-
Why not just check the registry.The logger has to boout up somehow doesnt it?And I find a lot of the loggers that claim to have 'untraceable' startups having an entry in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Run or Runservices or something of the kind,or wini.ini or autoexec.bat...point is,you can make a file untraceable on the start panel,but never truly untraceable.
Quote:
Originally posted here by mathgirl32
It has been my personal experience that with some keyloggers...especially those that capture screenshots and key strokes (like Starr Commander Pro), you can just do a search for files created on a particular day (I usually use the current day) and check for large HTML files. Those HTML files have both the keystrokes and screenshots wrapped up in them to be sent to the spyer's email address. It's worked for me everytime with that particular product.
Yes, you can and should DL a trojan / keylogger removal/detector, but this is also just another quick way to check.
hmm,just a thought,but what if the logger created a null file on a particular date,and actually began logging sometime after?And some loggers dont create very large file sizes as they're usually picked up by watchful admins,they split them up or mail them after a certain file size.
It'd be nifty to see a program that monitored file sizes and such every day,easiest way to pick up the logger?It'd mean wasting a lot of time fcourse
-
Quote:
Originally posted here by therenegade
And some loggers dont create very large file sizes as they're usually picked up by watchful admins,they split them up or mail them after a certain file size.
It'd be nifty to see a program that monitored file sizes and such every day,easiest way to pick up the logger?It'd mean wasting a lot of time fcourse
Some of the best conversations I've had were with an old programming friend of mine....we'd sit around and try to figure out all the different ways you could send out the information without it being detected....or at the very least without raising suspision.
-
and your conclusions were? ;)
-
Quote:
Originally posted here by Tiger Shark
and your conclusions were? ;)
Hee hee....how much time do you have??
Seriously, we got pretty creative. Though most would have been extremely time consuming....there are a lot of possibilities out there. I just have to wait for my skillZ to catch up with my ideas. ;)
-
off topic/
[I like this forum, I like the reading and the comments.
At first I was going to study study study,
But NOW, I've read of a College PROFESSOR (MsM) who is STILL taking exams.
AND (Because I read the profiles) a Post graduate working in computer science (MG32) who will 'just have to wait for my skillZ to catch up with my ideas.'
Jeez.......... take me outside and shoot me now.
I knew I should have punched my little brother out and stole his Spectrum all those years ago.
Bit late now as the little b*st**d grew into a Royal Marine, before going into IT.] end rant/
-
Matou
I deliberatly placed a keylogger on my computer a while ago to check to see if either spybot/adaware/TDS3/AVG etc, would be able to detect it. They did, right on the get-go. If you want to try it, family keylogger is the one I used.
I am working up a "C" keylogger and it won't probably be detected as was mentioned earlier.
cheers
-
[QUOTE] Originally posted here by therenegade
[B]Why not just check the registry.The logger has to boout up somehow doesnt it?And I find a lot of the loggers that claim to have 'untraceable' startups having an entry in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Run or Runservices or something of the kind,or wini.ini or autoexec.bat...point is,you can make a file untraceable on the start panel,but never truly untraceable.
Hmm..being new at this, what would I look for in the registry? What would indicate something suspicious?
-
[QUOTE] Originally posted here by therenegade
[B]Why not just check the registry.The logger has to boout up somehow doesnt it?And I find a lot of the loggers that claim to have 'untraceable' startups having an entry in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Run or Runservices or something of the kind,or wini.ini or autoexec.bat...point is,you can make a file untraceable on the start panel,but never truly untraceable.
Hmm..being new at this, what would I look for in the registry? What would indicate something suspicious?
-
You'd be looking for a suspicious entry in this entry:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Run or this one:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\RunServices
A suspicious entry would be a program you hadn't authorised to run..programs in the Run and Runservices entries start every time your computer boots,and since a logger or any mailicious program for that matter would need to start every time your computer boots,there's sometimes an entry in that.(if you're not sure whether a program running in your registry is legit or not,google around for it...NEVER delete if if you're not sure,playing with the registry can lead to a complete crash).However,programs have been known to use other start up methods too..check the other above posts.
-
hi
i'm a new here, can someone install spyware online without my knowledge?
2pi :D
