What can you realy do? - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: What can you realy do?

  1. #11
    Banned
    Join Date
    May 2003
    Posts
    1,004
    If this is a work computer, refer the situation to the sys admin. they should have a procedure to follow. Also don't be too quick to rule out hardware keystoke recorders, they are cheap (~$40) and would be easier for him to install on your work computer most likely. Something clipped onto the keyboard cable since keyboard cables tend to not have ferrite beads on them since the power. (at least mine never do, but I tend to buy the super cheap keyboards heh)

    I think it is important that you start with the sys admin though, if you don't want your friend to get into trouble, just make up something about the computer acting up. I don't assume you have the required permissions on the system to do too much else as far as installing new scanning applications and such and it is always best to follow proper channels, especailly if you acidentally mess something up.

    best of luck

    catch

  2. #12
    Banned
    Join Date
    Apr 2003
    Posts
    54

    Keylogger

    You could ask a tech to look into it, or check the server to see if the files appear there.

  3. #13
    ok, so where would you start looking on a PC. This of coarce is more fightning because it would mean he has put somthing on through the net with out me knowing...

  4. #14
    Banned
    Join Date
    Apr 2003
    Posts
    54

    Cool Keylogger

    Check the .ini and .sys files because that where they are.

    And it's good to have another Aussie here!

  5. #15
    what do i look for in the *.ini *.sys and are you refering to say 'win.ini' and 'config.sys' coz there are a lot of ini's out there.

    PS are the eagles playing soon?
    i'm acutally suprised how many ausies there are. and how many americans too

  6. #16
    Member
    Join Date
    Nov 2002
    Posts
    80
    stink, as for you list of processes you may find the link her to be handy:
    http://www.antionline.com/showthread...ight=processes
    This was posted by tonybradley a few days ago.

    The main launch point will probably be in the registry, where you have looked. The spyware detection tools already mentioned and a good virus scan should find anything. btw what version of windows are you using it is usualy useful to know.

    Waverebel

  7. #17
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    It's theoretically possible to construct a software keylogger that is extremely difficult to detect. It wouldn't need to create any processes, and any files it created could be hidden by using system call interception to ensure they didn't show up in directory listings.

    Such a keylogger is in principle simply impossible to reliably detect. Therefore I suggest that to make sure, you reformat the machine and reload all software from trusted sources.

  8. #18
    well, a format does sound a little extreem if im not even sure if it's true or not, plus wouldn't it be likley that in my backup i would back up the logger unknowlingly, oh and waverebal, i've got windows xp professional with service pack 1.

    also explain how on of these indetectable loggers work?

  9. #19
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    If they keylogger used the techniques described here

    http://www.antionline.com/showthread...hreadid=240901

    (Windows rootkits: a stealthy threat)

    Then it could remain hidden from any level of inspection. It would not need to run any processes (or it could hide those that did), and it could hide its files and registry entries.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides