Help support TMP


" Suspect a friend has been struck by a keylogger" Topic


6 Posts

All members in good standing are free to post here. Opinions expressed here are solely those of the posters, and have not been cleared with nor are they endorsed by The Miniatures Page.

For more information, see the TMP FAQ.


Back to the Computer Stuff Plus Board



368 hits since 30 Jun 2015
©1994-2017 Bill Armintrout
Comments or corrections?

Ed Mohrmann Supporting Member of TMP30 Jun 2015 4:11 p.m. PST

Malwarbytes shows a 'clean' system, though. However,
her texts and e-mails are showing up in places to which
she did not send them.

Anyone know (1) how to detect such software (2) how it
might have been introduced to her system (3) any
work-arounds until it gets expunged (4) a way to figure
out who introduced it into her system.

Thanks for any info

Personal logo Andrew Walters Supporting Member of TMP01 Jul 2015 8:27 a.m. PST

I'm not an expert, but I've read a few things, here are a few ideas…

First, try at least one additional anti-malware app.

Second, check the USB devices. The keyboard is almost certainly connected by USB (internally if it's a laptop), and all USB devices see all the USB traffic. Either someone added a little USB device, possibly between two good USB devices, or one of the USB devices she purchased had malware in it.

There was an incident a few years ago where a worker at a factory that made battery chargers that connected by USB put malware into the device, so buyers introduced malware when they connected a fresh-from-the=factory device to their computers.

As for workarounds, if you have a keylogger someone, presumably malicious, gets to know everything you type. So don't type anything. browse, play games – ones that don't require passwords, but simply do not do anything important on a computer you don't trust.

As for who introduced it into the system, if it's a physical key logger you need to look at physical access, and maybe fingerprints. If it's software there's no way to know, and the information may not be useful anyway. If it came in attached to something else the sender may well not have known it was there, and the real culprit is some slimy guy in Russia who never heard of you anyway.

If the only symptom is email and texts going to the wrong place it may simply be user error or a bug.

If there really is a malicious key logger on the machine you must get rid of it and then change every password. Every single one. Otherwise the bad guys have your accounts.

Guinny Inactive Member01 Jul 2015 8:39 a.m. PST

One important thing – if she does anything financial on there, contact her bank directly and get passwords changed. Also, find a totally different computer and change all other vital passwords (PayPal, eBay, anything involving money) that she can think of.

Personal logo Weasel Supporting Member of TMP01 Jul 2015 10:31 a.m. PST

Wipe the system completely, no "backup partitions", clean reinstall.

Some malware takes active measures to avoid detection, so you can also try a live CD/USB solution like BitDefender

link

RavenscraftCybernetics Inactive Member01 Jul 2015 10:52 a.m. PST

an ez way to check for malware is thru the contro; panel> programs and features.
when the list is generated, right click and tell it to sort by date. the latest install will appear at the top of the list. nuke everything that you know you didnt install.

Personal logo etotheipi Sponsoring Member of TMP01 Jul 2015 12:37 p.m. PST

However,
her texts and e-mails are showing up in places to which
she did not send them.

A first step would be a better look at the issue. What do you mean by the above statement?

Pretty much everything you send through the Internet goes to and through places to which you didn't send it. While an interesting fact by itself (one we often don't think about enough), it has some important impacts on the issue:

(1) Her data could be being routed through equipment causing unintended side-effects. While every packet you send has its own destiny, geographically and temporally local packets to and from common addresses tend to follow similar paths. There are probably hundreds of possible ways you could get from home to work, but only a couple that you actually use. If one of them is not behaving how it is intended to, you could get problems.

(2) Someone could be intentionally hijacking traffic in her local routing neighborhood. The important thing to realize is that your "local routing neighborhood" could include other countries that don't have the same type of privacy laws your friend has.

Again, interesting diversions, but with a point. These are two (of a couple dozen) things that could be causing the issue. Neither of them (or most of the others) are caused by malware resident on your friend's system, and thus are not detectable or correctable by malware defense techniques.

Sorry - only verified members can post on the forums.