spyware/keyloggers

[rrbar]

Hi all, not sure if this is appropriate for this forum or AV forum. I'm still new at this. I looked through some of the postings and threads for spyware and keyloggers but couldn't find the exact stuff that I'm looking for. I hope that I didn't miss anything.

Anyway, my personal bugaboo is that the users in my office work from home sometimes and they aren't adequately protected behind firewalls (we are quickly developing a policy on this). In the meantime, I'm trying to clean up the people's computers who have issues.

I downloaded Spybot, which by most accounts seems to be the best removal tool. But the evaluations that I've read say that even this tool doesn't nail the keyloggers.

Does anyone know of a freeware/shareware program that finds keyloggers. I saw that someone suggested anti-keyloggers.com but that one is too expensive for us.

Thanks for any help that you can offer.

[jaguar291]

Sorry I don't worry too much about keyloggers but I used google and found some software for you:

http://www.blazingtools.com/spy-software.html (Could be promising.)

http://www.techtv.com/callforhelp/ho...382421,00.html (Information on this topic from TechTV... names a few.)

http://www.techtv.com/screensavers/d...396854,00.html (This is the freeware of the day on The Screen Savers.)

http://www.spydex.com/anti-spy-xp/ (Some commerical software... may be good for you.)

- Do a google and altavista search, I'm sure you'll find something that suits your needs.. if not, check download.com.. they normally have some good quality freeware.

[Scatman420]

The fact of the matter is, there are so many key loggers on the net that most antivirus/spyware applications can't detect them. So this would answer your question why your software isn't knocking those out.

Scat

[dopeydadwarf]

Hey check this out . It seems to work pretty good.

I mentioned it for a good reason. It finds them in the freeware version. It however doesn't delete them. If you know it is there you can find other methods of removing it. No real need to buy it unless you really need the automated removal.

[The3ntropy]

rrbar > > It depends on what version of windows you are running but it should have this utility, goto the run command and type MSCONFIG. Then click on the start up tab and uncheck everything in there. That will get rid of just about any key-logger or trojan.

If you do not have MSCONFIG, type REGEDIT at the run command and click on HKEY_local_machine > Software > Microsoft > Windows > CurrentVersion
There are several folders here, goto RUN and delete any/all keys in it, goto RUNONCE and do the same, then goto RUNONCEEX and do the same. This will get rid of just about any trojan and/or key logger

**Reboot your computer after you do either one of these**

[dopeydadwarf]

If he doesn't have msconfig.exe. He should have sysedit.exe.
Which has yet another start point which you forgot.In the Win.ini file you have

Load=
and
Run=

These two lines are often used by keyloggers. They are also often over looked.

[rrbar]

Thanks for all the responses. It wouldn't seem like deleting all the run key items would be the top choice since there are valid programs that start from there, but it could certainly be looked at to determine if there are any nasties starting there.

Sysedit would seem to be a good place to look too.

My company won't pay for the anti-keylogging program. Unfortunately :-(

Jag - I'm curious why you aren't concerned with keyloggers.

[jaguar291]

Why you ask... I really don't know why I don't. Here's my outlook on it... No one can connect anything to my computer physically (case has a lock) and I clean and change parts in my computer on a daily basis (inside, back) so I'd notice any physical key logger. Then software wise... I keep safe when online.. I run Norton AV, BlackICE, and keep up-to-date w/ my trojans and virii knowledge. I also keep direct access limited too, almost always, I unplug some wires when I leave (monitor, power supply, video card, etc.). I have passwords on everything that is valuable... so I feel secure so I don't really worry that much about it..

= Cheers,
jag291

[rrbar]

jag - I won't be able to teach my users those techniques.

It's not me who's computer is at risk. But it does put my network at risk. Clearly the thing to do is to get protection for them when they are home. A Linksys router is the simple solution there.

But I'm still looking for the best method to kill any keyloggers that might be on there. I still need to check out the sites that you googled before.

Thanks again

[bballad]

AHH Jaguar the difrence here is that you only have to secure your PC where rrbar has to deal with laptops that travel and that people run from home. when you enter a network enviroment and are incharge of said enviroment you have to asume that the useres (be it 10 or 10,000) know nothing about security and will forget anything you tell them (I had people rutenly turn off their AV program because it wouldn't let them view an email attachment ). In a coperate network you do have to worry about compromised systems because users are dumb.

I am thinking the best sugestion for rrbar is to go through what is running at startup (hopefuly you know what programs should be running), but be warned some keyloggers can load as services so they wont show on that list your best bet may be to run a port scan across all at risk systems to see if any are passing data out when they shouldn't be.