Re: detecting a keylogger
- From: Sebastian Gottschalk <seppi@xxxxxxxxx>
- Date: Tue, 18 Apr 2006 22:35:18 +0200
Systemguy wrote:
A software keylogger will likely be found if you run a sequence of rootkit
revealer from Sysinternals, Microsoft Windows Defender (beta)tool, and
install a current anti-virus software product with an up-to-date virus
definition file.
ROFL. Nothing of this would help against a modified system executable, a
normally loaded driver or alike - which is typical for a software keylogger.
Beside that, both RKRevealer and Windows Defender (beta!) are crap.
RKRevealer simply installs a service and then crashes when trying to the
ListDir() call and stumbling upon a symlink to a non-inserted removable
medium (without any "Ignore" or "Cancel" possibility). Windows Defender
doesn't even install (the MSI is tagged to require admin rights) and
even when clobbed in manually (including allowing certain otherwise
restricted access) it crashes for plain programmed stupidness.
This should find pretty much all of the nasty stuff out
there.
Only known and/or dumb nasty stuff.
Oh yeah - if you have time to waste you could also take Sebastian's
suggestion and boot off a live linux CD. Wouldn't really accomplish
anything useful though.
It eliminates any threat of system-compromising software (well, if it
was created on a trusted system)? Wouldn't do anything else for online
banking.
.
- Follow-Ups:
- Re: detecting a keylogger
- From: Systemguy
- Re: detecting a keylogger
- References:
- detecting a keylogger
- From: Nicols
- Re: detecting a keylogger
- From: Volker Birk
- Re: detecting a keylogger
- From: the_jos
- Re: detecting a keylogger
- From: Systemguy
- detecting a keylogger
- Prev by Date: Re: detecting a keylogger
- Next by Date: Re: searching a hard disk
- Previous by thread: Re: detecting a keylogger
- Next by thread: Re: detecting a keylogger
- Index(es):
Relevant Pages
|
|
