keystroke logging

[Guest]

About keystroke logging-
if you suspect it might be on your computer, if someone might have done that
what are some of the signs that the computer has it.
Ive read it can be transmitted to a computer without actually coming in
contact with the pc, like it can be done through sending a greeting card, etc

keystorke logging programs can send saved documents to whoever might be
doing this, because this program records every key stroke you make-
Can it record/send documents that are not saved, like when you're just
typing in Word, and just exit it without not saving?

 

[Steven L Umbach]

Yes a keyboard logger could capture every keystroke you make and thus would
have information from documents that are never saved as a file. Keyboard
loggers can be hard to detect. Antivirus scanners may not look for a
keyboard logger but many spyware programs do. In particular I would scan
with AdAware SE, Spybot Search and Destroy, and Ewido being sure to use the
latest definitions for anything you scan with. Your virus scanner should
also be configured to scan any email attachment you receive. Many I know
scan daily for spyware. --- Steve

http://www.microsoft.com/athome/security/protect/windowsxpsp2/Default.mspx
--- Protect Your PC tips and links to dealing with spyware and malware
http://www.lavasoft.de/software/adaware/ --- AdAware SE
http://www.ewido.net/en/ --- Ewido

 

[null2006]

Keystroke logging will typically create a file on the hard drive to record the
data in. You might be able to locate such a file by doing a search of the hard
drive by date - it would have the current date on the file if it were running at
all times.

Another type of key logger is a small device that is connected to the back of
your PC in between the keyboard cable and the PC. In order for the person who
placed the device there to read the info on it, they would have to retrieve the
device from the PC.

There may be key loggers that send data 'live' to another PC somewhere, but I'm
not aware of any. You might be able to locate such a logger (or one that writes
to a file) by checking Task Manager to see what is running on the PC.

 

[David H. Lipman]

From: "Steven L Umbach" <[email protected]>

| Yes a keyboard logger could capture every keystroke you make and thus would
| have information from documents that are never saved as a file. Keyboard
| loggers can be hard to detect. Antivirus scanners may not look for a
| keyboard logger but many spyware programs do. In particular I would scan
| with AdAware SE, Spybot Search and Destroy, and Ewido being sure to use the
| latest definitions for anything you scan with. Your virus scanner should
| also be configured to scan any email attachment you receive. Many I know
| scan daily for spyware. --- Steve
|
| http://www.microsoft.com/athome/security/protect/windowsxpsp2/Default.mspx
| --- Protect Your PC tips and links to dealing with spyware and malware
| http://www.lavasoft.de/software/adaware/ --- AdAware SE
| http://www.ewido.net/en/ --- Ewido
|


The major player anti virus vendors do very well at Keylogging Trojans.

McAfee lists hundreds of Keyloggers and their respective variants.

 

[David H. Lipman]

From: "xp05" <[email protected]>

| About keystroke logging-
| if you suspect it might be on your computer, if someone might have done that
| what are some of the signs that the computer has it.
| Ive read it can be transmitted to a computer without actually coming in
| contact with the pc, like it can be done through sending a greeting card, etc
|
| keystorke logging programs can send saved documents to whoever might be
| doing this, because this program records every key stroke you make-
| Can it record/send documents that are not saved, like when you're just
| typing in Word, and just exit it without not saving?

For futrure reference:
Keylogging Trojans are a type of malware and it is *best* to ask about malware in anti
malware News Groups such as the following...

alt.privacy.spyware
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

Most, if not all, affected users will NOT know that a Keylogging Trojan is installed. If
they had an indication thet it was installed by the user then it would be self defeating.
Therefore Keylogging Trojans tend to be rather stealthy with some using RootKit technology
( such as the Backdoor.Haxdoor ). So there will be no signs other than maybe connection to
some oddball web site peridically. By that time it is TOO LATE and your information,
privacy and accounts are compramised. Keylogging Trojans will capture keystrokes, save them
in a disk file and send the disk file to a third party server or open a backdoor top gthe
computer where a third party could remoteley access said data.

Keyloggers do not send data files. By definition, they only capture keystrokes. Those
Keystrokes could be accessing your online bank. Now there *may* be other forms of malware
that *may* capture MS Office Documents but it would NOT be a Keylogging Trojan.

You can use the following Multi AV Scanning Tool for the detection and removal of many forms
of malware.

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm

* * * Please report back your results * * *

 

[Steven L Umbach]

Thanks for that info. --- Steve

 

[Guest]

well my question is that can a person install a key logging program into a
laptop without any devices, like without physical access to the laptop.
and if so, how; like how can the program have been installed without the
user noticing it.

what type of file would you search for in the hard drive.

 

[David H. Lipman]

From: "xp05" <[email protected]>

| well my question is that can a person install a key logging program into a
| laptop without any devices, like without physical access to the laptop.
| and if so, how; like how can the program have been installed without the
| user noticing it.
|
| what type of file would you search for in the hard drive.

If it has email or Internet access -- Yes. A Keylogging Trojan can be installed.

Use the following to see if there is a Keylogging Trojan or other malware installed...


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *

 

[hammer1sj]

Hello,

Privacy Keyboard is a nice way to protect data from all keyloggers
(software and even hardware). Unlike the majority of anti-spyware, is
doesn't use signature bases, but is built on heuristic analysis. It
let's you not be afraid of rare or newest keyloggers (you don't need to
wait until it is added to signature bases).

the app can be found at
http://download.softsecurity.com/3/14/prvkbd.zip

regards,
Steven

 

[Guest]

First follow the instructions that D.H. Lipman provided, also look for
Netware Client and Netmon installed in your Lan connection properties .
Msoft identified Windows XP was vulnerable to attacks and system control
with Netware.

Microsoft Security Bulletin MS05-046
Vulnerability in the Client Service for NetWare Could Allow Remote Code
Execution (899589)

File Name: WindowsXP-KB899589-x86-ENU.exe

Also verify if Service settings are maintained or revert back after you make
a modification. I noticed this was an issue once upon a time on my system,
started looking around (cmd line: arp -a or -g / cmd line: netstat ) .

Depending the extent of the "Hack", if you discover that the above is true,
verify if you are being used as a server for some "Vandal".

regards,

Wave