Use a good fire-wall like zone-alarm premium(my recommendeation)
for your security..

hope it may help you...
Back to top
View user's profile Send private message
CoreDefend
Forum Fanatic
Forum Fanatic


Joined: 25 May 2010
Posts: 16777215
Location: USA

Offline

PostPosted: Mon Jun 14, 2010 1:53 pm    Post subject: Reply with quote

websquad wrote:
1. Can you suggest an AntiVirus program? (Prefer one that is free .... LOL) Do you recommend Comodo Internet Security? I fail to see that it can be booted from a CD-ROM drive. Also, I have a RAID-1 configuration on both drives "C" and "D" ... if the AV boot disk boots a copy of Linux, then it will likely treat these as four physical drives instead of two logical drives.

2. I can boot from my CD-ROM ... however, note the RAID-1 issue (above).

3. You suggested the Comodo firewall .... is this superior to Norton Internet Security 2010 firewall (which I am now using)?...


For free AV, I have been partial to Avira's AntiVir. Try using Bart's PE:

http://www.nu2.nu/pebuilder/

This is a Windows-based boot disk. You can add many plugins like AV, File Explorer, RAID drivers, etc...

I like Comodo Firewall, I have it set to "Training Mode", it alerts/annoys me, but I can verify all traffic.

Manoj9372 has a good point to check the auto-start. You can also use HijackThis for your startup items:

http://free.antivirus.com/hijackthis/

If that does not work, I would still try the boot disk option, if the keylogger was loaded with the OS, your user account might not have the rights to disable/stop/delete it.
Back to top
View user's profile Send private message Visit poster's website
websquad
Just Arrived
Just Arrived


Joined: 13 Jun 2010
Posts: 0


Offline

PostPosted: Mon Jun 14, 2010 6:22 pm    Post subject: Reality Check Reply with quote

(1) In the next 3-4 days I'm scheduled to replace Windows XP/Pro 32-bit with Windows 7/Pro 64-bit, which will involve a complete rebuild of the drive "C" RAID-1 array.

(2) I have a nice new laptop that I am using to access sensitive accounts whilst this key logger thing remains undiscovered & undiagnosed.

(3) Since the XP/Pro to 7/Pro upgrade wipes the hard disk, it seems to me that my best course would be to expedite the OS upgrade, and thereby take care of any lurking malware in the process. Does this make sense?

(4) ALSO, in these posts I see no encouragement for my use of Norton Internet Security 2010 on my platforms: does this community consider that product substandard?

Thanks ...
Back to top
View user's profile Send private message
websquad
Just Arrived
Just Arrived


Joined: 13 Jun 2010
Posts: 0


Offline

PostPosted: Wed Jun 16, 2010 11:32 pm    Post subject: Windows 7 Reformat Reply with quote

On a forum (eVGA) associated with my motherboard and one of my two Graphics cards, one of the contributors suggested that unless I was going to get rid of my hard drives (and therefore wanted 100% protection of any personal data) I would be OK to just use Windows 7 to reformat my Drive C array and that there would be no need to break the RAID, run DBAN on both drives, and then rejoin the array.

Does this make sense?
Back to top
View user's profile Send private message
jhonas
Forum Fanatic
Forum Fanatic


Joined: 11 Oct 2010
Posts: 16777215


Offline

PostPosted: Fri Oct 29, 2010 12:07 pm    Post subject: Reply with quote

Keystroke loggers come in two types: hardware and software and they will store your passwords and other sensitive data you type. There is a better way to test and security from these keystroke loggers that is Run an antispyware scan with my preferred software. Because this antispyware software gives the full security These are the software I use on a regular basis. I recommend you do a scan with Spyware software to protect your desktop from dangerous Keystroke loggers.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Spyware // Adware // Trojans Discussion All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register