Just a thought... If say a mate a work say's he has got a keylogger on my system and he can see everything i'm typing (and lets just say he's not lying). What is every check and scan i can do to find and remove it?
Printable View
Just a thought... If say a mate a work say's he has got a keylogger on my system and he can see everything i'm typing (and lets just say he's not lying). What is every check and scan i can do to find and remove it?
You can check what processes are running, look for any out of the ordinary names.Or do a full system scan with either an AV or trojan scanner (or both). Or if you have some time, look through all your startup files for anything thats you don't recognize.
A good virus scan with up to date definitions is a good start. Then I would suggest a trojan scanner like TauScan or TheCleaner incase there is more than just a simple keylogger on your system. Just as a thought, you might also want to try AdAware to see if it picks up anything suspicious.
lets say nothing picks up anything... what can you manually do?
also would it be possible to make a program that could tell you all the programs in your memory and every thing in que in the kernal, wouldn't this alert you to any new virus or trojans or keylogger or suspicious code if your virus scaners cant find anything?
Well as far as seeing what is running, bringing up the Task Manager in Windows via Ctrl Alt Del will give you a rough idea, though some keyloggers and trojans don't show up in the task manager even. If all else fails, backup all your important stuff, and reformat and reinstall, just becareful that you dont reinfect your system from your backup media.
Sygate Personal Firewall Pro alerts you if your kernal has changed, manually you could search your startup registry, im not sure about exactly where to search or what to search for, but a nice trojan scanner should detect it.
Hey Hey
if you get SpyBot's Search and Destroy (located here) and in advanced mode go to Tools.. you'll find a process list. It'll give you a complete list of what's running, and where it's located on your hard drive. You can check it out and see if anything suspicious is running.
acctually i heard if you think something sus is going on to check:
regedit,
HKEY_LOCAL_MACHINE>SOFTWARE>MICROSOFT>WINDOWS>CURRENTVERSION>RUN and look for anything out of the order there... though i wouldn't know what to look for, theres so manny sus programs insatlled im too afraid to touch...
PS. taskmaneger/processes says:
i'll just say the weird things but...
IAMAPP.exe
NAVAPW32.exe
aptezbp.exe
bgswitch.exe
SYSPROXYSVC.exe
NISUM.exe
alg.exe
spoolsv.exe
rakusb.exe
lsass.exe
winlogon.exe
csrss.exe
smss.exe
hpztsb04.exe
Type the filename in google and see what it brings up if you are concerned about something, but at least 50% of the files you listed there are general system files and pretty standard stuff..... There's some system processes (smss, csrss, winlogon)... looks like Norton AV (NAVAPW32).. you can check google for the rest..
cool thanx, but where else can i look to see if there is anything abnormal on my system.
also what sort of ports should i be looking out for in 'netstat -an' also i heard that ICMP doesn't use ports... so how does it work and how do i find if anything was using that?