Keyloggers
Results 1 to 5 of 5

Thread: Keyloggers

  1. #1
    Junior Member
    Join Date
    Sep 2001
    Posts
    14

    Keyloggers

    How can I tell if there is a key logger installed on a windows 2k box. We have about fifty and I was wondering how to tell if the Kids put keyloggers on them.
    Share on Google+

  2. #2
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007
    Uhm... I dunno about 2k, but there are several scanning software tools out there made specifically for keyloggers and trojans, such as The Cleaner (www.moosoft.com) and Tauscan (www.agnitum.com) (Those two are free)
    [HvC]Terr: L33T Technical Proficiency
    Share on Google+

  3. #3
    Senior Member
    Join Date
    Aug 2001
    Posts
    170

    Arrow

    It is hard to tell due to the many different ways that the different keyloggers log. The best way would probably to start up wordpad and something like filemon: http://www.sysinternals.com/ntw2k/source/filemon.shtml

    Then just start typing in Wordpad (make sure to type quite a bit to make sure you catch it when it dumps its buffer to disk). If a suspicious file pops up on the file monitor's log, then take a look at it. Granted, this will take a while for 50 machines, but really the only way to be sure. Once you get going, you should see a pattern and be able to spot anything different being accessed on disk.

    Additionally, don't forget about hardware keyloggers - make sure to take a quick peek at the back of each machine to make sure that there isn't an extra wire in between the machine and keyboard cable
    \"If you torture the data enough, it will confess.\" --Ronald Coase
    Share on Google+

  4. #4
    Junior Member
    Join Date
    Sep 2001
    Posts
    14
    thanks
    Share on Google+

  5. #5

    Smile

    Thats the beuty of a keylogger. It's virtualluy undetectable. Although, I know when using Starr Command keylogger (in my opinion the one and only!) it writes the report to a simple notepad file in C:\WINDOWS\SYSTEM. It just simply named "reprt.txt". Obviously, the file is password protected but it can still be deleted. Also, alot of other keyloggers write to your browsers cache so If it's not emptied have a look in there.....
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides