Keylogger

[DirkStruan]

Hello all

Does anyone know anything about "Inside-Keylogger" and more specifically how to totally remove it from a PC? Are there any Spyware removal tools out there that will irradicate it?

I see from their website that the folders are (supposedly) undetectable and the encrypted files are emailed to a give address.

If it can't be removed without the necessary passwords, does anyone know if it can be disabled in some way or the emailing of the results blocked/address changed.

I've no background on security issues, so please feel free to treat me like a clueless idiot.

All I have done so far is gone into the start menu/run/msconfig to prevent it from running on start up, but this would seem a huge weakness for such a product, and I therefore expect will not be sufficient.

Thanks in advance.

Dirk

 

[satrow]

Hi Dirk, I hope removing this does not put your job in jeopardy!

I'd start by running Hijackthis and posting a logfile, this should enable us to see where it's running from.

An anti-rootkit app should find the files and folders, no matter where they're hidden.

Some of the better anti-malware apps are likely to be able to pick this up and remove most traces, start with Ewido.

HijackThis

http://www.majorgeeks.com/download.php?det=3155

Sophos Anti Rootkit

http://www.majorgeeks.com/Sophos_Anti-Rootkit_d5238.html

F-Secure Blacklight

http://www.majorgeeks.com/F-Secure_BlackLight_d5156.html

Rootkit Revealer

http://www.majorgeeks.com/Rootkit_Revealer_d4652.html

Ewido Anti-Malware

http://www.majorgeeks.com/Ewido_Anti-Malware_d4677.html

Best not to action anything without checking and double-checking first - forum760 is a good place to start asking, I would wait for some input from T-T member pecenegs before deciding on a course of action.

 

[satrow]

I would wait for some input from T-T member pechenegs before deciding on a course of action.

Sorry for the original mis-spelling!

 

[DirkStruan]

Hi Satrow

Many thanks for your advice. I will look into the sites you've mentioned (along with some of the phrases which aren't familiar - e.g. I've never heard of a anti-rootkit app before but I think I will be getting acquainted with it!)

I will also check out the Virus / Spyware discussion forum you've highlighted for some initial background reading.

By the way, there's no job risk involved as it's not work related - a couple I know have split up and one of them is being "difficult".

Thanks again

Dirk

 

[sporty1310]

Can you point me in the right direction to find someone to help me answer this.
If I have used a computer at home, originally bought by my husbands own company which he then said I could have in a financial settlement(we have seperated). Then he removed the pc (having broken in the house, we seperated a year before) where do i stand over getting all my data back from the machine?

I am a teacher and it includes lots of sports photos of children at school who I teach, i would have thought leglly he cant have copies of them in his posession? These were all taken with my camera purchased after we seperated. Together with many work documents, some started at school under their licence and brought home on my work memory stick aswell as some started at home so licenced under his name.

Copies of accounts for a rental prperty and my tax return saved etc.

No I didnt back up.
Where do I stand?
He gave me permission to use the pc as it was here for a 11 months after he moved out before he stole it.
I am desperate to get my info back....it includes every photo taken of our children in the last year with my camera.

I don't want the pc...although we had a £438 deal over me buying it...but i want all my files
Do you know enough about this to advise me or point me to the people who may know
Thank you

 

[DirkStruan]

Unfortunately I don't have enough legal background to be able to to help. I would have thought though that the fact it was named in a legal settlement and was then deemed your property was enough to say he has no legal right to it, and I would therefore see the breaking and entering and removing of the PC as two different crimes. Probably best talking to a solicitor in the first place - a quiet word from a legal professional threatening proceedings may be enough to get it back (?).

D

 

[Grenage]

Agreed, I would definitely suggest taking legal aid for this problem. If it was breaking and entering, you'd probably only hae to phone the police.


Carlsberg don't run I.T departments, but if they did they'd probably be more fun.

 

[paintballer]

Back to DirkStruan's question, you can also use a live disk like BartPE or Knoppix STD to get access to any of the files that may be locked or hidden, since you're booting into a different OS, they will not be locked or hidden in the same way.

Another Root kit tool is:

http://www.sysinternals.com/Utilities/RootkitRevealer.html

"RootkitRevealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit."

BartPE:

http://www.nu2.nu/pebuilder/

"Bart's PE Builder helps you build a 'BartPE' (Bart Preinstalled Environment) bootable Windows CD-Rom or DVD from the original Windows XP or Windows Server"


Knoppix STD:

http://s-t-d.org/

"STD is a Linux-based Security Tool. Actually, it is a collection of hundreds if not thousands of open source security tools. It's a Live Linux Distro, which means it runs from a bootable CD in memory without changing the native operating system of the host computer. Its sole purpose in life is to put as many security tools at your disposal with as slick an interface as it can.