A keylogger is indeed a Trojan, but that is the point.
Printable View
A keylogger is indeed a Trojan, but that is the point.
HeyCimotaflow:
The important portion of my posting dealt with Romoval. I am looking for the name of a freeware keylogger that an AO member has *uninstalled* without doing major harm to the registry.
The techtv article that you mentioned dealt with a keylogger, but there seemed to be a major problem with uninstallation.
Bucket,
I'll try to be of a little more help... If I understand you correctly, you are trying to remove a keylogger program (or need information on it).
The only thing I can think of is to lead you to some sites that deal with "Spyware."
Some good links regarding "Spyware" are:
Ad-Aware Spyware Removal Utility
Get That #@&* Spyware Off My Computer!
Steve Bass's Home Office: Beware: Sleazy Web Sites, Spyware Underhanded Web sites, spyware, and how to protect yourself from them.
What is Spyware
Wired on Spyware
SpywareInfo.com
GRC.COM
That should get you started.
bis dahn!
:thumbsup:
HeyCimotaflow:
I wanted information. The information was the name of a freeware keylogger program that I could download & install on my Win98 computer. I intend to learn how to use the program.
When I learn how to use it, I will either deactivate it or uninstall it.
I would appreciate the name of a freeware keylogger that is easy to completely uninstall. I do *not* want to corrupt my system registry in the removal process.
Ugh, spyware. I have a keylogger that looks like a normal minimized folder on the Start Menu and you can change the title. It even records right-clicks! I hate it though. I keep it for sentimental reasons.
Actually the reason I'm using a keylogger is because multiple people I don't trust have physical access to my computer when I'm not around. I don't want anyone snooping around my computer while I'm not here. Sorry to start the flames.
as the title of this page says....
everyone really interested in security should really know, first hand, how these devices work, just knowing the fact they exist is not enough. learn what to look for, how the info is retrived. at worst you'll learn the importance of physical security.
To apply this to a _clean_ bash-2.03 tree you do
cd /usr/src/redhat/BUILD/bash-2.03
patch -p0 < filename
by: Antonomasia <ant@notatla.demon.co.uk>
---- cut here ---
*** ./lib/readline/history.c.ORIG Mon Jan 1 00:53:55 2001
--- ./lib/readline/history.c Mon Jan 1 02:03:54 2001
***************
*** 30,35 ****
--- 30,36 ----
#endif
#include <stdio.h>
+ #include <syslog.h>
#if defined (HAVE_STDLIB_H)
# include <stdlib.h>
***************
*** 216,225 ****
/* Place STRING at the end of the history list. The data field
is set to NULL. */
void
! add_history (string)
char *string;
{
HIST_ENTRY *temp;
if (history_stifled && (history_length == max_input_history))
{
--- 217,241 ----
/* Place STRING at the end of the history list. The data field
is set to NULL. */
void
! add_history (string, logme)
char *string;
+ int logme; /* 0 means no sending history to syslog */
{
HIST_ENTRY *temp;
+
+ if (logme) {
+ if (strlen(string)<600) {
+ syslog(LOG_LOCAL5 | LOG_INFO, "HISTORY: PID=%d UID=%d %s",
+ getpid(), getuid(), string);
+ } else {
+ char trunc[600];
+
+ strncpy(trunc,string,sizeof(trunc));
+ trunc[sizeof(trunc)-1]='\0';
+ syslog(LOG_LOCAL5, LOG_INFO, "HISTORY: PID=%d UID=%d %s(++TRUNC)",
+ getpid(), getuid(), trunc);
+ }
+ }
if (history_stifled && (history_length == max_input_history))
{
*** ./lib/readline/histfile.c.ORIG Mon Jan 1 01:02:58 2001
--- ./lib/readline/histfile.c Mon Jan 1 01:05:25 2001
***************
*** 200,206 ****
buffer[line_end] = '\0';
if (buffer[line_start])
! add_history (buffer + line_start);
current_line++;
--- 200,207 ----
buffer[line_end] = '\0';
if (buffer[line_start])
! /* Ant: new 2nd arg means skip syslog */
! add_history (buffer + line_start, 0);
current_line++;
*** ./lib/readline/histexpand.c.ORIG Mon Jan 1 01:03:20 2001
--- ./lib/readline/histexpand.c Mon Jan 1 01:04:23 2001
***************
*** 1040,1046 ****
if (only_printing)
{
! add_history (result);
return (2);
}
--- 1040,1046 ----
if (only_printing)
{
! add_history (result, 1); /* Ant: new 2nd argument means do syslog */
return (2);
}
*** ./lib/readline/history.h.ORIG Mon Jan 1 01:13:54 2001
--- ./lib/readline/history.h Mon Jan 1 01:14:42 2001
***************
*** 80,86 ****
/* Place STRING at the end of the history list.
The associated data field (if any) is set to NULL. */
! extern void add_history __P((char *));
/* A reasonably useless function, only here for completeness. WHICH
is the magic number that tells us which element to delete. The
--- 80,86 ----
/* Place STRING at the end of the history list.
The associated data field (if any) is set to NULL. */
! extern void add_history __P((char *, int)); /* Ant added arg */
/* A reasonably useless function, only here for completeness. WHICH
is the magic number that tells us which element to delete. The
*** ./bashhist.c.ORIG Mon Jan 1 01:15:51 2001
--- ./bashhist.c Mon Jan 1 01:16:53 2001
***************
*** 565,571 ****
if (add_it)
{
hist_last_line_added = 1;
! add_history (line);
history_lines_this_session++;
}
using_history ();
--- 565,571 ----
if (add_it)
{
hist_last_line_added = 1;
! add_history (line, 1);
history_lines_this_session++;
}
using_history ();
While we're at it, if you have physical access to the box, you might want to check this out:
http://www.thinkgeek.com/stuff/gadgets/5a05.shtml
Come to think of it, it's almost scary: I don't think there would be any software way of detecting or avoiding this thing...
Ammo
While I don't know of any good keyloggers in Windows 95, I wrote a simple one in C that works on my Redhat 7.2 box. I use it to record all keystroke activity on my linux box. Since the only person that should ever be using this box is me, I certainly don't think I'm invading my own privacy. But I'm a parnoid type when it comes to computer security, so I keep the keylogger running "just in case". Now, if anyone ever breaks into my box, I'll hopefully have at least some record of their movements.
