Re: detecting a keylogger

From: "Systemguy" <Me@xxxxxxx>
Date: Wed, 19 Apr 2006 11:09:30 -0400

"Sebastian Gottschalk" <seppi@xxxxxxxxx> wrote in message
news:4al0u1Ftp7ajU1@xxxxxxxxxxxxxxxxx

Systemguy wrote:

A software keylogger will likely be found if you run a sequence of
rootkit
revealer from Sysinternals, Microsoft Windows Defender (beta)tool, and
install a current anti-virus software product with an up-to-date virus
definition file.

ROFL. Nothing of this would help against a modified system executable, a
normally loaded driver or alike - which is typical for a software
keylogger.

Beside that, both RKRevealer and Windows Defender (beta!) are crap.
RKRevealer simply installs a service and then crashes when trying to the
ListDir() call and stumbling upon a symlink to a non-inserted removable
medium (without any "Ignore" or "Cancel" possibility). Windows Defender
doesn't even install (the MSI is tagged to require admin rights) and

Wouldn't you expect to require admin rights when using a utility like this?

even when clobbed in manually (including allowing certain otherwise
restricted access) it crashes for plain programmed stupidness.

Didn't write 'em and certainly didn't claim they were perfect.

This should find pretty much all of the nasty stuff out
there.

Only known and/or dumb nasty stuff.

And that is the majority of the nasty stuff out there. Of course, if you
are
being targetted by a foreign Government then all bets are off.

I did put in the "nothing is guaranteed" disclaimer, remember? ;o)

Oh yeah - if you have time to waste you could also take Sebastian's
suggestion and boot off a live linux CD. Wouldn't really accomplish
anything useful though.

It eliminates any threat of system-compromising software (well, if it
was created on a trusted system)? Wouldn't do anything else for online
banking.

Granted - If you were looking to do this. However, please take a look at
the original question Nicols posted. Your suggestion does not answer it.

.

Follow-Ups:
- Re: detecting a keylogger
  - From: Sebastian Gottschalk

References:
- detecting a keylogger
  - From: Nicols
- Re: detecting a keylogger
  - From: Volker Birk
- Re: detecting a keylogger
  - From: the_jos
- Re: detecting a keylogger
  - From: Systemguy
- Re: detecting a keylogger
  - From: Sebastian Gottschalk

Prev by Date: how can I telnet a win2000 server in a different domain?
Next by Date: Re: how can I telnet a win2000 server in a different domain?
Previous by thread: Re: detecting a keylogger
Next by thread: Re: detecting a keylogger
Index(es):
- Date
- Thread

Relevant Pages

Re: faulting module msvcr71.dll error
... my adobe to the newest version 8.1 and IT WORKED!!! ... copy in the System32 folder with an .old extension, then install the NET ... Windows Defender and/or Spybot Search & Destroy ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Re: faulting module msvcr71.dll error
... copy in the System32 folder with an .old extension, then install the NET ... Windows Defender and/or Spybot Search & Destroy ... Tutorial on how to use HijackThis: ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Re: Googles goes to wrong website/Virus?
... Windows Defender and/or Spybot Search & Destroy ... When I select one of the websites ... I did install a thing a website told me I had ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Re: Install Avast 4.7 Home Edition
... After the install, I notice, when I went into System ... that Windows defender was checking my system about every 15mins to ... After I restarted/turned off computer the color quality switched to 8bits. ... somehow the problem was with McAfee VirusScan. ...
(microsoft.public.windowsxp.help_and_support)
Re: faulting module msvcr71.dll error
... folder with another one with the same version (haw do you find another ... It's also installed with NET Framework 1.1. ... copy in the System32 folder with an .old extension, then install the NET ... Windows Defender and/or Spybot Search & Destroy ...
(microsoft.public.windows.inetexplorer.ie6.browser)