Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Trace keylogger's footsteps?

  1. #1
    Junior Member
    Join Date
    Jan 2010
    Posts
    8

    Default Trace keylogger's footsteps?

    I'm wondering if there's any way to see the log files a keylogger created to find out what info has been accessed, and where it was sent.

    The keylogger in question was found and removed by SB (banker.fgv) two days ago, and I've never had any indication that my banking or other sensitive financial info was cracked, but I have for several months now suspected that someone I know has been tracing my steps online. (Could just be your garden variety paranoia.)

    Anyway - now that the keylogger has been removed, is there a way to find its log files, or evidence of its transmissions?

    Thanks!

    Hannah

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,491

    Default

    Hello hannahj,

    Quote Originally Posted by hannahj View Post
    I've never had any indication that my banking or other sensitive financial info was cracked, but I have for several months now suspected that someone I know has been tracing my steps online.
    If you believe there is a possibility that the system is still compromised follow the instructions in this link: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)
    Then start a topic in the Malware Removal Forum where an analyst will advise you as soon as available.

    It would be prudent to change your online passwords using other system.

    Quote Originally Posted by hannahj View Post
    Anyway - now that the keylogger has been removed, is there a way to find its log files, or evidence of its transmissions?
    The person who did the keylogging would have those.

    Basic information: http://en.wikipedia.org/wiki/Keystroke_logging

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Jan 2010
    Posts
    8

    Default

    Hi Tashi,
    Thanks for your quick reply. I did change my passwords from another computer. Scanning with SB my system now comes up clean.

    I understand that the goal of a keylogger program is to send the information to the one who installed it - but I wondered if by viewing my router logs or my firewall logs, for instance, I might find evidence at least of where the logs were being sent. Or is a keylogger that good at covering its tracks?

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,491

    Default

    Hi there,
    Quote Originally Posted by hannahj View Post
    I understand that the goal of a keylogger program is to send the information to the one who installed it - but I wondered if by viewing my router logs or my firewall logs, for instance, I might find evidence at least of where the logs were being sent?
    Quite a few variables are in play.

    You can of course analyze router and firewall logs if they are retained back to the time in question.

    If you suspect a particular person did they have physical access to the computer.

    Is the router passworded, are you using WEP or WPA.

    At this point if the PC is clean the best defence might be to use preventative measures rather than try to track down the hacker.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  5. #5
    Junior Member
    Join Date
    Jan 2010
    Posts
    8

    Default

    Hmmm - I would love to analyse my logs - if only I knew what to look for!

    But to answer your questions:

    No, they didn't have physical access (I actually suspect that I picked up the keylogger on their myspace page).

    Router is indeed passworded and using WEP.

    I agree prevention is the best course of action. I'm just dying to know if my suspicions are founded.

  6. #6
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,491

    Default

    Hi hannahj,
    Quote Originally Posted by hannahj View Post
    (I actually suspect that I picked up the keylogger on their myspace page).
    Do you recall the scenario?
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  7. #7
    Junior Member
    Join Date
    Jan 2010
    Posts
    8

    Default

    yes, there were a couple different funky events.

    Landing on this particular myspace page popped up a window saying that the page was protected and prompted for a username and password, which I didn't provide but just x-ed out the window. This was absolutely NOT a myspace generated message, it even provided a name of the "security service". At the time I assumed the myspace page had been the victim of a hack that was phishing for other myspace pws. I guess this is still the most likely assumption.

    Then another time visiting the page my browser suddenly tried to open several other pages, then froze and I had to use the task manager to shut it down.

    I know, not very convincing. But this particular person has been uncannily knowing so much about me for months now, all unrelated and trivial things, and everything they mention is something I have recently searched on. I wish I believed in psychic connections - because that would be a more comfortable explanation. And just to clarify, I am a very grounded, not at all paranoid type of person. (really!)

  8. #8
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,491

    Default

    Hello hannahj,
    Quote Originally Posted by hannahj View Post
    Then another time visiting the page my browser suddenly tried to open several other pages, then froze and I had to use the task manager to shut it down.
    It might have been best not to re-visit the same page.

    If there is a possibility that the web page in question is compromised it should be reported to My Space as it could affect other users who go there.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  9. #9
    Junior Member
    Join Date
    Jan 2010
    Posts
    8

    Default

    It might have been best not to re-visit the same page.
    See, now here's where we learn something about ourselves and our uncontrollable urges.

  10. #10
    Senior Member drragostea's Avatar
    Join Date
    Jan 2008
    Location
    @Home
    Posts
    3,674

    Default

    tashi offers good advice .
    If you are still a bit a bit buggy or jumpy, you can always enable the the WPA2 Wi-Fi encryption function on your router. Most routers should support it more or less. It is as simple as a "dropbox" option and clicking "Okay".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •