-
October 16th, 2001, 12:50 AM
#1
Junior Member
Keyloggers
How can I tell if there is a key logger installed on a windows 2k box. We have about fifty and I was wondering how to tell if the Kids put keyloggers on them.
-
October 16th, 2001, 01:00 AM
#2
Uhm... I dunno about 2k, but there are several scanning software tools out there made specifically for keyloggers and trojans, such as The Cleaner (www.moosoft.com) and Tauscan (www.agnitum.com) (Those two are free)
[HvC]Terr: L33T Technical Proficiency
-
October 16th, 2001, 01:04 AM
#3
Senior Member
It is hard to tell due to the many different ways that the different keyloggers log. The best way would probably to start up wordpad and something like filemon: http://www.sysinternals.com/ntw2k/source/filemon.shtml
Then just start typing in Wordpad (make sure to type quite a bit to make sure you catch it when it dumps its buffer to disk). If a suspicious file pops up on the file monitor's log, then take a look at it. Granted, this will take a while for 50 machines, but really the only way to be sure. Once you get going, you should see a pattern and be able to spot anything different being accessed on disk.
Additionally, don't forget about hardware keyloggers - make sure to take a quick peek at the back of each machine to make sure that there isn't an extra wire in between the machine and keyboard cable
\"If you torture the data enough, it will confess.\" --Ronald Coase
-
October 16th, 2001, 01:11 AM
#4
Junior Member
-
October 16th, 2001, 01:52 AM
#5
Thats the beuty of a keylogger. It's virtualluy undetectable. Although, I know when using Starr Command keylogger (in my opinion the one and only!) it writes the report to a simple notepad file in C:\WINDOWS\SYSTEM. It just simply named "reprt.txt". Obviously, the file is password protected but it can still be deleted. Also, alot of other keyloggers write to your browsers cache so If it's not emptied have a look in there.....
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|