Go Back   nV News Forums > Software Forums > General Software

Newegg Daily Deals

Reply
 
Thread Tools
Old 11-13-06, 02:35 PM   #1
Tuork
Official pain in the ass
 
Tuork's Avatar
 
Join Date: May 2003
Location: 127.0.0.1
Posts: 1,197
Send a message via MSN to Tuork
Default Detecting keyloggers, and other malicious stuff

I was working with some Uni friends on my computer and the facking jokers decided to install a keylogger on my computer. Apparently it's already uninstalled (it's a bogus winlogon process that stores everything in a .dll).

I need sure fire ways to determine nothing else has been installed on my computer, and that nothing is being transmitted to anyone (I believe some of this keyloggers have the ability to send the info via mail).

This is slightly urgent. Any help is greatly appreciated.


I HATE IT when people mess with my computer.
*Pissed off*
__________________
My avatar: "An obscure and non sensical pattern made to get people to post what they think it is" - Vamp

Dimitri:
Dell XPS M1530
Core2Duo T5550 1.86Ghz | 3GB DDR2 | 8600M GT 256MB | 250GB Hdd | BenQ FP202W 20" LCD | MX1000 mouse | Inspire T5400 5.1
Tuork is offline   Reply With Quote
Old 11-14-06, 02:58 AM   #2
rewt
mmm, Beer.. :drooling:
 
rewt's Avatar
 
Join Date: May 2004
Location: USA
Posts: 3,667
Default Re: Detecting keyloggers, and other malicious stuff

Use rootkit detection tools such as RootkitRevealer and IceSword. Both tools are freely available at majorgeeks.com

IceSword will allow you to view any kernel functions that have been hooked. If the keylogger is stealth, its driver will likely show up in the list as well. Anything colored in red could potentially be malicious.
__________________
My pimp'n rig
Athlon64 Venice 3000+ @ 2.6GHz (4100+) · Win XP Pro x86, Vista Ultimate x64 · eVGA K8-NF41 nForce4 SLi · Corsair XMS 1.5GB PC3200 CAS2/1T · eVGA 2x 6600GT SLi · Leadtek Winfast TV2000 XP Deluxe · Western Digital Caviar SE ½TB RAID 0/1 · PowerLink LPK2-30 400W · LiteON LDW-411S OC to 811S 8x DVD±R/RW/ROM · MicroAdvantage 64MB QuickiDrive · Samsung SyncMaster 931B 19" LCD · Microsoft Optical Wheel Mouse USB · Sony PSXtoUSB Analog Gamepads · Memorex MX2700 Multimedia Keyboard · Lexmark 3200 Color Jetprinter · nForce Network Controller 1Gb/s LAN (Cable ~3Mb/s down) · ΩPioneer Dolby Digital 5.1 Surround Sound
rewt is offline   Reply With Quote
Old 11-14-06, 05:55 AM   #3
retsam
Registered User
 
Join Date: Jul 2002
Posts: 2,602
Default Re: Detecting keyloggers, and other malicious stuff

Quote:
Originally Posted by Tuork
I was working with some Uni friends on my computer and the facking jokers decided to install a keylogger on my computer. Apparently it's already uninstalled (it's a bogus winlogon process that stores everything in a .dll).

I need sure fire ways to determine nothing else has been installed on my computer, and that nothing is being transmitted to anyone (I believe some of this keyloggers have the ability to send the info via mail).

This is slightly urgent. Any help is greatly appreciated.


I HATE IT when people mess with my computer.
*Pissed off*
honestly, lowlevel format your drive. i always treat a machine that is infected as untreatable nowaday, just simply because of rootkits and the such. so thats what i would do if you know something is on your machine.
retsam is offline   Reply With Quote
Old 11-14-06, 07:43 PM   #4
Tuork
Official pain in the ass
 
Tuork's Avatar
 
Join Date: May 2003
Location: 127.0.0.1
Posts: 1,197
Send a message via MSN to Tuork
Default Re: Detecting keyloggers, and other malicious stuff

Well the guy said that it's uninstalled after a reboot (I can delete the file and process),and the process is no longer appearing in my list.

However, I want to make sure no more bogus crap was left on my computer.
__________________
My avatar: "An obscure and non sensical pattern made to get people to post what they think it is" - Vamp

Dimitri:
Dell XPS M1530
Core2Duo T5550 1.86Ghz | 3GB DDR2 | 8600M GT 256MB | 250GB Hdd | BenQ FP202W 20" LCD | MX1000 mouse | Inspire T5400 5.1
Tuork is offline   Reply With Quote
Old 11-19-06, 01:42 AM   #5
FCGD
Gamer/Programmer/Skeptic
 
FCGD's Avatar
 
Join Date: Nov 2006
Posts: 184
Default Re: Detecting keyloggers, and other malicious stuff

what do you mean when you say it "stores everything in a dll"? did your friends tell you that?
__________________
Nvidia Rig: 2x7900GT in SLI, AMD X2 4600+, 2 gig ram
Ati Rig: x800xt, AMD64 3500+, 1 gig ram
FCGD is offline   Reply With Quote
Old 11-19-06, 05:03 AM   #6
OldOfEvil
Parrots + Xanax =
 
OldOfEvil's Avatar
 
Join Date: Jun 2003
Posts: 662
Default Re: Detecting keyloggers, and other malicious stuff

I would do lowlevel format as retsam suggested then punch the dude in the face, seriously. You should equate invading another persons computer the same as invading someone's house. Not cool, and to be dealt with as such.

Best of luck cleaning it out.
__________________
i5 3570k | Sabertooth z77 | GTX 680 (320.49) | 16GB DDR2 | Win7 x64 Pro
OldOfEvil is offline   Reply With Quote
Old 11-19-06, 10:42 AM   #7
Tuork
Official pain in the ass
 
Tuork's Avatar
 
Join Date: May 2003
Location: 127.0.0.1
Posts: 1,197
Send a message via MSN to Tuork
Default Re: Detecting keyloggers, and other malicious stuff

Quote:
Originally Posted by OldOfEvil
I would do lowlevel format as retsam suggested then punch the dude in the face, seriously. You should equate invading another persons computer the same as invading someone's house. Not cool, and to be dealt with as such.

Best of luck cleaning it out.

Yah, I should really punch the guy... but I won't resort to violence... yet.

So far no suspicious processes have popped up, and my computer seems to be working fine.

Just to be on the safe side I'll do a complete format as soon as I have the time.

BTW, how can I do a zero-level format?
Can't remember the last time I did that.
__________________
My avatar: "An obscure and non sensical pattern made to get people to post what they think it is" - Vamp

Dimitri:
Dell XPS M1530
Core2Duo T5550 1.86Ghz | 3GB DDR2 | 8600M GT 256MB | 250GB Hdd | BenQ FP202W 20" LCD | MX1000 mouse | Inspire T5400 5.1
Tuork is offline   Reply With Quote
Old 11-19-06, 11:45 AM   #8
OldOfEvil
Parrots + Xanax =
 
OldOfEvil's Avatar
 
Join Date: Jun 2003
Posts: 662
Default Re: Detecting keyloggers, and other malicious stuff

IIRC, doing the normal format when you first install windows should do it, instead of the "quick format" option. I know OS X has an option to do multiple Zero formats at once, up to 32x I think for really really making sure everything is wiped so I'm sure their is a windows counterpart.
__________________
i5 3570k | Sabertooth z77 | GTX 680 (320.49) | 16GB DDR2 | Win7 x64 Pro
OldOfEvil is offline   Reply With Quote

Old 11-19-06, 12:43 PM   #9
rewt
mmm, Beer.. :drooling:
 
rewt's Avatar
 
Join Date: May 2004
Location: USA
Posts: 3,667
Default Re: Detecting keyloggers, and other malicious stuff

Quote:
Originally Posted by OldOfEvil
IIRC, doing the normal format when you first install windows should do it, instead of the "quick format" option.
Full format does not wipe the drive, it scans it for bad sectors. That is why it takes longer.

Quote:
Originally Posted by Microsoft
When you choose to run a regular format on a volume, files are removed from the volume that you are formatting and the hard disk is scanned for bad sectors. The scan for bad sectors is responsible for the majority of the time that it takes to format a volume.

If you choose the Quick format option, format removes files from the partition, but does not scan the disk for bad sectors. Only use this option if your hard disk has been previously formatted and you are sure that your hard disk is not damaged.
Just a normal quick format and reinstall of Windows would likely take care of any rootkit that was installed on the system drive. But there is always the slim possibility that it won't. I think this is why retsam recommends low-level format.

For a low-level format, it is recommended to use a program designed to work with your particular drive. Most manufacturers include a tool with the hard disk for that (usually on CD and/or floppy).

However, there are many other tools that allow you to do a zero-level format. A good free solution I can recommend right off hand is booting from Knoppix CD and running dd if=/dev/zero of=/dev/hda command from a root terminal. Make sure you don't wipe the wrong disk though! (hda is first hard drive, hdb would be second)

With all that said, I still think you can probably avoid having to reinstall Windows. That would be a last resort IMO. I would unplug my machine from the net and do a scan for rootkits with Rootkit Revealer, IceSword, Blacklight, and perhaps even offline utility such as Rootkitty. If no suspicious files are found, I would then focus my attention on network traffic, watching for anything that is being sent out of my machine.
__________________
My pimp'n rig
Athlon64 Venice 3000+ @ 2.6GHz (4100+) · Win XP Pro x86, Vista Ultimate x64 · eVGA K8-NF41 nForce4 SLi · Corsair XMS 1.5GB PC3200 CAS2/1T · eVGA 2x 6600GT SLi · Leadtek Winfast TV2000 XP Deluxe · Western Digital Caviar SE ½TB RAID 0/1 · PowerLink LPK2-30 400W · LiteON LDW-411S OC to 811S 8x DVD±R/RW/ROM · MicroAdvantage 64MB QuickiDrive · Samsung SyncMaster 931B 19" LCD · Microsoft Optical Wheel Mouse USB · Sony PSXtoUSB Analog Gamepads · Memorex MX2700 Multimedia Keyboard · Lexmark 3200 Color Jetprinter · nForce Network Controller 1Gb/s LAN (Cable ~3Mb/s down) · ΩPioneer Dolby Digital 5.1 Surround Sound

Last edited by rewt; 11-19-06 at 01:37 PM.
rewt is offline   Reply With Quote
Old 11-19-06, 11:20 PM   #10
Tuork
Official pain in the ass
 
Tuork's Avatar
 
Join Date: May 2003
Location: 127.0.0.1
Posts: 1,197
Send a message via MSN to Tuork
Default Re: Detecting keyloggers, and other malicious stuff

Thanks for the input people. I'll get to it as soon as I have time.

So far, nothing suspicious has been going on.


So far..
__________________
My avatar: "An obscure and non sensical pattern made to get people to post what they think it is" - Vamp

Dimitri:
Dell XPS M1530
Core2Duo T5550 1.86Ghz | 3GB DDR2 | 8600M GT 256MB | 250GB Hdd | BenQ FP202W 20" LCD | MX1000 mouse | Inspire T5400 5.1
Tuork is offline   Reply With Quote
Old 11-20-06, 10:02 AM   #11
SH0DAN
SGIRealityEngine
 
SH0DAN's Avatar
 
Join Date: Dec 2003
Location: Citadel Station
Posts: 1,676
Send a message via ICQ to SH0DAN
Default Re: Detecting keyloggers, and other malicious stuff

If you use your pc for online banking I would format.
__________________
When plunder becomes a way of life for a group of men living together in society, they create for themselves, in the course of time, a legal system that authorizes it and a moral code that glorifies it. -Fred Bastiat-

The last official act of a corrupt government is to loot the nation.

When buying and selling are controlled by legislation, the first things to be bought and sold are legislators.
P. J. O'Rourke

------------------
Q6600 g0 @3.20Ghz 1.30 VOLTS||Tr ULTIMA 90I + ||2X1Gb Crucial Ballistix Tracer PC6400 4-3-3-7@ 400 x 8
BFG 260gtx MAXCORE55 @ 690/1420/2377 ||Asus P5K-Deluxe WiFi AP||Corsair HX520||Nec 2470WNX-BK + LG 1751S|
Lian Li PC-65B + II||Western Digital 150GB RaptorX|| Samsung 750Gb HD x3|| WD 2500KS ||Samsung 183s||SB Audigy 2 ZS||Audio Technica ESW9's +red RSA Predator|G11+MX518
SH0DAN is offline   Reply With Quote
Old 11-20-06, 11:20 AM   #12
DiscipleDOC
 
DiscipleDOC's Avatar
 
Join Date: Dec 2002
Location: Alabama, Planet Earth
Posts: 5,993
Default Re: Detecting keyloggers, and other malicious stuff

I'd still punch the guy in the face.
keyloggers=not cool.
DiscipleDOC is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 09:37 AM.


Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright ©1998 - 2014, nV News.