Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: keylogger checks

  1. #1
    Junior Member
    Join Date
    Feb 2003
    Posts
    24

    keylogger checks

    I got to thinking about the keylogging thing. I was perusing the i-net for shtuff (freeware) and came across security issues and one was spyware and the other was security in the fact your boss can figure out what and where you've been.
    I am just wondering is there a way to get around this (not for craacking or nothing... just want to get on the work computer) or is this a deep thing for me to get into?
    It\'s better the devil you know, than the devil
    me
    you don\'t.- uhme\'s wifey
    [shadow]Onward Jeeves[/shadow] [blur]Onward Jeeves[/blur]

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    I'm not sure what you are asking. You want get around keyloggers have a work?

    If that's so you might want to check a couple of things first:

    1. The company security policy. You might have "agreed" to the company watching you as well as "agreed" not to alter anything on the computer. If you have, then attempting to stop a keylogger could mean some discipinary actions that in some companies mean dismissal.

    2. If not and you suspect, you could file a lawsuit. It tends to be an invasion of privacy and you have to very clear in things like Security Policies that employees know you are doing this.

    I am assuming that is what your question is about.

    As for actually stopping it, most software based ones have a process running. Just kill the process. If it's hardware based then remove the hardware unless there is a chip soldered to the board. In that case, get a new keyboard.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Junior Member
    Join Date
    May 2002
    Posts
    25
    I am familiar with 2 so called keyloggers. Things to check are those open with a dos command and then a password promt. If your work station is not rebooted the last dos prompt will still be in the box, start, run. Especially if you surprise someone checking your keystrokes. Also most today do not show up in the control/alt/del running menu. Good luck.
    Just when i got used to yesterday, along came today.

  4. #4
    I found one of the best ways to look for keyloggers is using the System Information program (on Windows 98). It shows all of the hooks etc. that are in effect (under Software Environment - System Hooks). From this you can work out if there is one, and then go and have a look at the drivers, and programs that are loaded. The only problem is, I can't work out how to kill them if they aren't listed under the CTRL+ALT+DEL menu. Does anyone else know how?
    If you're using NT then you can just use the Task Manager which shows all the progs and processes running, and you can then end them using the same utility. As for *nix, I don't know.
    \"Death is more universal than life; everyone dies but not everyone lives.\"
    A. Sachs

  5. #5
    () \/V |\| 3 |) |3\/ |\|3G47|\/3
    Join Date
    Sep 2002
    Posts
    744
    I've have some experience with malicious keyloggers and of the ones I am familiar with, (ex: Starr Command, for one) none have been detectable from task manager, nor have they been accessable from the command line (unless you know the password), and none have been detected by any of the trojan/keylogger removal applications that I have used, including Pest Patrol.

    If a person *really knows* what they are doing it will be difficult to detect most of them. I have found that doing a search for files modified can give you a lot of information about the presence of a keylogger (virii and other trojans, too). For example, if you suspect a keylogger has been installed and may be sending the information to a remote address you can just go to start >> search >> files /folders >> modified by date.....then specify the length of just one day. Usually the packet will be sent out as an HTML file....many commercial keyloggers are part of a package that also captures screen shots....if (any many are) it is an HTML file it will be very large so that should be a red flag and worth checking into. Unfortunately, non-commercial keyloggers can be sneakier. But, da'dodo's, idea sounds intriguing.....I hadn't heard that before. Anyway, the non-commercial keyloggers, especially if the keylog files will be retrieved directly from the infected machine, could be really hard to find.

    Oh, I just rememberd that I could actually find keyloggers running by checking, like (I can't remember exactly) somewhere in excel under help >> systems (??) where you can see all the applications that are running and it included apps that you couldn't see in the task manager. This was on a Win2000 Pro box....anyone know what I'm talking about here feel free to fill in the blanks in my bad memory.

    Go Finland!
    Deviant Gallery

  6. #6
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    One of the nasty keyloggers I've read of is IKS (Invisible Keylogger Stealth) (http://www.amecisco.com/faq_iks2k.htm#IKS2KQ6).
    It runs as a (keyboard) device driver, so it as accses to everything the keyboard sends and doesn't show up as a regular process... According to hacking windows 2000 exposed, it can be detected by searching for a registry value called LogName under HKLM\System\CurrentControlSet\Services.

    I haven't tried it, but I'd say a good way to detect a software keylogger might be to watch for file open/close system calls... (I think Visual Studio Spy++ can do that, surely other utilities can too...). If the file is plaintext you might be able to detect a logfile by searching (on all disks) for an unfrequent sentence you have just typed... As for hardware keyloggers well, good luck!

    Ammo
    Credit travels up, blame travels down -- The Boss

  7. #7
    Junior Member
    Join Date
    Feb 2003
    Posts
    24
    First thanx a mil for the prompt replies, however, methinks i think i asked the wrong, and for that matter the wrong context as well. Methinks i just jumped in the water w/out first checking to see if there was water in the pool, if you will (read: i wasn't reading all the threads), as i was perusing the forums and came across a guy who wanted to "keep track" of his g-friend which, in turn, prompted me to think about things. hence, the thread. Well, i came across on of ht replies "No, we are not a hacking tools website

    No, we do not help people spy on their girlfriends

    No, we are not a computer-help-desk-for-hacking

    No, we won't help you for this question" so it got me thinking "uh-oh."
    you see, i was wanting to get on a computer at work so as i can still come here and i am pretty sure they have something to keep track of who is on the computer. I have no intention whatsoever for anything but: 1 occupy my time as i am a "sec guard" and 2i like this site, and a couple of others for that matter.
    Sorry for the wrong impression i gave.
    It\'s better the devil you know, than the devil
    me
    you don\'t.- uhme\'s wifey
    [shadow]Onward Jeeves[/shadow] [blur]Onward Jeeves[/blur]

  8. #8
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Hehe. That's what I figured it might be but they can keep track of your visits here without a keylogger. Proxy and caching servers do that very well.

    I think that most companies would have no objection to you going to websites that help you with your job and help you keep you on your toes to do an even better job. This site isn't about HOW to break in. It's about understanding the HOWs and WHYs so you can defend yourself. Best offense is a good defense.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  9. #9
    Junior Member
    Join Date
    Feb 2003
    Posts
    24
    Thanx again you all...
    It\'s better the devil you know, than the devil
    me
    you don\'t.- uhme\'s wifey
    [shadow]Onward Jeeves[/shadow] [blur]Onward Jeeves[/blur]

  10. #10
    Junior Member
    Join Date
    Mar 2003
    Posts
    6

    IKS logger

    In regards to the iks logger by amecisco...it is a virtual device driver tied deep into xp. According to their site it only functions under Win2k & XP. I happened across a program one day called snoopfree (see snoopfree.com) that is intended to search out keyloggers. I Fortunately or unfortunately I discovered that this little bugger was running on my machine. Don't mean to propagandize for the snoopfree folks -I never did by the program, just used the trial version- but it seems like a reasonably effective bit of code. Now I just have to figure out how trace it back to the devil that snuck this thing onto my machine & politely ask what his/her intentions were for spying on me. I welcome any input on my predicament.

    onepercent
    For every animal you don\'t eat, I\'m gonna eat three....Maddox

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •