I was working with some Uni friends on my computer and the facking jokers decided to install a keylogger on my computer. Apparently it's already uninstalled (it's a bogus winlogon process that stores everything in a .dll).

I need sure fire ways to determine nothing else has been installed on my computer, and that nothing is being transmitted to anyone (I believe some of this keyloggers have the ability to send the info via mail).

This is slightly urgent. Any help is greatly appreciated.


I HATE IT when people mess with my computer.
*Pissed off*

Use rootkit detection tools such as RootkitRevealer and IceSword. Both tools are freely available at majorgeeks.com

IceSword will allow you to view any kernel functions that have been hooked. If the keylogger is stealth, its driver will likely show up in the list as well. Anything colored in red could potentially be malicious.

I was working with some Uni friends on my computer and the facking jokers decided to install a keylogger on my computer. Apparently it's already uninstalled (it's a bogus winlogon process that stores everything in a .dll).

I need sure fire ways to determine nothing else has been installed on my computer, and that nothing is being transmitted to anyone (I believe some of this keyloggers have the ability to send the info via mail).

This is slightly urgent. Any help is greatly appreciated.


I HATE IT when people mess with my computer.
*Pissed off*honestly, lowlevel format your drive. i always treat a machine that is infected as untreatable nowaday, just simply because of rootkits and the such. so thats what i would do if you know something is on your machine.

Well the guy said that it's uninstalled after a reboot (I can delete the file and process),and the process is no longer appearing in my list.

However, I want to make sure no more bogus crap was left on my computer.

what do you mean when you say it "stores everything in a dll"? did your friends tell you that?

I would do lowlevel format as retsam suggested then punch the dude in the face, seriously. You should equate invading another persons computer the same as invading someone's house. Not cool, and to be dealt with as such.

Best of luck cleaning it out.

I would do lowlevel format as retsam suggested then punch the dude in the face, seriously. You should equate invading another persons computer the same as invading someone's house. Not cool, and to be dealt with as such.

Best of luck cleaning it out.


Yah, I should really punch the guy... but I won't resort to violence... yet.

So far no suspicious processes have popped up, and my computer seems to be working fine.

Just to be on the safe side I'll do a complete format as soon as I have the time.

BTW, how can I do a zero-level format?
Can't remember the last time I did that.

IIRC, doing the normal format when you first install windows should do it, instead of the "quick format" option. I know OS X has an option to do multiple Zero formats at once, up to 32x I think for really really making sure everything is wiped so I'm sure their is a windows counterpart.

IIRC, doing the normal format when you first install windows should do it, instead of the "quick format" option.

Full format does not wipe the drive, it scans it for bad sectors. That is why it takes longer.


When you choose to run a regular format on a volume, files are removed from the volume that you are formatting and the hard disk is scanned for bad sectors. The scan for bad sectors is responsible for the majority of the time that it takes to format a volume.

If you choose the Quick format option, format removes files from the partition, but does not scan the disk for bad sectors. Only use this option if your hard disk has been previously formatted and you are sure that your hard disk is not damaged.

Just a normal quick format and reinstall of Windows would likely take care of any rootkit that was installed on the system drive. But there is always the slim possibility that it won't. I think this is why retsam recommends low-level format.

For a low-level format, it is recommended to use a program designed to work with your particular drive. Most manufacturers include a tool with the hard disk for that (usually on CD and/or floppy).

However, there are many other tools that allow you to do a zero-level format. A good free solution I can recommend right off hand is booting from Knoppix CD and running dd if=/dev/zero of=/dev/hda command from a root terminal. Make sure you don't wipe the wrong disk though! (hda is first hard drive, hdb would be second)

With all that said, I still think you can probably avoid having to reinstall Windows. That would be a last resort IMO. I would unplug my machine from the net and do a scan for rootkits with Rootkit Revealer, IceSword, Blacklight, and perhaps even offline utility such as Rootkitty. If no suspicious files are found, I would then focus my attention on network traffic, watching for anything that is being sent out of my machine.

Thanks for the input people. I'll get to it as soon as I have time.

So far, nothing suspicious has been going on.


So far..

If you use your pc for online banking I would format.

I'd still punch the guy in the face.
keyloggers=not cool.:thumbdwn:

If you use your pc for online banking I would format.


Nein, I do not.


If he wants access to my uni mail, then go ahead. If he messes with nVNews, then IT'S ON!

:p