January 24th, 2004, 01:18 PM
Stealthy keyloggers !
Hey Folks!! ..
How do u find out if ther's a key logger running in a system if it isn't displayed in the task manager ?? ... Its hard to find it on the hard disk too... How does it hide itself ??.. does it got to do with fat32 and ntfs ??
January 24th, 2004, 01:25 PM
Get task terminator from ZeaSoft to see all the processes that are running and manually kill them. http://www.tucows.com/preview/195792.html It's a favorite tool of mine
As for finding it on your system, just look around. If there's something that's out of place, look into it. Remember if you're browsing in DOS to use dir /a to show all files (it actually displays files with attributes, but if you don't specify an attribute after the a, it displays files with any attribute(s)).
If you don't find anything suspicious try using disk investigator to hunt down things on the drive that may be doing funky stuff. http://www.theabsolute.net/sware/dskinv.html I like this tool a lot too
It doesn't really have anything to do with FAT32 or NTFS. Those are just files systems that the program would be stored on. I'm not saying that it couldn't deal with access to those, but it's uncommon for a keylogger to do that much work to become stealthy when it's much easier to infect some other startup program and put in keylogger code there.
Check for unused .dll's and remove them or at least identify what they are. http://www.theabsolute.net/sware/#clnsys is another product from solway, the same place/person that makes disk investigator. Their system cleaning software looks good too, but it's shareware.
Is there a sum of an inifinite geometric series? Well, that all depends on what you consider a negligible amount.
January 24th, 2004, 04:39 PM
You got my interest up, so I updated my AV and Sypbot Search and Destroy as well. Then I installed a keylogger to see how hard it was to find. After getting it all setup, my AV picked it up right away as a virus containing an .exe file and Spybot found it as a registry change. I'm downloading the programs that Flaming Rain suggested to follow that path as well.
I'll do some more messing with the file attributes etc., and try to hid them well, But so far it was really easy to locate them.
January 24th, 2004, 04:54 PM
\"Ignorance is bliss....
but only for your enemy\"
January 24th, 2004, 07:46 PM
www.pestpatrol.com Finds keyloggers, ad bots, tojans, etc.