Re: Recently detected keylogger

From: code_wrong (tac_at_tac.ouch.co.uk)
Date: 09/22/04 

Date: Wed, 22 Sep 2004 15:42:27 +0100

"Dave McCarthy" <daveandem@att.net> wrote in message
news:aba399e3.0409211029.4a230d37@posting.google.com...
> Hello,
>
> I recently updated my virus software and found that my PC was infected
with
> the following:
> 1. W32.spybot.worm (winregs32.exe, wugrds.exe)
> 2. W32.Francette.worm (syshost.exe)
> 3. Keylogger.trojan (lol.dll )
> 4. Bloodhound.W32.ep
> 5. W32.Blaster.E.Worm (mslaugh.exe)
>
>
> I am most concerned about the keylogger and possible information sent to
the
> hacker.
>
> Can someone advise on how to accomplish the following:
>
> 1. Locate and read the file of intercepted keystrokes?

If the logger is still running you could type an unusual sequence of letters
save and reboot to force a write ...
then use search to find a file with that sequence as contents.
Take note of the name of the file and look for similar

similary if the logger is no longer running .. dig out some recent documents
and search for the contents of those .. also search for passwords

> 2. Determine if the file has been sent?

Find the detailed description of the keylogger.trojan at symantec, mcafee
or trend
to check how it operates .. this may also help you to locate the log file(s)

> 3. Determine if a send mail application has been loaded on my PC?

Install a decent firewall and watch for connection attempts. Zonealarm will
do what you want there.

>
> Thank in advance for any help.
>
> Dave