keylogging help? :(

The geek forum. PHP, Perl, HTML, hardware questions etc.. it's all in here. Got a techie question? We'll sort you out. Ask your questions or post a link to your own site here!

keylogging help? :(

Postby Tenshi no Ai » Mon Dec 24, 2007 11:41 am

First off, I'm probably just paranoid, but double double checking :/

In the Warcraft forums, keyloggers have been popping up everywhere with their seemingly 'innocent' posts and links :/ Well, last night was a time when I wasn't careful and clicked on 3 of the 10 links that were posted. All .jpg, so I thought it was just ya know, pics posted, on a popular topic that gets brought up :/ Turns out I didn't read the other replies until after. The pic took a sec to load because of the size, and that I had WoW in the background. The other links were instant loads. Not sure if that made a difference.

Now, as far as I know, my system has only ever had the more harmless marketing cookies, that many people get. Here's the thing:

-I used Firefox, NOT Internet Explorer
-I found out about NoScript AFTER the fact on this
-My firewall was apparently disabled at the time, to be able to run something a while back and forgot to re enable it :/
-I used my AVG virus scan, came up clear
-I used my newly suggested Spybot Search and Destory, and only showed the third party cookies, no logging files from what I could see (searched all the cookies that I had all up)

Now, since then the ONLY password I've put in, is for my WoW account (and MSN) and so far that has not been hacked into or anything. With the looks of it, maybe Firefox, even without the NoScript is ok? The firewall fact DID worry me a bit though :/

Anyone have suggestions on this, or do you think I'm safe? People in the forums said Firefox is immune to that one (the link, although a .jpg, had random numbers with a .cn, for China, domain. Possible WoW gold farmers hacking accounts, perhaps) but some people were still mentioning NoScript.

Just worried and warned others not to do online banking JUST yet on this comp. Oh, and also is there some alternative to keying in passwords, or can the program also read buttons you type in (if such a program does exist where you can mouse in your pass).

Thanks for your help, keyloggers are horrible :/ Like I said, probably nothing, but just making absolute sure that I'm alright and won't lose my entire bank account savings :/
神 は、 その 独り 子 を お与え に なった ほど に 世 お愛 された。
独り 子 を 信じる 者 が 一人 も滅 ひない で, 永遠 の 命 お得る ため で ある。

ヨハネ 3:16
Image
User avatar
Tenshi no Ai
 
Posts: 4789
Joined: Fri Jul 02, 2004 11:01 am
Location: l

Postby Mr. SmartyPants » Mon Dec 24, 2007 4:09 pm

First off, scan everything to look for keyloggers.

In the meantime, DO NOT TYPE IN YOUR PASSWORD AT ALL. Next time you log into wow, Use the charmap and use copy/paste for every single key. If you do this the keylogger won't be able to detect you typing in your password. If you already used your password for something, I highly recommend changing your password using the method stated above.
User avatar
Mr. SmartyPants
 
Posts: 12541
Joined: Sat Aug 21, 2004 9:00 am

Postby Tenshi no Ai » Mon Dec 24, 2007 4:26 pm

Mr. SmartyPants wrote:First off, scan everything to look for keyloggers.

In the meantime, DO NOT TYPE IN YOUR PASSWORD AT ALL. Next time you log into wow, Use the charmap and use copy/paste for every single key. If you do this the keylogger won't be able to detect you typing in your password. If you already used your password for something, I highly recommend changing your password using the method stated above.


Oh yeah as I mentioned, I did scan through everything and it came up clear. I'll try changing the password once again, although it was weird and wouldn't let me change it :/ The page for it was messed up :/
神 は、 その 独り 子 を お与え に なった ほど に 世 お愛 された。
独り 子 を 信じる 者 が 一人 も滅 ひない で, 永遠 の 命 お得る ため で ある。

ヨハネ 3:16
Image
User avatar
Tenshi no Ai
 
Posts: 4789
Joined: Fri Jul 02, 2004 11:01 am
Location: l

Postby Mr. SmartyPants » Tue Dec 25, 2007 12:38 am

Another way to bypass a keylogger is to add in extra letters, and then delete them one by one.

Let's say that your password was "password". What you would do is type in something like "ipjtalfsisnwoournd" or "whitepasscharacterword" and then just delete the parts that aren't your password.

But if your system is cleared of any keyloggers, I say that you're fine.
User avatar
Mr. SmartyPants
 
Posts: 12541
Joined: Sat Aug 21, 2004 9:00 am

Postby Mithrandir » Tue Dec 25, 2007 8:16 am

I'm probably more paranoid than you, and I'll admit that up front. I deal with this kinda of stuff at work, and there's really only one sure-fire bet:

"When in doubt, reformat."

That's the only real way to be sure. A good virus/scanner/logger/trojan can load itself into the kernel, or detect a scan, and keep itself only in RAM - dropping back to disk after the scan. It's VERY difficult to be CERTAIN you've caught everything with an off-the-shelf scanner. Remember, the virus/trojan/logger/scanner people have access to any anti-virus program you have access to.

If you have a full system backup, a clever computer user can check each file between them to be sure the files are the same (using md5/rsa checksums).

I'm a little skeptical about MSP's advice. If *I* was writing a keylogger, I would log everything, including the deletes and arrow keys. It's fairly trivial to write a program to play it all back. I would also capture the output of the paste function.

Bottom line, if you REALLY want peace of mind, backup all your data, and reformat your hard drive.


Again, I admit up front (well, now it's past, but you know what I mean) that I am paranoid.

HIH
User avatar
Mithrandir
 
Posts: 11071
Joined: Fri Jun 27, 2003 12:00 pm
Location: You will be baked. And then there will be cake.

Postby Tenshi no Ai » Wed Dec 26, 2007 10:59 am

I might even try that. So far, no hacks or anything in WoW nor elsewhere.

Another thing I did was to check all the programs running in the back. Checked them all up and none were suspicious. But then again, Keyloggers can be smart cookies (quite literally there :/) and may not even show up on that.

Maybe a nice reformat will clean up a bunch of stuff too. I remember doing it once when my old comp was failing me, and alot of stuff sure ran alot smoother after it.... but onyl for a while until it went kaput^^
神 は、 その 独り 子 を お与え に なった ほど に 世 お愛 された。
独り 子 を 信じる 者 が 一人 も滅 ひない で, 永遠 の 命 お得る ため で ある。

ヨハネ 3:16
Image
User avatar
Tenshi no Ai
 
Posts: 4789
Joined: Fri Jul 02, 2004 11:01 am
Location: l

Postby Mithrandir » Fri Dec 28, 2007 10:35 pm

Don't forget to backup EVERYTHING. Considering the costs of Hard drives these days, you're usually better off buying an external one, and swapping it out with the one in your computer. Then format and install on THAT drive.

You can then keep your original in the external case, so you can go back and get whatever you need off it later. If you haven't needed it in a few years, reformat it.

(This coming from someone who lost a very high level character in an online game because he didn't know the non-standard location for one of the files.
User avatar
Mithrandir
 
Posts: 11071
Joined: Fri Jun 27, 2003 12:00 pm
Location: You will be baked. And then there will be cake.

Postby yippee2393 » Wed Jan 02, 2008 11:40 am

One other thing...if you ever need to scan for spyware again, download the AdAware Anti-Spyware free version. Use both that and SpyBot Search and Destroy and you'll get almost everything.
[SIGPIC][/SIGPIC]


I'm really good with computers! :comp: See?

Actually, I really am. And I'm into programming, 3D modelling, and image editing too...and I'm willing to help people with these things.


TobyMac, KJ-52, and DC Talk are :cool:!!!


I like and RuneScape and OGame. If you want to become friends on either game, PM me.
User avatar
yippee2393
 
Posts: 26
Joined: Wed Jan 02, 2008 11:03 am
Location: Between the keyboard and the chair


Return to Computing and Links

Who is online

Users browsing this forum: No registered users and 51 guests