keylogger trace

Printable View

January 10th, 2004, 09:01 AM
M3mph15

keylogger trace

if a keylogger is installed through the net how to find out who has sent it
January 10th, 2004, 10:25 AM
Sgear17

maybe looking at the log will help a bit....
January 10th, 2004, 12:46 PM
M3mph15

but what if i dont have access to the keylogger's logs that is if he puts a password on it
January 10th, 2004, 12:48 PM
SSJVegeta-Sei

Why not wait until it sends out its data packet, and trace where it goes?

Regards,

SSJVegeta-Sei
January 10th, 2004, 01:23 PM
valhallen

most loggers as SSJVegeta-Sei said will be set to return all information collected back to the owner - otherwise what use is it to them? they log all your keystrokes but then have no way of getting them - lol

what I suggest doing is removing the keylogger (of course), reseting all passowrds (email, forum(s), connection etc), installing an AVP, Firewall but keep the original infection file.

Install this file on a spare PC (amking sure that you dont need it for anything and after a lean format to get rid of any residule information - just incase it isn't a keylogger at all) and monitor wat it does. What information it sends and to where - what files it alters etc

v_Ln
January 10th, 2004, 02:52 PM
M3mph15

thanks guys
January 10th, 2004, 02:55 PM
jetherson

use ethereal
January 10th, 2004, 06:37 PM
M3mph15

What is ethereal man????
January 10th, 2004, 06:39 PM
MrLinus

What is google man! http://www.ethereal.com/

It's a packet sniffer or network analyzer (depending on how you use it)
January 10th, 2004, 06:47 PM
M3mph15

er thanks
January 10th, 2004, 08:53 PM
scriptkiddie18

Quote:

What is google man! http://www.ethereal.com/

rofl doesn anyone know how many times we have said something like this?
google this google that :D
peace
January 10th, 2004, 09:26 PM
Tedob1

theres a dos program called strings (ported from unix) that you can run 'against' the logger to see if it contains an address that it sends the collected info to.

strings.exe can be d/led from:

http://ftp.iasi.rdsnet.ro/people/altblue/win32/utils/
January 11th, 2004, 01:04 PM
backslap

Speaking of key logger's. Can anyone tell me why when I first go to a sight for the first time any day my pointer gets a white star with an orange (!) in it? I use a cable modem with XP. Thanks for any help if someone put something on my home computer.
January 11th, 2004, 01:16 PM
MrLinus

That'd be the Comet Cursor. And if memory serves it has it's own form of spyware.

PC Hell: Comet Cursor Removal Instructions

It might also be helpful in the future to start your own thread for seperate issues. :D
January 14th, 2004, 09:27 AM
therenegade

umm buthow would ya detect the logger neways?I'm assuming it'd be hidden on the startup,win.ini etc..
June 16th, 2004, 07:30 AM
lovebugz

how do i know keylogger is running at my system?
June 17th, 2004, 04:33 PM
valhallen

MsM could be google toolbar - when it blocks a popup it turns cursor into a hand and has a lil star with a ! in it

v_Ln
July 22nd, 2006, 11:52 PM
sherlock

will some one be nice enought to give a quick ethereal tutorial on how to packet sniff? how can i find the file in the first place, then go on to use ethereal or the dos program to do a trackback? thanks
July 23rd, 2006, 02:25 AM
spamdies

notice the flashing dates, this thread is over 2 years old... and no longer active...

on a side note: look in the ao tutorials or search ao for ethereal, theres plenty to be found...