Results 1 to 9 of 9

Thread: Think I have a keylogger

  1. #1
    erleberd Guest

    Default Think I have a keylogger

    Need help.

    Each time I try to log into one of my suppliers sites and begin to enter loin
    ID & PW -
    ZoneAlarm posts a 'Suspicious Behavior" warning



    "Internet Explorer is attempting to monitor user activity on this computer.
    If allowed it may try to track or log keystrokes... etc"
    This just started today.
    I noticed that Ad Aware was disabled as well.
    Its ICON was changed to the Generic Windows "Unknown Program"
    ICON.
    Can any one give me some direction or help?
    I am new to this forum and don't know how it realy works,
    but i need help.


    Please email me at...... Edited by Oldsod to protect your email security from the forum bots that will harvest your email and then spam you with junk email.


    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Pro
    Software Version:7.0

    Message Edited by Oldsod on 02-19-2007 12:50 AM

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Think I have a keylogger

    Hi erleberd

    These two events are unrelated.

    Is the adware desktop Icon disfunctional? Just trash it to the Recycle Bin and open the lavsoft folder in the program files. Right click the adware.exe and select Send To...Desktop. Icon is now fixed. The Icon has nothing to do with then application itself. The entire event happened because of either Windows is making errors or the Ad-aware is messing up things.


    The IE keylogger alerts are normal. Happens all the time. Use the Allow and Remember and apply always. Or give the IE a higher rating in the Program Control listings.

    Oldsod

    Message Edited by Oldsod on 02-19-2007 01:02 AM
    Best regards.
    oldsod

  3. #3
    Join Date
    Mar 2004
    Location
    Brisbane, Australia
    Posts
    645

    Default Re: Think I have a keylogger

    You should ALWAYS assume you are being keylogged. I NEVER access any secure sites (eg Internet Banking) from computers I do not have full control of - especially Internet cafes etc.

    Keyloggers can do a number of things:- <ul>[*]Firstly, they can capture your keystrokes[*]Secondly they can capture screen images[*]Thirdly they can store them for later retrieval by someone who has access to the computer on which the keylogger is running[*]Fourthly, captured data and images can be sent by e-mail (using an inbuilt e-mail client) to an external e-mail address</li[*]Fifthly, data can be FTP'ed to an FTP site. This can be done using either an inbuilt FTP client, or by piggy-backing on the FTP client built into Internet Explorer.[/list]
    A scan of your computer using a good malware detection program should detect them. Try Ewido. Most AV's should detect them too.

    Zone Alarm should detect them trying to send stuff out directly (via FTP or SMTP) by throwing up an ALERT when the keylogger wnts to access the Internet. Zone Alarm Pro (or ZASS) with Program Control set to "High" will detect them trying to use IE's inbuilt FTP client.

    However, don't be mistaken, some are VERY sophisticated and use advanced programming techniques to hide their presence. eg One that I know of loads itself into memory as one of the very first processes after Windows loads (before ZA and programs like SpyBot S&D's TeaTimer runs). It then deletes all its keys (including those used to start up) from the registry and removes itself from the Windows Task Manager task list. It works away happily until you close the computer down. It then waits for everything to get unloaded then writes its keys back to the registry as the very last process before the machine unloads Windows and shuts off.

    To defeat it, just switch your computer off without shutting down first (ie press the RESET button). It will only get loaded again if you run the trojan that installed it in the first place.

  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Think I have a keylogger

    The ZA scanner and the ZA component control is a good antikeylogger by itself.

    A dedicated antikeylogger is the freeware Snoop Free.

    HIPS and IPS such as SSM and Antihook are excellent antikeyloggers among many other things. Both are available as freeware or shareware.

    Spy Scanners such as SpyWareDoctor, CounterSpy and SpySweeper do a good job of finding keyloggers. Freeware/shareware versions of SuperAntiSpyware,Ad-Aware, ASquared and Ewido can help detect keyloggers.

    Some antiviruses are better than others for detecting keyloggers. NOD32 and KAV are quite good in this area. So are many others.

    Not all keyloggers will use the IE or mail ports or file transfer ports. If your GF or boss put one on the machine, it may never call out.

    Autoruns and file explorer from sysinternals could help. At this point of searching, so would a packet sniffer and some rootkit detectors.

    Oldsod

    Message Edited by Oldsod on 02-20-2007 06:38 AM
    Best regards.
    oldsod

  5. #5
    erleberd Guest

    Default Re: Think I have a keylogger

    Frereop,
    Thanks for the tips.
    Your comments have been very helpful

  6. #6
    erleberd Guest

    Default Re: Think I have a keylogger

    Thanks I appreciate your help.

  7. #7
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Think I have a keylogger

    You are welcome.

    Oldsod
    Best regards.
    oldsod

  8. #8
    erleberd Guest

    Default Re: Think I have a keylogger

    I found a Shortcut Icon in one of my active business files named
    &quot;Spyboy&quot;

    It points to my SpyBot Search &amp; destroy exe -
    I googled it and all responces state it's an IRC-Worm.
    Have you had any experience with this?
    If so what do you recommend?
    I ran Ad Aware and Spybot and they did not find anything resembling this name.

    Thanks again for your help

  9. #9
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Think I have a keylogger

    Try these freeware spyware scanners.

    http://www.emsisoft.com/en/software/free/

    http://www.lavasoftusa.com/products/...e_personal.php

    http://www.superantispyware.com/

    http://www.trendmicro.com/cwshredder/

    http://www.majorgeeks.com/McAfee_AVE...ger_d4063.html

    http://www.f-secure.com/blacklight/




    Free on-line scans and please use the IE because they use activeX. Just allow the activeX install:

    http://www.ewido.net/en/onlinescan/

    http://www.bitdefender.com/scan8/ie.html

    After that, to clean some of the junk left from that infections, run a freware reg/file cleaner:

    http://www.majorgeeks.com/CCleaner_S...ish_d4191.html

    Just download the all of the freeware scanners, install, update, reboot, and use maximum scan settings and then scan. Remove all found. All one at a time. Be sure to do both online scans.



    Oldsod
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •