Suspected keylogger on my laptop

ianmc38

I know this is a little off topic but hope someone in here can help. maybe mods can cross post for me in computers.

I'm almost certain my new laptop has a keylogger installed on it. I've been logged out of msn several times from another location. My credit card account online was also closed due to a number of wrong passwords being entered.

I've since changed all my passwords from a different pc but i still need to find if there is a threat on my laptop. I currently use malwarebytes and spybot search and destory along with nod32 av. Does anyone know what is the best keylogger detetciuon software? Formatting and reinstalling is a last resort right now.

Thanks!

BigCityBanker

this happened HeeHawsCantona much to his expense and after he initially posted a few threads and was laughed at it was then discovered that he wasnt a member of the pmg onlione poker is rigged brigade.

Dev subsequently created a topic and a how to protect etc, think it may have been added to the best of threads, if not search for threads started by Dev, id guess april-june 2007.

strewelpeter

<snip>long boring post </snip>

You know that reformatting is the only option

Wreck

You'll get better advice elsewhere, but in the short term create a word doc with your passwords on another pc and stick it on a USB key. When you want to log in to something copy and paste from the word doc, as the keylogger won't be able to read this. Obviously be very careful with the USB key!

Anti-virus and spyware software will get rid of most unwanted stuff, but as mentioned already the only way to be certain is a reformat.

techie

Op, do a google search for combofix and run this, very quick utility to remove anything running that shouldn't be.

ArmaniJeanss

The security post by Devore

http://www.boards.ie/vbulletin/showthread.php?t=2055103249

zuutroy

Run trend micro house call imo. Very comprehensive online scan.

CourierCollie

Maybe stick up a post here http://boards.ie/vbulletin/forumdisplay.php?f=1009
ActorSeeksJob will sort it out for you. I've witnessed him clear up some messy sh1t.

Samba

Once you get your laptop cleaned (and formatting is the best option at this point)

Install the following

http://www.avira.com/en/download/index.html

Above is very good AV

http://www.personalfirewall.comodo.com/

And a good firewall with built in AV that i have no idea of it's abilities so i'd stick to the Avira which is proven to be good. You also have a defence+ system which will alert you to any software changes which would occur when you are hacked.

I was also going to rec. AVG rootkit but it appears they are no longer supporting updates for this as it's built in to their latest software.

Personally i'd be highly motivated to retrieve the broadcast address and hand it over to a few mates to work on....that's just me though

Chances are you will only find a dead end but...

If you are interested in seeing what connections are active.

Run < cmd < netstat

fatguy

I'm almost certain my new laptop has a keylogger installed on it. I've been logged out of msn several times from another location. My credit card account online was also closed due to a number of wrong passwords being entered.

If you had a keylogger, they wouldn't have entered the wrong password would they? Unless they were trawling your logs for things that look like usernames and passwords and trying them all on sites you'd been to, and you got lucky. I would certainly imagine that your poker accounts would have been cleaned out by now, but they might not know what sites you play on if all you do is launch the app by clicking on an icon.

The MSN thing definitely seems weird though. The only way to be 100% safe is to reformat the box then change all your passwords. I see you've done the second already, but you'll have to do it again since if the logger is still there and you've used the laptop, they have them all now. But Nod32 is probably the best AV out there, if it's been there for a while it would have caught it by now.

ianmc38

i changed my password for msn and was using another pc and then someone started tryong to login. One of my poker accounts was also accessed though luckily i had nothing in it.

fatguy

Reformat. Don't use the laptop for anything until you've done that.

Re: USB key. Surely any good keylogger will periodically copy the contents of the clipboard too?

mocata

Kaspersky Internet security is the nuts for future prevention. As strewelpeter says format is ur only 100% way out. When i am out and about i use logmein to dial back into my home pc for anything like banking, adds an extra layer of security, and use long passphrases instead of words with numbers mixed in eg 1aNw@nnaUs£N£t4Pron its a lot harder for password crackers to do a brute force on.

sikes

to try to avoid this, you could try running seperate virtual machines, one for poker, the other for your day to day ****. that way when you get a keylogger from downloading ****, it will only exist within the context of that virtual machine.

Samba

On the off chance you're dealing with a dumb ass, i'd request IP logs from the poker room.


http://www.ip-adress.com/whois/

Probably running from some proxy and well hidden, but always worth checking out at least.

And also

I would advise going through the following.

http://www.governmentsecurity.org/forum/index.php?showtopic=1480

Control Panel > Administrative tools > Services

Now, don't all go running off disabling every service listed in there please

Some of them you will need so before you make any changes be sure you understand what that services specific function is, as you may well need it presently or in the future.

The main one to kill is - Universal Plug and Play Device Host and SSDP Discovery Service

The info applies to Windows XP.

ocallagh

stop smoking dope

Samba

ocallagh wrote: »

stop smoking dope

lol

Yeah and don't click on those download weed direct to your desktop now links

MrPillowTalk

Stay off free porn sites imo

Amalgam

For future browsing habits, I'd steer clear of Internet Explorer (if you can) and use the Firefox (http://www.mozilla-europe.org/en/firefox/) web browser.

You can then use 'plugins' within Firefox, which can limit unpleasant behaviour from just about every web site.

To give you an example, very popular plugins would be:

Adblock Plus (https://addons.mozilla.org/en-US/firefox/addon/1865)

NoScript (https://addons.mozilla.org/en-US/firefox/addon/722)

Just a heads up.

As far as the keylogger goes, I would reformat and start afresh, possibly get someone that knows their way around a PC to do a secure format first, using the likes of Dban etc.

Back everything up first, whatever you do.

Tar.Aldarion

redtube strikes again.

HalfBaked

MrPillowTalk wrote: »

Stay off Kiddy porn sites imo

.

phantom_lord

i just use avg and spybot, is there any other stuff i should get?

pok3rplaya

pretty sure avg sucks major hairy ones. Check out some reviews on the net.

cardshark202

I thought avg was one of the best free anti-virus software available?

Tar.Aldarion

avg is good.

tm2204

cardshark202 wrote: »

I thought avg was one of the best free anti-virus software available?

It is.

CourierCollie

Any chance of an update from ianmc38? I'm really surprised that malwarebites didn't find anything. Was it just old fashioned identity theft?

cardshark202

tm2204 wrote: »

It is.

yeah I don't get where pokerplaya got his idea from

pok3rplaya

Well I did a ton of research into this when I was updating my security a few months back. Basically I'm basing my opinion from this:

http://www.matousec.com/projects/firewall-challenge/results.php

Which gives AVG a score of 5%. As far as I can tell that it the most comprehensive security package comparison on the net.

In the end I decided to get online armour because I figured it was the best.

Here's another comparison that picked Online Armour as top:
http://www.consumersearch.com/firewalls

Anyways I think you're crazy if you have thousands of € protected by a simple password and you're using free anti-virus software when a better version costs $40.

ocallagh

When they have a "Get it now" link on their comparison site I'm always weary. Not saying the comparison is off the charts biased or anything but why would they promote something they can't get commision on. The purchase links are most certainly tracked by affiliate ID

You need 1 thing for sure: A decent Firewall. Windows also has an anti spyware program (Windows Defender) built in which does the job.

And if you open loads of junk emails and download a lot you need an anti virus software. All the free ones do basically the same thing. Some will pick up new viruses quicker in their updates but really the only differences as far as I can tell are the extra features. If you have a really unique virus trying to pick up passwords off your PC I don't know if any of them will deal with it properly.

If I had 20 or 50k online I didn't want someone getting their hands on I'd be reformating that HD and reinstalling windows fairly fast. Going forward I'd then lock down my computer as much as I can. Follow these instructions here: http://www.pcworld.com/businesscenter/article/156019/secure_your_vista_pc_in_10_easy_steps.html

paying specific attention to the 2nd page on enabling Two Way firewall protection (for outbound traffic too). I'd probably give in and install an anti virus program too, and I genuinely don't know if the expensive ones are any better than the free ones. Any company I've worked for had McAfee so maybe they're decent? I dunno... By locking down windows though and just being careful you're 99% there. The anti virus program is a last resort IMO

digiman

ocallagh wrote: »

Follow these instructions here: http://www.pcworld.com/businesscenter/article/156019/secure_your_vista_pc_in_10_easy_steps.html

paying specific attention to the 2nd page on enabling Two Way firewall protection (for outbound traffic too).

Just as a word of warning when I tried this step I lost connectivity to the internet. I don't think I done anything wrong put the way to fix it if you forget the wf.msc command is to turn off your firewall and this will get your internet back on again. I had the page with the information closed down and wasn't able to load it up then when my connectivity went.