Results 1 to 5 of 5

Thread: Stealthy keyloggers !

  1. January 24th, 2004, 02:18 PM #1
    Waveshifter
    Waveshifter is offline
    Banned
    Join Date
    Jan 2004
    Posts
    17

    Exclamation Stealthy keyloggers !

    Hey Folks!! ..

    How do u find out if ther's a key logger running in a system if it isn't displayed in the task manager ?? ... Its hard to find it on the hard disk too... How does it hide itself ??.. does it got to do with fat32 and ntfs ??
    Reply With Quote Reply With Quote
  2. January 24th, 2004, 02:25 PM #2
    FlamingRain
    FlamingRain is offline
    Senior Member
    Join Date
    Nov 2003
    Posts
    107
    Get task terminator from ZeaSoft to see all the processes that are running and manually kill them. http://www.tucows.com/preview/195792.html It's a favorite tool of mine

    As for finding it on your system, just look around. If there's something that's out of place, look into it. Remember if you're browsing in DOS to use dir /a to show all files (it actually displays files with attributes, but if you don't specify an attribute after the a, it displays files with any attribute(s)).

    If you don't find anything suspicious try using disk investigator to hunt down things on the drive that may be doing funky stuff. http://www.theabsolute.net/sware/dskinv.html I like this tool a lot too

    It doesn't really have anything to do with FAT32 or NTFS. Those are just files systems that the program would be stored on. I'm not saying that it couldn't deal with access to those, but it's uncommon for a keylogger to do that much work to become stealthy when it's much easier to infect some other startup program and put in keylogger code there.

    Check for unused .dll's and remove them or at least identify what they are. http://www.theabsolute.net/sware/#clnsys is another product from solway, the same place/person that makes disk investigator. Their system cleaning software looks good too, but it's shareware.
    Is there a sum of an inifinite geometric series? Well, that all depends on what you consider a negligible amount.
    Reply With Quote Reply With Quote
  3. January 24th, 2004, 05:39 PM #3
    Relyt
    Relyt is offline
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Waveshifter,

    You got my interest up, so I updated my AV and Sypbot Search and Destroy as well. Then I installed a keylogger to see how hard it was to find. After getting it all setup, my AV picked it up right away as a virus containing an .exe file and Spybot found it as a registry change. I'm downloading the programs that Flaming Rain suggested to follow that path as well.

    I'll do some more messing with the file attributes etc., and try to hid them well, But so far it was really easy to locate them.

    Cheers
    Reply With Quote Reply With Quote
  4. January 24th, 2004, 05:54 PM #4
    souleman
    souleman is offline
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,883
    http://www.webattack.com/get/klhunter.html

    http://www.webspeakster.com/detect_keylogger.htm

    http://www.google.com/search?q=detec...UTF-8&oe=UTF-8


    nuff said
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman
    Reply With Quote Reply With Quote
  5. January 24th, 2004, 08:46 PM #5
    albentleyiii
    albentleyiii is offline
    Junior Member
    Join Date
    Jan 2004
    Posts
    2

    keylogger detection

    www.pestpatrol.com Finds keyloggers, ad bots, tojans, etc.
    Andy Bentley
    http://www.bentleyconsulting.biz
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules