Image

Keylogger scare.

Need help? Or just want to chat about your rig.
Locked
NoucFeanor
Retired Clan Member
Retired Clan Member
Posts: 535
Joined: Wed Dec 31, 1969 7:00 pm
Location: Fort Worth, Texas

Keylogger scare.

Post by NoucFeanor » Mon Jun 06, 2011 1:34 pm

One of my sisters computers she thinks has been compromised by the use of a keylogger. There is no proof of this however and I was wondering if anyone could tell me if there is a way I can find out if there is indeed a keylogger on her computer.

Without going into too much detail, the computer is the one she uses mostly for her banking and social networking, so understandably she is concerned by this potential breech of her security.

The person in question that she suspects of installing such a device has also lifted her OS installation and drivers software, so at the moment a system nuke isn't an option.

Thanks for any advice that is given, it is greatly appreciated.

Diehard
Clan Member
Clan Member
Posts: 717
Joined: Wed Dec 31, 1969 7:00 pm
Location: Houston, Texas

Post by Diehard » Mon Jun 06, 2011 9:26 pm

Hey Nouc, key loggers can be bad news, but generally they have to be installed on a computer via an admin account. They can record everything from passwords to every website and every e-mail you send and receive, not to mention every keystroke and the time they were made. From what I know they are very rarely installed via a website or e-mail and are generally installed via an admin account on the computer. If you can not access some other admin account on the computer your dealing with you can not do much about it, and they may be able to log in via the internet if the computer is connected. I would first look for any other admin/user accounts. Log into any banking accounts from another computer and change passwords first off. Notify your credit card carriers for suspicious activity.
Image

yardy_da_truck
Retired Clan Member
Retired Clan Member
Posts: 72
Joined: Wed Dec 31, 1969 7:00 pm

Post by yardy_da_truck » Mon Jun 06, 2011 10:35 pm

I use 'whats running' to see every program that is currently running on my computer. This will show everything including network activity. Anything that looks odd or suspicious I do a Google search to see what it is and if it's safe. The program is user friendly.

The last time I downloaded it , it was a free program although they appreciate donations of course.

I download mine directly from the source page at whatsrunning.net
The current version is 3.0 and was updated to be compatible with Win 7, etc in April of this year.

In addition to the above, I also use AVG antivirus free edition 2011 which found a bunch of stuff on my computer and fixed it for free. It also checks for malware and adware in addition to the keyloggers, viruses , etc
Also try the trial of their PC tuneup which did a pretty good job of taking some of the kinks out of my registry and defragged my memory.

free.avg.com

-yardy

Sissyboy
Clan Member
Clan Member
Posts: 873
Joined: Wed Dec 31, 1969 7:00 pm
Location: Playing ETQW at home... or stuck at work

Post by Sissyboy » Tue Jun 07, 2011 12:11 am

She have a crazy hubby or boyfriend?

Those proggies don't usually show up in Taskmanager.......
Will Ban for Stroyent.

dirtyolman
Retired Clan Member
Retired Clan Member
Posts: 326
Joined: Wed Dec 31, 1969 7:00 pm
Location: In ma weed patch:)

Post by dirtyolman » Wed Jun 08, 2011 10:48 am

Dirty Recommendations:

Dump the drive

Reload Windows

If she continues to do online banking, and Facebook, this will happen.
Image

ferapont
Retired Clan Member
Retired Clan Member
Posts: 254
Joined: Wed Dec 31, 1969 7:00 pm
Location: Seattle

Post by ferapont » Thu Jun 09, 2011 11:11 pm

i found this

http://download.cnet.com/WinPatrol/3000 ... dDownloads

"WinPatrol monitors and exposes adware, keyloggers, spyware, worms, cookies, and other malicious software."

???

User avatar
Jellohtits
Retired Clan Member
Retired Clan Member
Posts: 21
Joined: Wed Dec 31, 1969 7:00 pm
Location: Palm Bay, Florida

Keylogger

Post by Jellohtits » Sat Jun 11, 2011 10:10 am

As somebody who helps people with this often- here are a few suggestions.

1. She should (obviously) stop using banking/social networks until she's certain her machine is safe.

2. If she absolutely must log in somewhere, tell her to go to Accessibility in Windows and use the on-screen keyboard. It's something most malware makers didn't think of when they created keylogging.

3. Keyloggers are (un)fortunately more common than you think. This is both a good and bad thing. It's bad because- well- who wants to deal with identity theft? It's good because-- the good guys are getting better and better at detecting and stopping it.

4. http://www.malwarebytes.orgGo here and download this. You don't need the paid version, but if they save her butt-- consider it. Start with a "Quick Scan" If it finds a lot of stuff- you might want to do the full scan, but pack a tent and sleeping bag.

5. http://www.comodo.comGo here and download THIS, too. Get "Internet Security." It's free and awesome. What I like about this antivirus software is that it uses technology called "sandboxing." In essence, It creates a fake windows registry that unrecognized programs install to.... If one of them turns out to be evil . . *SCOOP* It's out of the computer in heartbeat. It's going to clue you in to all the hidden stuff running- trying to connect to the web.

6. Once she's certain her computer is clean- she needs to change her passwords. I suggest using an addon for Firefox/Chrome called "Lastpass." She should create one complex password like "1reallyl0veMyP@ssword5" See how it looks like a sentence? I've substituted a few numbers for letters-- nothing in that password could be found in a dictionary, but with a bit of practice- it's easier to remember than 5ad32^1ejg35 ... and just as safe. Basically- keep a secure, big password in Lastpass-- and let IT create/manage her passwords for other sites. There's an extra advantage here, too: It fills in password forms FOR YOU-- So-- if infected with a keylogger-- you technically didn't press any keys. (Save, of course, for your lastpass master password- which can be entered with their on-screen keyboard through their web site). Seriously, she needs a different password for each site.... If I got a username and password . . if I were a bad guy- the next thing I'd do is just start guessing sites to type that into. Hmmm. Did it work on Bank of America? How about Wachovia? Maybe Gmail? On and on-- because I know most people use the same username and password for each site they go to.... I'd hit the most popular sites and go from there. . . PLUS ... If they can get into her email- they can see where she does business-- because companies email you promotions and crap ALL the time.

7. Call a good-looking computer tech if you have questions and/or need help. I happen to be one of those. AND ... You're BBA, so- don't hesitate to ask for anything. I'll always help my BBA brothers for free.

User avatar
Jellohtits
Retired Clan Member
Retired Clan Member
Posts: 21
Joined: Wed Dec 31, 1969 7:00 pm
Location: Palm Bay, Florida

One more thing

Post by Jellohtits » Sat Jun 11, 2011 10:14 am

One more thing . . .

If she has a name-brand computer: For instance: HP, Dell, Compaq, etc...

She can call them with her service tag information, and around $20. They'll send her the restore disks. It's a small investment for peace of mind.

NoucFeanor
Retired Clan Member
Retired Clan Member
Posts: 535
Joined: Wed Dec 31, 1969 7:00 pm
Location: Fort Worth, Texas

Post by NoucFeanor » Sat Jun 11, 2011 10:57 am

Thanks for all the intel guys. Gonna use this to try to get to the bottom of the mystery.
sounds pretty serious though.

She is thinking of just getting a new computer; the one she is worried about is a piece of junk anyway (free ram for me!).


Thanks again folks.

on an off note: Salt lake city sucks! So boring here.

Locked