I'm wondering if there's any way to see the log files a keylogger created to find out what info has been accessed, and where it was sent.

The keylogger in question was found and removed by SB (banker.fgv) two days ago, and I've never had any indication that my banking or other sensitive financial info was cracked, but I have for several months now suspected that someone I know has been tracing my steps online. (Could just be your garden variety paranoia.)

Anyway - now that the keylogger has been removed, is there a way to find its log files, or evidence of its transmissions?

Thanks!

Hannah

Hello hannahj,


I've never had any indication that my banking or other sensitive financial info was cracked, but I have for several months now suspected that someone I know has been tracing my steps online.
If you believe there is a possibility that the system is still compromised follow the instructions in this link: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Then start a topic in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where an analyst will advise you as soon as available.

It would be prudent to change your online passwords using other system.



Anyway - now that the keylogger has been removed, is there a way to find its log files, or evidence of its transmissions?

The person who did the keylogging would have those.

Basic information: http://en.wikipedia.org/wiki/Keystroke_logging

Best regards. :)

Hi Tashi,
Thanks for your quick reply. I did change my passwords from another computer. Scanning with SB my system now comes up clean.

I understand that the goal of a keylogger program is to send the information to the one who installed it - but I wondered if by viewing my router logs or my firewall logs, for instance, I might find evidence at least of where the logs were being sent. Or is a keylogger that good at covering its tracks?

Hi there,


I understand that the goal of a keylogger program is to send the information to the one who installed it - but I wondered if by viewing my router logs or my firewall logs, for instance, I might find evidence at least of where the logs were being sent?

Quite a few variables are in play.

You can of course analyze router and firewall logs if they are retained back to the time in question.

If you suspect a particular person did they have physical access to the computer.

Is the router passworded, are you using WEP or WPA.

At this point if the PC is clean the best defence might be to use preventative measures rather than try to track down the hacker.

Best regards. :)

Hmmm - I would love to analyse my logs - if only I knew what to look for!

But to answer your questions:

No, they didn't have physical access (I actually suspect that I picked up the keylogger on their myspace page).

Router is indeed passworded and using WEP.

I agree prevention is the best course of action. I'm just dying to know if my suspicions are founded.

Hi hannahj,


(I actually suspect that I picked up the keylogger on their myspace page).

Do you recall the scenario? :)

yes, there were a couple different funky events.

Landing on this particular myspace page popped up a window saying that the page was protected and prompted for a username and password, which I didn't provide but just x-ed out the window. This was absolutely NOT a myspace generated message, it even provided a name of the "security service". At the time I assumed the myspace page had been the victim of a hack that was phishing for other myspace pws. I guess this is still the most likely assumption.

Then another time visiting the page my browser suddenly tried to open several other pages, then froze and I had to use the task manager to shut it down.

I know, not very convincing. But this particular person has been uncannily knowing so much about me for months now, all unrelated and trivial things, and everything they mention is something I have recently searched on. I wish I believed in psychic connections - because that would be a more comfortable explanation. And just to clarify, I am a very grounded, not at all paranoid type of person. (really!)

Hello hannahj,


Then another time visiting the page my browser suddenly tried to open several other pages, then froze and I had to use the task manager to shut it down.

It might have been best not to re-visit the same page. ;)

If there is a possibility that the web page in question is compromised it should be reported to My Space as it could affect other users who go there. :sick:

Best regards.

It might have been best not to re-visit the same page.

See, now here's where we learn something about ourselves and our uncontrollable urges. ;)

tashi offers good advice :oreo:.
If you are still a bit a bit buggy or jumpy, you can always enable the the WPA2 Wi-Fi encryption function on your router. Most routers should support it more or less. It is as simple as a "dropbox" option and clicking "Okay".

tashi offers good advice.
tashi is also a master of understatement!

My router does offer WPA but then I can't put my tivo boxes on the network.

How prevalent do you think hacking into home wi-fi networks is? ( I like my tivo...)

Well, if your router supports WPA or higher, I'd suggest you enable it.

I never knew TiVo supported Wi-Fi o_o.
Well, I think that if you do not have a password on your network it is pretty much susceptible to being accessed without authorization.

Hi hannahj,

How prevalent do you think hacking into home wi-fi networks is? ( I like my tivo...)
Depends on many factors including where you live - for example, if you live in the city more people are likely to be in range of your network thus increasing the risk of someone trying to piggyback off your connection. On the otherhand, I would have thought that the risk is much lower in the countryside due population density being lower.

The WEP password protocol has been easily crackable for some time now and even a flaw in WPA TKIP was discovered and therefore a stronger protocol such as WPA2 (which uses AES password encryption) is suggested to be used. Of course, what's the point of having bandwidth if you can't use devices such as your Tivo? Obviously you have to find the right balance between security and usability. Unfortunately for some strange reason we live in a world where many product designers don't consider their user's security when it comes to wireless connectivity.

Simply put, if you live in an area with a low population density, a password using WEP (albeit crackable) is a better than nothing, but if you live in a highly populated area, then I would strongly consider using WPA2.

Whatever protocol you use you should make sure you use a strong password (http://www.microsoft.com/australia/protect/yourself/password/create.mspx).

It seems that TiVo has released some kind of dongle for series 2 and 3 TiVos that appears to support WPA (although there was no information on TiVo's website). You would, however, have to pay for the damned thing which personally I view as just another way to extract cash out of customers.

Hi drragostea and honda12,

Yes tivo supports wi-fi - up to a point. I already have the "dongle" (good word!) and paid handsomely for it. It appears to only support WEP... sigh.

I have always had a strong pw for my router, but like you said WEP is easily cracked. And I don't live in the country.

I think at this point what I would most like is to be able to scrutinize my router and firewall logs and actually know what I'm looking at. Any idea where I could learn more about this subject?

Thanks to everyone for your help and insights!

Hi there,

DSLReports has specialized forums: http://www.dslreports.com/forum/wsecurity

Hope that helps. :)

Yay - a whole new forum to lose myself in! :)

(I'm never gonna get any work done today.)

Thanks tashi.

Yay - a whole new forum to lose myself in! :)

(I'm never gonna get any work done today.)

Thanks tashi.

:bigthumb: