Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: What can you realy do?

  1. #1

    Unhappy What can you realy do?

    Just a thought... If say a mate a work say's he has got a keylogger on my system and he can see everything i'm typing (and lets just say he's not lying). What is every check and scan i can do to find and remove it?

  2. #2
    Senior Member SirSub's Avatar
    Join Date
    May 2003
    Location
    Groom Lake, Nevada
    Posts
    148
    You can check what processes are running, look for any out of the ordinary names.Or do a full system scan with either an AV or trojan scanner (or both). Or if you have some time, look through all your startup files for anything thats you don't recognize.
    It is impossible to make anything foolproof because fools are so ingenious. - Murphy

  3. #3
    Purveyor of Lather Syini666's Avatar
    Join Date
    Aug 2001
    Posts
    553
    A good virus scan with up to date definitions is a good start. Then I would suggest a trojan scanner like TauScan or TheCleaner incase there is more than just a simple keylogger on your system. Just as a thought, you might also want to try AdAware to see if it picks up anything suspicious.
    You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

  4. #4
    lets say nothing picks up anything... what can you manually do?
    also would it be possible to make a program that could tell you all the programs in your memory and every thing in que in the kernal, wouldn't this alert you to any new virus or trojans or keylogger or suspicious code if your virus scaners cant find anything?

  5. #5
    Purveyor of Lather Syini666's Avatar
    Join Date
    Aug 2001
    Posts
    553
    Well as far as seeing what is running, bringing up the Task Manager in Windows via Ctrl Alt Del will give you a rough idea, though some keyloggers and trojans don't show up in the task manager even. If all else fails, backup all your important stuff, and reformat and reinstall, just becareful that you dont reinfect your system from your backup media.
    You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

  6. #6
    Senior Member SirSub's Avatar
    Join Date
    May 2003
    Location
    Groom Lake, Nevada
    Posts
    148
    Sygate Personal Firewall Pro alerts you if your kernal has changed, manually you could search your startup registry, im not sure about exactly where to search or what to search for, but a nice trojan scanner should detect it.
    It is impossible to make anything foolproof because fools are so ingenious. - Murphy

  7. #7
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Hey Hey

    if you get SpyBot's Search and Destroy (located here) and in advanced mode go to Tools.. you'll find a process list. It'll give you a complete list of what's running, and where it's located on your hard drive. You can check it out and see if anything suspicious is running.

  8. #8
    acctually i heard if you think something sus is going on to check:
    regedit,
    HKEY_LOCAL_MACHINE>SOFTWARE>MICROSOFT>WINDOWS>CURRENTVERSION>RUN and look for anything out of the order there... though i wouldn't know what to look for, theres so manny sus programs insatlled im too afraid to touch...
    PS. taskmaneger/processes says:
    i'll just say the weird things but...
    IAMAPP.exe
    NAVAPW32.exe
    aptezbp.exe
    bgswitch.exe
    SYSPROXYSVC.exe
    NISUM.exe
    alg.exe
    spoolsv.exe
    rakusb.exe
    lsass.exe
    winlogon.exe
    csrss.exe
    smss.exe
    hpztsb04.exe

  9. #9
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Type the filename in google and see what it brings up if you are concerned about something, but at least 50% of the files you listed there are general system files and pretty standard stuff..... There's some system processes (smss, csrss, winlogon)... looks like Norton AV (NAVAPW32).. you can check google for the rest..

  10. #10
    cool thanx, but where else can i look to see if there is anything abnormal on my system.
    also what sort of ports should i be looking out for in 'netstat -an' also i heard that ICMP doesn't use ports... so how does it work and how do i find if anything was using that?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •