-
May 10th, 2003, 06:41 AM
#1
What can you realy do?
Just a thought... If say a mate a work say's he has got a keylogger on my system and he can see everything i'm typing (and lets just say he's not lying). What is every check and scan i can do to find and remove it?
-
May 10th, 2003, 06:49 AM
#2
You can check what processes are running, look for any out of the ordinary names.Or do a full system scan with either an AV or trojan scanner (or both). Or if you have some time, look through all your startup files for anything thats you don't recognize.
It is impossible to make anything foolproof because fools are so ingenious. - Murphy
-
May 10th, 2003, 06:50 AM
#3
A good virus scan with up to date definitions is a good start. Then I would suggest a trojan scanner like TauScan or TheCleaner incase there is more than just a simple keylogger on your system. Just as a thought, you might also want to try AdAware to see if it picks up anything suspicious.
You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
-
May 10th, 2003, 06:59 AM
#4
lets say nothing picks up anything... what can you manually do?
also would it be possible to make a program that could tell you all the programs in your memory and every thing in que in the kernal, wouldn't this alert you to any new virus or trojans or keylogger or suspicious code if your virus scaners cant find anything?
-
May 10th, 2003, 07:04 AM
#5
Well as far as seeing what is running, bringing up the Task Manager in Windows via Ctrl Alt Del will give you a rough idea, though some keyloggers and trojans don't show up in the task manager even. If all else fails, backup all your important stuff, and reformat and reinstall, just becareful that you dont reinfect your system from your backup media.
You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
-
May 10th, 2003, 07:04 AM
#6
Sygate Personal Firewall Pro alerts you if your kernal has changed, manually you could search your startup registry, im not sure about exactly where to search or what to search for, but a nice trojan scanner should detect it.
It is impossible to make anything foolproof because fools are so ingenious. - Murphy
-
May 10th, 2003, 07:06 AM
#7
Hey Hey
if you get SpyBot's Search and Destroy (located here) and in advanced mode go to Tools.. you'll find a process list. It'll give you a complete list of what's running, and where it's located on your hard drive. You can check it out and see if anything suspicious is running.
-
May 10th, 2003, 07:11 AM
#8
acctually i heard if you think something sus is going on to check:
regedit,
HKEY_LOCAL_MACHINE>SOFTWARE>MICROSOFT>WINDOWS>CURRENTVERSION>RUN and look for anything out of the order there... though i wouldn't know what to look for, theres so manny sus programs insatlled im too afraid to touch...
PS. taskmaneger/processes says:
i'll just say the weird things but...
IAMAPP.exe
NAVAPW32.exe
aptezbp.exe
bgswitch.exe
SYSPROXYSVC.exe
NISUM.exe
alg.exe
spoolsv.exe
rakusb.exe
lsass.exe
winlogon.exe
csrss.exe
smss.exe
hpztsb04.exe
-
May 10th, 2003, 07:22 AM
#9
Type the filename in google and see what it brings up if you are concerned about something, but at least 50% of the files you listed there are general system files and pretty standard stuff..... There's some system processes (smss, csrss, winlogon)... looks like Norton AV (NAVAPW32).. you can check google for the rest..
-
May 10th, 2003, 07:45 AM
#10
cool thanx, but where else can i look to see if there is anything abnormal on my system.
also what sort of ports should i be looking out for in 'netstat -an' also i heard that ICMP doesn't use ports... so how does it work and how do i find if anything was using that?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|