Keylogger Question

[Guest]

A friend of our family has recently gotten a divorce, and her husband had
some computer know how. He left a computer for her to use, but increasingly
she is becoming worried that perhaps a keylogger or other some such software
has been left behind as a present because periodically he says things that
she doesn't think he should even know about. She knows that he installed
something on their daughter's pc that records information and emails it to
him, so she's worried that he might have that on her pc as well. She doesn't
know what it was, or what it was called. I know that most keyloggers with
email capability have the ability to hide from normal detection, so I was
wondering if anybody had any suggestions on where to look for this. I've
thought about maybe installing zonealarm and seeing when/if something is
trying to email information to him, etc. I also seem to remember seeing a
program on the net that would show all programs loaded/running on a system,
including items like Magic Folders. I can't find that one again, but thought
maybe somebody on here might have heard/seen it, or have any other
suggestions on tracking this down. I've thought of just blowing the box away
and reloading, but he took all of the software that they had when he moved
and they aren't exactly getting along so well that he'd let her have it all
to reload. Any suggestions would be helpful. Thanks.

 

[Wesley Vogel]

Here is a small free program for detecting keyloggers:
http://dewasoft.com/privacy/kldetector.htm

Caution: It may flag something legitimate.


--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[David H. Lipman]

From: "Johnnycat" <[email protected]>

| A friend of our family has recently gotten a divorce, and her husband had
| some computer know how. He left a computer for her to use, but increasingly
| she is becoming worried that perhaps a keylogger or other some such software
| has been left behind as a present because periodically he says things that
| she doesn't think he should even know about. She knows that he installed
| something on their daughter's pc that records information and emails it to
| him, so she's worried that he might have that on her pc as well. She doesn't
| know what it was, or what it was called. I know that most keyloggers with
| email capability have the ability to hide from normal detection, so I was
| wondering if anybody had any suggestions on where to look for this. I've
| thought about maybe installing zonealarm and seeing when/if something is
| trying to email information to him, etc. I also seem to remember seeing a
| program on the net that would show all programs loaded/running on a system,
| including items like Magic Folders. I can't find that one again, but thought
| maybe somebody on here might have heard/seen it, or have any other
| suggestions on tracking this down. I've thought of just blowing the box away
| and reloading, but he took all of the software that they had when he moved
| and they aren't exactly getting along so well that he'd let her have it all
| to reload. Any suggestions would be helpful. Thanks.

Keyloggers are Trojans and there are anti virus News Groups specifically for this type of
discussion.

microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

The following Multi AV Scanning Tool can detects 100's of Keylogging Trojans using the
scanners from four different AV vendors.

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *

 

[Steven L Umbach]

IMHO in such case the computer must have the operating system installed with
a pristine install of the operating system to a formatted hard drive. There
are just too many things that could be compromised on that computer of which
no scan program may detect and it seems to be used in a situation where one
wants to insure privacy. Since all the software is missing it may be best to
buy a new cheap computer. Today's cheapest computers are more powerful than
the fastest personal computers of a couple years ago so there is no need in
90 percent of cases to get anything better. Any new install or new computer
needs to have the Windows Firewall enabled, and strong passwords assigned to
all user accounts including and especially the built in administrator
account before any network cable is plugged into it.

Steve

 

[Carey Frisch [MVP]]

Logging other people's keystroke or breaking into other people's computer without their knowledge can be considered as an illegal
activity by many American courts.


Carey Frisch
Microsoft MVP
Windows - Shell/User


Enjoy all the benefits of genuine Microsoft software:
http://www.microsoft.com/genuine/default.mspx

---------------------------------------------------------------------------­---------------------------------

|A friend of our family has recently gotten a divorce, and her husband had
| some computer know how. He left a computer for her to use, but increasingly
| she is becoming worried that perhaps a keylogger or other some such software
| has been left behind as a present because periodically he says things that
| she doesn't think he should even know about. She knows that he installed
| something on their daughter's pc that records information and emails it to
| him, so she's worried that he might have that on her pc as well. She doesn't
| know what it was, or what it was called. I know that most keyloggers with
| email capability have the ability to hide from normal detection, so I was
| wondering if anybody had any suggestions on where to look for this. I've
| thought about maybe installing zonealarm and seeing when/if something is
| trying to email information to him, etc. I also seem to remember seeing a
| program on the net that would show all programs loaded/running on a system,
| including items like Magic Folders. I can't find that one again, but thought
| maybe somebody on here might have heard/seen it, or have any other
| suggestions on tracking this down. I've thought of just blowing the box away
| and reloading, but he took all of the software that they had when he moved
| and they aren't exactly getting along so well that he'd let her have it all
| to reload. Any suggestions would be helpful. Thanks.

 

[Ivor Jones]

Logging other people's keystroke or breaking into other
people's computer without their knowledge can be
considered as an illegal activity by many American
courts.

As if the criminals care about that..!

Ivor

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on Usenet and in e-mail?

 

[peter]

A friend of our family has recently gotten a divorce, and her husband had
some computer know how. He left a computer for her to use, but
increasingly
she is becoming worried that perhaps a keylogger or other some such
software
has been left behind as a present because periodically he says things that
she doesn't think he should even know about. She knows that he installed
something on their daughter's pc that records information and emails it to
him, so she's worried that he might have that on her pc as well. She
doesn't
know what it was, or what it was called. I know that most keyloggers with
email capability have the ability to hide from normal detection, so I was
wondering if anybody had any suggestions on where to look for this. I've
thought about maybe installing zonealarm and seeing when/if something is
trying to email information to him, etc. I also seem to remember seeing a
program on the net that would show all programs loaded/running on a
system,
including items like Magic Folders. I can't find that one again, but
thought
maybe somebody on here might have heard/seen it, or have any other
suggestions on tracking this down. I've thought of just blowing the box
away
and reloading, but he took all of the software that they had when he moved
and they aren't exactly getting along so well that he'd let her have it
all
to reload. Any suggestions would be helpful. Thanks.

I am surprised your friend keep using the computer despite the fear that
keylogger may be installed.
My suggestions:
(1) replace the hard disk and re-install the OS and other software on the
new hard disk. Copy over any data from the old drive (data only, not
programs). This is cheaper than buying a new PC but has the same level of
security. This serves two purposes: by installing a new OS on a new drive,
there is no possibility of any malware. Plus, the old drive is preserved so
that you can analyze it for keylogger or what not and use it as evidence. If
she doesn't want to bother with re-installing, then buy a new PC. Do not
throw or give the old PC away. Either keep the old hard disk as potential
evidence, or erase it totally, not just formatting it.

(2) change all passwords on all email accounts, bank accounts, credit card
accounts, etc. Perhaps the ex has her email password.

If getting back the old software is an issue, ... post the question in a
divorce court newsgroup.

 

[null2006]

Keyloggers are Trojans and there are anti virus News Groups specifically for this type of
discussion.

FYI - not all keyloggers are Trojans. They can be legitimate programs installed with the
owners knowledge and consent. A keylogger can also be a piece of hardware placed between the
keyboard plug and the port on the PC.

 

[null2006]

Logging other people's keystroke or breaking into other people's computer without their knowledge can be considered as an illegal
activity by many American courts.

Carey Frisch
Microsoft MVP
Windows - Shell/User

Couple of things:

1. Are you an attorney?

2. Since her ex left her the computer to use, there are numerous situations that one can imagine where the keylogging program (if
it's actually there) is legitimate and might stand up in court. For example, he (as the actual owner of the PC) may have installed it
prior to their separation. I don't know if I'd want to go chasing this particular wild goose.

 

[Carey Frisch [MVP]]

The legality or illegality of using monitoring (and spyware and key logger)
programs depends on the legislation of each particular country
(or administrative unit, i.e. state, autonomous republic, etc.)
and also on following the rules of using these programs prescribed by the law.


--
Carey Frisch
Microsoft MVP
Windows - Shell/User

Enjoy all the benefits of genuine Microsoft software:
http://www.microsoft.com/genuine/default.mspx

---------------------------------------------------------------------------­---------------------------------

|
|
| "Carey Frisch [MVP]" wrote:
|
| > Logging other people's keystroke or breaking into other people's computer without their knowledge can be considered as an
illegal
| > activity by many American courts.
| >
| > Carey Frisch
| > Microsoft MVP
| > Windows - Shell/User
|
| Couple of things:
|
| 1. Are you an attorney?
|
| 2. Since her ex left her the computer to use, there are numerous situations that one can imagine where the keylogging program (if
| it's actually there) is legitimate and might stand up in court. For example, he (as the actual owner of the PC) may have installed
it
| prior to their separation. I don't know if I'd want to go chasing this particular wild goose.
|
|
|

 

[null2006]

The legality or illegality of using monitoring (and spyware and key logger)
programs depends on the legislation of each particular country
(or administrative unit, i.e. state, autonomous republic, etc.)
and also on following the rules of using these programs prescribed by the law.

So, you ARE dispensing legal advice?!

I would suggest sticking to your area of expertise, and let the lawyers fight this one.

 

[David H. Lipman]

From: "null2006" <[email protected]>

|
| "David H. Lipman" wrote:
||
| FYI - not all keyloggers are Trojans. They can be legitimate programs installed with the
| owners knowledge and consent. A keylogger can also be a piece of hardware placed between
| the keyboard plug and the port on the PC.

NONE are legitimate in the eyes of anti malware personnel -- NONE !

 

[David H. Lipman]

From: "null2006" <[email protected]>

|
| "Carey Frisch [MVP]" wrote:
||
| So, you ARE dispensing legal advice?!
|
| I would suggest sticking to your area of expertise, and let the lawyers fight this one.

Carey is correct !

The ONLY legal situation is an employer who puts this software on THEIR OWN equipment.

That is not the case here and in fact there is already legal precedence.

 

[Wesley Vogel]

What about parents spying on their children?

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[David H. Lipman]

From: "Wesley Vogel" <[email protected]>

| What about parents spying on their children?
|

OK that's most likely legal also but...
I think its unethical and the wrong approach.

 

[Steven L Umbach]

Last I heard that was legal and many of us parents consider that an
obligation and is a part of parenting. I don't consider it spying but
consider it monitoring. Generally the parent is the owner of the computer
anyhow.

Steve

 

[null2006]

From: "Wesley Vogel" <[email protected]>

| What about parents spying on their children?
|

OK that's most likely legal also but...
I think its unethical and the wrong approach.

Providing legal advice/direction when you aren't an attorney is one wild
goose that I wouldn't want to chase.

As to ethics, I'm not so sure that it's unethical - the health and
safety of one's children is a parent's primary responsibility.

As I said, there are numerous situations that one can reasonably imagine
where it would probably not be a criminal act. Carey should have simply
instructed the poster to: either have an IT professional go over her
computer and consult an attorney if a keylogger is found, or wipe the
hard drive and reinstall after confirming that a hardware keylogger
isn't installed.

 

[null2006]

From: "null2006" <[email protected]>

|
| "David H. Lipman" wrote:
|
|
| FYI - not all keyloggers are Trojans. They can be legitimate programs installed with the
| owners knowledge and consent. A keylogger can also be a piece of hardware placed between
| the keyboard plug and the port on the PC.

NONE are legitimate in the eyes of anti malware personnel -- NONE !

I wholeheartedly disagree with your statement...by common definition, malware is software (not
hardware) that is installed without the user's or owner's conscious consent. In the situation
that I stated, it is not malware and anti-malware personnel WOULD NOT disagree with me.

 

[David H. Lipman]

From: "null2006" <[email protected]>


|
| I wholeheartedly disagree with your statement...by common definition, malware is software
| (not hardware) that is installed without the user's or owner's conscious consent. In the
| situation that I stated, it is not malware and anti-malware personnel WOULD NOT disagree
| with me.

malware is "bad" computer related "wares".
Usually applied to soft-"ware" but can be equally applied to hard-"ware".

Your definition is off to say the least.

 

[David H. Lipman]

From: "null2006" <[email protected]>


|
| Providing legal advice/direction when you aren't an attorney is one wild
| goose that I wouldn't want to chase.
|
| As to ethics, I'm not so sure that it's unethical - the health and
| safety of one's children is a parent's primary responsibility.
|
| As I said, there are numerous situations that one can reasonably imagine
| where it would probably not be a criminal act. Carey should have simply
| instructed the poster to: either have an IT professional go over her
| computer and consult an attorney if a keylogger is found, or wipe the
| hard drive and reinstall after confirming that a hardware keylogger
| isn't installed.

I'll tell you what...
Install a Keylogger on you neighbour's computer and see what happens !

Parents need to educate their offspring create an air of trust. Installing a Keylogger will
not foster trust. It will produce the opposite effect. Parents need to prevent bad
activity, not monitor their activity and take action after the fact. Prevention is the
important theme here !