Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: Detecting and Removing Key Loggers and RATs

by: swede71 January 5, 2005 7:54 PM PST

Like this

0 people like this thread

Staff pick

Detecting and Removing Key Loggers and RATs

by swede71 - 1/5/05 7:54 PM

I've been doing a little reading about key loggers and RATs (Remote Access Trojans). A number of the commercial key loggers claim to be undetectable after being installed stealthily. I am guessing the hackers have versions that they feel also are undetectable.

Are there in fact some key loggers (commercial or otherwise) that are undetectable?

What's the best way to detect and remove key loggers and or RATs?

Does anyone have any tips to setting up (or even choosing) firewalls to help stop key loggers?

Any help in this area would be greatly appreciated!

Thanks!


Discussion locked
Report offensive post
Email to friend

Re:Detecting and removing keyloggers and RATs

by badabing - 1/6/05 4:56 AM

In Reply to: Detecting and Removing Key Loggers and RATs by swede71

I was hoping someone would answer this,I'd like some more info in this direction.Here's the little I know,the anti-spyware product ezPest Patrol specifically targets RATs and keyloggers.

http://store.ca.com/dr/v2/ec_main.entry25?page=PestPatrolFeatures&client=ComputerAssociates&sid=35715


Was this reply helpful? (0)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

Here is

by roddy32 Moderator - 1/6/05 5:21 AM

In Reply to: Detecting and Removing Key Loggers and RATs by swede71

a link. This is what McAfee says about them. The following description is fairly generic and applicable to a wide variety of Remote Access Trojans.
http://vil.nai.com/vil/content/v_99400.htm

Some firewalls will block some of these and also some of the popular free spyware applications will block some of them including some keyloggers too. Here are 3 of them.

Spybot S&D (download, check for updates, read the tutorial and scan often, it also does some blocking)
http://www.safer-networking.org/en/home/index.html

SpywareBlaster (a blocker only, download it, check for updates, enable it and leave it alone except for checking for updates occasionally)
http://www.javacoolsoftware.com/spywareblaster.html


SpywareGuard (similiar to SpywareBlaster but works in a different way and does not update as often for that reason.
http://www.javacoolsoftware.com/spywareguard.html


Was this reply helpful? (0)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

Spybot "Advanced Users Only"

by Neo000100 - 1/6/05 5:55 AM

In Reply to: Detecting and Removing Key Loggers and RATs by swede71

Spybot has a lot of neat little tools in it that the standard user isn't aware of: Disclaimer: use only if you have advance knowledge...

There is an "Advanced" mode which can list all "BHO, and Services , Process list with some details, System Startup lists and such.

You can do a better search and erradicate pesky ones that most Spy detectors wont


Was this reply helpful? (0)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

The hardware keylogger.

by R. Proffitt Moderator - 1/6/05 6:18 AM

In Reply to: Detecting and Removing Key Loggers and RATs by swede71

When faced with a savvy user that needs monitoring, we just log the IP addresses that the machine accesses (web sites) as well as install a new keyboard for them.

Read http://www.keyghost.com/

The keyboard version seems to be undetectable...

Bob


Was this reply helpful? (0)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

Keyloggers ARE undetectable

by jv - 1/7/05 12:55 AM

In Reply to: The hardware keylogger. by R. Proffitt Moderator

pcAnywehre is a keylogger so are other pieces of normal software.

If you install software that has been hcked well you may install a keylogger that is undetctable by any software package.

Analyzing network and file traffic on new programs in a before/after mode can be helpful in detecting this.


Was this reply helpful? (0)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

Detecting and Removing Key Loggers

by ncblessed - 1/7/05 5:06 AM

In Reply to: Detecting and Removing Key Loggers and RATs by swede71

I discovered there was a key logger program installed on my computer. My computer had not been shutting down properly. Periodically I look at my Internet history to see where I've been on the web. I noticed a site called Karl Marx and I knew that I had not gone to that website. As I looked more into the history for the past two weeks, I noticed that the Karl Marx website always appeared in history when I went to a site that required a login. Then I did a search on Karl Marx and found out how to remove it. I don't have the information on me, but if you ever run into this, do a search on Karl Marx keylogger and you should find information on how to get rid of this one.


Was this reply helpful? (0)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

RAT-like Program

by Tech51 - 1/7/05 7:50 AM

In Reply to: Detecting and Removing Key Loggers and RATs by swede71

I have zero experience with key loggers, but I have had a couple of run-ins with a RAT-like program, the last one about 6 months ago. This program used a specific port to access an external server and check for instructions/commands from a master. It would then perform the commands, go to sleep for a predetermined time and check again. The first noticable symptom was that the PC was unstable and the performance was quite bad. In reviewing the firewall log I found the PC was accessing a Web site on a schedule using a specific port. I would assume that key loggers work similarly or may even use email to send the information back to a home site. This find led me to make a change in my security policy. Originally, the policy was to block all inbound ports and block known malicious ports going outbound. Now, the policy is to block all inbound ports and block all outbound ports except the ports I know I use (20,21,25,80,113,443, and a few others). Of course, these RAT-like programs can use any of the 'good' ports for external access, but at least it is a start in the right direction. Using a firewall that can block ports in both directions and a router that can also block is a good way to mitigate the risk, but of course not a 100% solution.
Another tidbit is to review your 'hosts' file for entries that might be redirecting you to a site you don't want to go to. You can make your 'hosts' file read-only preventing all but sophisticated malicious programs from modifying this file. As mentioned in another post, Spybot has an advanced mode that can help with this, but caution is advised if you are not comfortable with the terminology used in this mode.

Hope this helps.


Was this reply helpful? (0)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

Reply....Detecting and Removing Key Loggers and RATs

by Nordstar - 1/8/05 5:45 AM

In Reply to: Detecting and Removing Key Loggers and RATs by swede71

1:st!!! Sorry for my bad english!!!...
Pc-Sequrity is a difficult task.Mainly all commersial Prog's have some kind of a Trojan or keylogger,spyware.
Realplayer is one known.Even hardware, such as Creative installs it via there software and updatepossibilities.Most of them are harmless.Mostly they are using cookies.You register your prog's.Don't you???You are buggd.Thats a fakt of today.HAve you heard of the so called "black boxes", on the INET-providers servers.They are logging every single bit that is tranceferd through it's network....So what can you do.Today Internet is used by all in all perposes.Information is flowing rappidly.Sivilians,military,governments,companies.Even "Terrorist's".
Name it!!!!....The last sentence "Terrorist's" opend up a new perspectiv on the Internet.How to track all the communication that was flowing in the inets cables.
Just know one thing...All you do on the internet...Regard it as if you are exposed outwords.See my profile for my pc-setup.I then keep tracking loggs over my registrysettings,installed prog's and path's,allways empties my temp-folders for internet and (windows of suspects).Empties my Cookie-folder.Cleans my "Trachcan".Even the real one.
Burn papers....Hehe.Just a joke!But i know that what ever i do..All my inetcommunications have been tracked by the black box.I know that this letter maybe triggerd the blackbox scannerdivice by the word"Terrorist"....That is a fakt.....
You can offcourse encrypt everything.But what the heck.
The best you can do is...Be suspicious to anything that you don't know of.
One more thing...Alt-Contr-Del.Check all processes.Write them down when you know that the computer is clean.Then keep track of the listed items and all the changes there.Keep tracking after every new installation.Also after every programexecution.Some are not totaly closing down.Leaving tracking prog's in the behind.Well.. hope that can help you a littlebit in the hard task of tracking down the spy's that are out there tracking down all your behaviors on the NET of Computer's.Beast's.666'es.The totalsum of the binary code by nummerology.The checksum of the beast.Ad it to your name and your trough nature will be reveald.ID-checksum..By binary code.Code-Decode......


Was this reply helpful? (1)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

Nordstar, your English is just fine...

by glenn30 - 1/8/05 6:21 AM

In Reply to: Reply....Detecting and Removing Key Loggers and RATs by Nordstar

I understand your post quite well and extend my thanks for the contribution. Looking forward to seeing more from you and other Swedish friends in the future.

Happy New Year!

Glenn


Was this reply helpful? (1)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

How to detect a keylogger

by robin732 - 7/11/07 10:10 AM

In Reply to: Nordstar, your English is just fine... by glenn30

I would like to know if there is any software that can detect if someone has installed a keylogger or other software on my computer without me knowing it? I am running Windows XP Pro if that is helpful at all.


Was this reply helpful? (0)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

Detecting Keyloggers

by Blueswoman1 - 1/19/05 11:46 AM

In Reply to: Detecting and Removing Key Loggers and RATs by swede71

I have Ad-Aware Plus(NOT ADWARE-VERY BAD NEWS!)
With it comes Adwatch, a realtime watch dog.
I turned it off for a couple of weeks when I was doing software installs.It was a pain because every time I installed software the adwatch would block my program from the registry.Anyway,my machine was slow and my browser was constantly being hijacked. That;s when I ran Ad-Aware for spyware and malicious activity. When done I had 65 new critical objects and one of them was a keylogger. Coolwebsearch and .gator were the culprits. After the cleanup I used my Advanced System Optimizer and got the coolwebsearch crap out of my registry. My AdWatch is currently running , but I put it on manual mode so I know what and who are doing and trying to download what on my PC. SO far so good. I don't know if adwatch if on at the time would have caught the keylogger before getting into my system. I hope it would. It's gone for now!


Was this reply helpful? (0)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

Software for a MAC

by ek1359 - 2/23/09 1:34 PM

In Reply to: Detecting Keyloggers by Blueswoman1

I just read throught this entire thread...

What software would be good to detect those commercial (and even the remote ones) keyloggers and the RAT's?

I would like to install a detector one on my MAC.


Was this reply helpful? (0)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

Have a look...........

by Marianna Schmudlach - 2/23/09 2:07 PM

In Reply to: Software for a MAC by ek1359

here:

http://seussbeta.tripod.com/data.html


Was this reply helpful? (0)   (0)

Staff pick

Discussion locked
Report offensive post
Email to friend

More Discussions

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close