|
cinn -> RE: Computer Questions (3/4/2006 6:39:54 PM)
|
Hi there, (Hope this post isn't too technical for you, but I thought I'd include some detail!)
If you get a (software) personal firewall such as Kerio or Zone Alarm (Kerio i know has a 30 day trial of the full version after which some web-content filtering options are disabled) and install it in "learning mode" (zone alarm calls it something similar) then you should be able to permit/allow any connection being made from software running on your computer. the only exceptions to this are things such as windows services which sometimes operate at a level 'below' kerio's jurisdiction. If you see any shifty looking apps trying to connect out, just "deny" them and if they recur, you can tell it to "always deny" (or permit). If the potential keylogger can't connect to the net, it can't send it's keys.
Also go with the whole antivirus (www.grisoft.com - AVG is good, if they still do a free version) and anti-spyware (spybot-SD from ?? (google :)) is excellent) thing.
-x-
It is somewhat unlikely that a software keylogger would survive a hard-drive format, although entirely possible. Well, strictly that's not true. 'Standard' formatting can leave all the files on the drive intact. Soppose the keylogger were to somehow be read off the drive after the format, it could reinstate itself.
To be safe, you can try doing a 'low level' format. Google for disk management tools - there's several applications out there that will allow you to do this, some will also allow you to 'wipe' the hard-drive by writing random patterns all over the data area as part of the format process too.
Bit of technobabble now: A normal format essentially modifies the part of the hard drive that tells your system where on the drive the files are, resetting it to "no files around here guv'nor...". As the files are infact 'still there but no one knows how to get to them', it is possible (although unlikely) that somehow the keylogger is being read off the disk once you reinstall windows etc, and is reinstated.
On the other hand, a low level format will set all data-blocks on the hard disk to an "empty" value as well.
-x-
If you have a hardware keylogger, as previous posters have said you'll likely have something physical you can just rip out of the pc (you have to rip quite lovingly if you want it (PC) to work afterwards though!). Examples I am aware of are PCI-Slot devices inside the box (already mentioned) and external devices which are basically a little innocent looking 'adapter' that sits between the keyboard and the box, normally where the keyboard plugs into the box itself.
Either type of keylogger _CAN_ have a trigger phrase (I'd have thought a hardware one certainly would), which will cause them to spit out all the keystrokes they have logged since last being emptied. Thus, to gain access to the keystrokes the person who planted the logger has to be able to get access to the machine to send keystrokes to it.
In most cases (especially with a hardware keylogger) this will be physical access to the machine - i.e. they come to your PC, grab a copy of the logged keys, clear the keylogger's memory and leave again. It is however _possible_ that (as you seem to have 'another user logged on' type circumstances) the attacker is using something such as a Remote Desktop Connection to log in to your PC from 'outside', and grab the logged keystrokes.
Both of the above are only possibilities, please don't get freaked and think there's somebody doing either of the above just because it's possible. In the case of remote logins, Kerio or similar (personal firewall) should enable you to block the incoming connection anyway. It'll also let you know where the keylogger is connecting to, which can come in handy if you want to elevate this i.e. call the feds.
-x-
Umm... really sorry for such a lengthy and esoteric post, once I got started it just came pouring out. Hope it helps in some way though, even if you understand it a bit better if nothing else ;)
Ciao
|
|
|
|
