Results 1 to 7 of 7

Thread: What are the signs of typical keyloggers?

  1. #1
    riceorony Guest

    Default What are the signs of typical keyloggers?

    Hello!

    I searched the site and haven't seen any good explanations about the signs for keyloggers on your computer.

    I have ZA IS Suite 7.248 installed along with spysweeper and a bunch of other programs like counterspy v2, ewido AVG, superantispyware, a2 antispyware, and windows defender for on demand scanning only and have not detected a thing in either safe mode or normal mode.

    I am also using ZA force field (which I read can detect them).

    Operating System:Windows Vista Home Premium
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,655

    Default Re: What are the signs of typical keyloggers?

    Hi!
    actually one of the essential characteristic of a keylogger is to be silent and give no sign of his presence.

    You should check your communication flow for unusual traffic, however good keyloggers are also designed not to show any communication sign (hidden with rootkit technology).

    Is your system acting weird? Slow? Well, I will be not surprised since you have piled up an enormous amount of security tools.

    http://en.wikipedia.org/wiki/Keystroke_logging

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    riceorony Guest

    Default Re: What are the signs of typical keyloggers?

    Haha, yes yes I know all the security apps have a downside in that they take up memory space when you run them and can **bleep** the life out of your CPU.

    But nothing is abnormal, I dont use any filesharing service (like limewire, etc.), I dont open emails with file attachments, and I dont download any programs except from legitimate sites.

    How would I go about to see my communication flow for unusual traffic?

    The only thing I pretty much know how to do is to check for trojans (via netstat to determine established connections).

    The reason I ask is because I had my CC numbers taken about 2 years ago and was related to a logger detected by ZA Internet Security Suite. The darn thing was on my computer for about 2 months before I went out and got ZA because I previously used Norton.

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,655

    Default Re: What are the signs of typical keyloggers?


    <BLOCKQUOTE><HR>riceorony wrote:
    The only thing I pretty much know how to do is to check for trojans (via netstat to determine established connections).

    The reason I ask is because I had my CC numbers taken about 2 years ago and was related to a logger detected by ZA Internet Security Suite. The darn thing was on my computer for about 2 months before I went out and got ZA because I previously used Norton.
    <HR></BLOCKQUOTE>Hi!yes, netstat or TCPview (http://technet.microsoft.com/en-us/s.../bb897437.aspx) can help.But prevention and the use of good security tools is still the preferrable route. ZASS 7 does offer excellent protection. Combining itwith ZA forcefield would be simplest and optimal solution for today threads including keyloggers. It is however important to keep them up to date. The rest if really needed should be set only on demand. Cheers,Fax

    Message Edited by fax on 03-07-2008 06:43 PM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    riceorony Guest

    Default Re: What are the signs of typical keyloggers?

    Thanks again fax!

    Tcpview would be MUCH easier than constantly having to type -netstat -a -n into the command prompt screen.

    Isn't Tcpview similar to the option through Windows Defender or Ewido AVG that shows your programs that are currently connected to the network and on which TCP port the program's using on your computer and to what IP address it is connected to (the foreign address)?

    Cheers and have a great weekend.

  6. #6
    Join Date
    Dec 2005
    Posts
    8,990

    Default Re: What are the signs of typical keyloggers?


    <blockquote><hr>riceorony wrote:
    Thanks again fax!

    Tcpview would be MUCH easier than constantly having to type -netstat -a -n into the command prompt screen.

    Isn't Tcpview similar to the option through Windows Defender or Ewido AVG that shows your programs that are currently connected to the network and on which TCP port the program's using on your computer and to what IP address it is connected to (the foreign address)?

    Cheers and have a great weekend.
    <hr></blockquote>


    Yes these all provide some gui for a netstat, although less configuarable.

    With all those antis scanners, you are still worried about keyloggers?

    Basically the ZA firewall is sufficent for keylogger installation alerting.

    Oldsod.
    Best regards.
    oldsod

  7. #7
    Join Date
    Mar 2004
    Location
    Brisbane, Australia
    Posts
    642

    Default Re: What are the signs of typical keyloggers?

    Back to your original question, keyloggers are difficult to detect by design. Lets explain how they work:-

    1. They can be installed for legitimate or covert reasons.
    2. They can be installed by the computer's Administrator as a legitimate program, or by a specially modified "legitimate" programs (called Trojans)
    3. They can store information locally for local retrieval later, or be programmed to send the data via FTP or e-mail to a remote computer.
    4. They have very sophisticated methods to prevent detection and I'll show you that shortly


    One Keylogger I am familiar with sets itself up to be the first program started by Windows so its already running when your Anti-virus and Anti-spyware are loaded. It never gets checked because those programs act on files being loaded and saved to and from the hard disk. The first thing it does after loading is remove all evidence of itself by modifying the Registry and any other "Startup" entries. It removes its listing from the Task Manager so you can't see it running. It goes about its business undetected. Its also very easy to modify a keylogger (and any other malware by the way) to make it undetected by Anti-virus programs during regular disk scans.

    When you shut down the computer, it waits until everything else has been unloaded and it then writes it Startup details back to the Registry so that when you restart your computer, it will restart the keylogger.

    There is a hint here on how to defeat an installed keylogger but my honest opinion is that if you don't have full and absolute control over a computer, assume it has been compromised. NEVER use someone elses PC (including Internet Cafe's, work PC's, your partner's laptop etc) to do things like On-Line banking, even if you know the link is secure. You COULD be being keylogged unbeknown to you OR them!

    If you DO need to use someone else's PC to do confidential things like Internet Banking, take a bootable LINUX disk (eg Ubuntu or Knoppix) with you and boot from that instead in the knowledge that nothing will ever get recorded to the hard disk!.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •