October 16th, 2001, 01:50 AM
How can I tell if there is a key logger installed on a windows 2k box. We have about fifty and I was wondering how to tell if the Kids put keyloggers on them.
October 16th, 2001, 02:00 AM
Uhm... I dunno about 2k, but there are several scanning software tools out there made specifically for keyloggers and trojans, such as The Cleaner (www.moosoft.com) and Tauscan (www.agnitum.com) (Those two are free)
[HvC]Terr: L33T Technical Proficiency
October 16th, 2001, 02:04 AM
It is hard to tell due to the many different ways that the different keyloggers log. The best way would probably to start up wordpad and something like filemon: http://www.sysinternals.com/ntw2k/source/filemon.shtml
Then just start typing in Wordpad (make sure to type quite a bit to make sure you catch it when it dumps its buffer to disk). If a suspicious file pops up on the file monitor's log, then take a look at it. Granted, this will take a while for 50 machines, but really the only way to be sure. Once you get going, you should see a pattern and be able to spot anything different being accessed on disk.
Additionally, don't forget about hardware keyloggers - make sure to take a quick peek at the back of each machine to make sure that there isn't an extra wire in between the machine and keyboard cable
\"If you torture the data enough, it will confess.\" --Ronald Coase
October 16th, 2001, 02:11 AM
October 16th, 2001, 02:52 AM
Thats the beuty of a keylogger. It's virtualluy undetectable. Although, I know when using Starr Command keylogger (in my opinion the one and only!) it writes the report to a simple notepad file in C:\WINDOWS\SYSTEM. It just simply named "reprt.txt". Obviously, the file is password protected but it can still be deleted. Also, alot of other keyloggers write to your browsers cache so If it's not emptied have a look in there.....