May 10th, 2003, 08:47 AM
If this is a work computer, refer the situation to the sys admin. they should have a procedure to follow. Also don't be too quick to rule out hardware keystoke recorders, they are cheap (~$40) and would be easier for him to install on your work computer most likely. Something clipped onto the keyboard cable since keyboard cables tend to not have ferrite beads on them since the power. (at least mine never do, but I tend to buy the super cheap keyboards heh)
I think it is important that you start with the sys admin though, if you don't want your friend to get into trouble, just make up something about the computer acting up. I don't assume you have the required permissions on the system to do too much else as far as installing new scanning applications and such and it is always best to follow proper channels, especailly if you acidentally mess something up.
best of luck
May 10th, 2003, 08:48 AM
You could ask a tech to look into it, or check the server to see if the files appear there.
May 10th, 2003, 08:56 AM
ok, so where would you start looking on a PC. This of coarce is more fightning because it would mean he has put somthing on through the net with out me knowing...
May 10th, 2003, 09:41 AM
Check the .ini and .sys files because that where they are.
And it's good to have another Aussie here!
May 10th, 2003, 09:50 AM
what do i look for in the *.ini *.sys and are you refering to say 'win.ini' and 'config.sys' coz there are a lot of ini's out there.
PS are the eagles playing soon?
i'm acutally suprised how many ausies there are. and how many americans too
May 10th, 2003, 10:06 AM
stink, as for you list of processes you may find the link her to be handy:
This was posted by tonybradley a few days ago.
The main launch point will probably be in the registry, where you have looked. The spyware detection tools already mentioned and a good virus scan should find anything. btw what version of windows are you using it is usualy useful to know.
May 10th, 2003, 10:16 AM
It's theoretically possible to construct a software keylogger that is extremely difficult to detect. It wouldn't need to create any processes, and any files it created could be hidden by using system call interception to ensure they didn't show up in directory listings.
Such a keylogger is in principle simply impossible to reliably detect. Therefore I suggest that to make sure, you reformat the machine and reload all software from trusted sources.
May 10th, 2003, 10:35 AM
well, a format does sound a little extreem if im not even sure if it's true or not, plus wouldn't it be likley that in my backup i would back up the logger unknowlingly, oh and waverebal, i've got windows xp professional with service pack 1.
also explain how on of these indetectable loggers work?
May 10th, 2003, 11:55 AM
If they keylogger used the techniques described here
(Windows rootkits: a stealthy threat)
Then it could remain hidden from any level of inspection. It would not need to run any processes (or it could hide those that did), and it could hide its files and registry entries.