Curse

Divinitys Creature · Jul 22, 2005, 06:35 PM // 18:35

Need a damage calculator? Here's a good recipe:

calc.exe + in game spell descriptions

Aniewiel · Jul 22, 2005, 06:36 PM // 18:36

Quote:

Originally Posted by Balay

I would rather spend some more time to reformat to be 100% sure that i will not have keylogger than use trial programs who usulally dont have all services like customers versions , and i advise others to do the same , its ultimate solution for keyloggers victims.

I never use freeware. I find the best out there and buy it.

*silently endorses Spyware Doctor*

Luggage · Jul 22, 2005, 06:40 PM // 18:40

Quote:

Originally Posted by Algren Cole

on that note...go Download Hijack this...run a scan. It'll pick up the keylogger.

an easier way to do this would be to open your Processes window "ctrl +alt +dlt"...depending on your version of windows/setup you might have to click the "Task Manager" button. Then click the processes tab and either search through for processes that shouldn't be running or post a screen shot of your active processes windowd here and I'll tell you how to remove the keylogger.

It would be a pretty poor hack if it shows up the process window or edits the registry for hijackthis to pick up - but then again I guess a keylogger for guildwars accounts would be for the poor hacks...

Algren Cole · Jul 22, 2005, 06:41 PM // 18:41

*silently endorses linux*

(we don't have these problems on properly built operating systems

)

a keylogger is a running application..you can't keep it OUT of your processes window...if it's on your system and running it'll show up in your processes window.

Luggage · Jul 22, 2005, 06:41 PM // 18:41

Quote:

Originally Posted by Aniewiel

I never use freeware. I find the best out there and buy it.

*silently endorses Spyware Doctor*

The best might very well be freeware.

Balay · Jul 22, 2005, 06:46 PM // 18:46

Quote:

Originally Posted by Algren Cole

*silently endorses linux*

(we don't have these problems on properly built operating systems

)
window.

I would like use linux but ...most(rather all) programs and games are made for windows ,and not all of them can be used on linux

Luggage · Jul 22, 2005, 06:46 PM // 18:46

Quote:

Originally Posted by Algren Cole

*silently endorses linux*

(we don't have these problems on properly built operating systems

)

a keylogger is a running application..you can't keep it OUT of your processes window...if it's on your system and running it'll show up in your processes window.

or you make it a service and run it under one of the svchost.exe threads...
or you shoot it into something else that is often run, like explorer
or you hide it in a 3rd or 4th way

Don't know if it's the best or so but - download proceXP from sysinternals and look at what .dll's are used by any normal process...

EternalTempest · Jul 22, 2005, 06:46 PM // 18:46

Quote:

Originally Posted by Algren Cole

WHOA! don't tell people to format their computers....that's about the dumbest suggestion you can possibly give someone.

to clear something up quickly... A trojan horse and a keylogger are two totally seperate ideas. A trojan horse allows an attacker to access the files on the infected computer much like you would the files on your own computer via a file manager style interface. Generally they consist of a client and a server(you download the server and become infected with it)...very rarely are these applications for any use other than messing around aimlessly on unknown victims computers...Unless you're America Online in which you've dealt with numerous IP tunnelling exploits and the 13 yr old kids that use them.(IP tunnelling is essentially the same idea of a trojan horse. It's for LAN only IP addresses and websites. They force the computer hosting the content to make an outbound connection to you..which emulates your presence on the LAN)

Keyloggers are simply little programs (generally can be done in 15-20 lines of code if you know what you are doing)..that keep track of every key that is pressed...normally in a configuration file on your hard drive. And they upload this information to either an email address...ICQ...or IRC bot(it can email but with the advances in Hex programs this method has been outdated for some years).

on that note...go Download Hijack this...run a scan. It'll pick up the keylogger.

an easier way to do this would be to open your Processes window "ctrl +alt +dlt"...depending on your version of windows/setup you might have to click the "Task Manager" button. Then click the processes tab and either search through for processes that shouldn't be running or post a screen shot of your active processes windowd here and I'll tell you how to remove the keylogger.

It's very good advice but they can nuke there system with hijack this if used incorrectly. It will all depend on the keylogger. If it's mainstream one most anti-virus / anti-spyware should do just find, if you are running all those things and it finds nothing you may want to go as far as running the "recover" software that came with your pc or format / re-install if you did it yourself.

Disagree with the no freeware stuff. Spybot, Adaware, and Ms Antispyware used with each other can knock out almost anything. Now for AV stuff I would go with a paid such as Norton. You can have hidden process running I belive.

Algren Cole · Jul 22, 2005, 06:52 PM // 18:52

Quote:

Originally Posted by Luggage

or you make it a service and run it under one of the svchost.exe threads...
or you shoot it into something else that is often run, like explorer
or you hide it in a 3rd or 4th way

Don't know if it's the best or so but - download proceXP from sysinternals and look at what .dll's are used by any normal process...

1. I would assume you are talking about Advanced Key Logger...the one that installs as a service. The file size for this keylogger is smaller than svchost and should throw up a red light immediately. I also believe this was patched with a recent windows update.

2. to fully hide a keylogger using this method ,you'd have to use createremotethread to inject the dll into explorer.exe. Then set two system hooks: one that watches for window creation, and one that hooks the keyboard... not an easy task for someone hacking something as trivial as an online game...also painfully apparent to anyone that knows anything about their system

hiding applications in a windows environment is incredibly difficult as it's painfully apparent to anyone with even minor experience.

as for the freeware thing...MOST freeware applications work perfectly when coupled with another freeware application. someone else already stated a combination of freeware spyware removal tools that works wonders.

and yes...hijack this can mess your system up pretty badly...but so can simply using your system.

Aniewiel · Jul 22, 2005, 06:56 PM // 18:56

I run a suite of applications, all of which check for a variety of things. Some of them are freeware, others I have bought full-versions of:

Spyware Doctor
VoptXP
Ad-Aware
Start Up Cop
Registry Mechanic
Error Nuker
Spybot-Search & Destroy
Zone Alarm
AVG
Spy Cop

I run each of these at least once a week and, if I suspect some kind of infection, I run all of them one on top of the other.

Algren Cole · Jul 22, 2005, 06:58 PM // 18:58

Quote:

Originally Posted by Balay

I would like use linux but ...most(rather all) programs and games are made for windows ,and not all of them can be used on linux

WINE is an incredibly effective project...most applications can be used in an emulated windows environment. new applications can be tricky to get working and require a bit of programming...but most of the stuff that's been around for a while is WINE compliant.

Luggage · Jul 22, 2005, 07:15 PM // 19:15

No I was purly speaking of methods - I'm not into this scene (or any).
And I stated from the beginning that nobody would make a "good" keylogger for anything like this...

People with "even minor experience" would be in small risk of getting infected with a keylogger that looks for GW passwords tho I guess

OT: Using the mac support in ntfs for hiding files is kind of spiffy tho - have they made a patch for that yet?

Algren Cole · Jul 22, 2005, 07:18 PM // 19:18

Quote:

Originally Posted by Luggage

No I was purly speaking of methods - I'm not into this scene (or any).
And I stated from the beginning that nobody would make a "good" keylogger for anything like this...

People with "even minor experience" would be in small risk of getting infected with a keylogger that looks for GW passwords tho I guess

OT: Using the mac support in ntfs for hiding files is kind of spiffy tho - have they made a patch for that yet?

I don't know if they have...I'd be interested to know though. I haven't used windows in years...had to do an install to play Guild Wars. But it's been about 5 years since i've owned a computer with a Microsoft OS on it...so I'm not completely up to par on my security information regarding windows.. but i'll definately check it out and let ya know

d4nowar · Jul 22, 2005, 07:30 PM // 19:30

Too bad your friend doesn't use a Mac. He would have no problem at all. I've never heard of ANY Mac getting a virus or anything.

You don't usually need any kind of an antivirus or spyware remover or anything like that. All you need is decent knowledge of where those things go in your computer. It is generally in the system32 folder. This is where all of the Devil's minions go. Just look through it and anything that was modified/created on the day the keylogger was downloaded should be looked into carefully.

I do this any time my computer starts to run slow and I almost always get rid of my viruses. You may ask, "It says the file is in use and can't be deleted, what do I do?" I hate Windows for that, but a good program to get rid of those little pests is Dr. Delete.

I think that is all from me.

Teklord · Jul 22, 2005, 07:32 PM // 19:32

Quote:

Originally Posted by Algren Cole

*silently endorses linux*

(we don't have these problems on properly built operating systems

)

a keylogger is a running application..you can't keep it OUT of your processes window...if it's on your system and running it'll show up in your processes window.

I had to stop at this one and reply directly as it is inaccurate. Keylogger's can be invisible to the operating system, the task list, registry... and the like. And yes, this is in a Window's environment. I'm a Network Technician in a fairly large company and we have looked at such programs as a way to control (and sometimes use as evidence) the surfing habits of our community. I have studied extensively one such logger that is for sale by a security company and it absolutely does not show up in any process list or registry. I've run scans using popular and effective programs such as Ad Aware SE Personal, and Spybot S&D and it has FAILED to pick it up. As mentioned by other... the only way to be completely sure you are free of a key logger is to format and rebuild the comprimised system.

If you choose not to believe me, so be it. Just some friendly advice from someone who is in this field and has experience with this stuff.

SOT · Jul 22, 2005, 07:37 PM // 19:37

Quote:

Originally Posted by Aniewiel

We try to find and delete posts like this as soon as they pop up. Sorry for your friend. I hope he manages to get the bug out of his system.

Realize too that it can log all sorts of passwords and information. Any site with a password (banks, EBay, credit cards, etc.) can be accessed with a trojan horse keylogger.

It's imperative that he clean his system with an antivirus and a keystroke logger "finder". Spyware Doctor is one of the best and has a trial version.

I went through this exact thing on Lineage II. The best preventative maintenance is do not go to a site for a gameworld unless it is the official one, or one that is linked to on their 'fansite' listing, because those are verified as legit and safe.

The mere fact he tried to download a hack of anykind tells me that he made his bed, and now must lie in it. If you are going to try to circumvent hard-coded stipulations in a game, online or off, whatever happens cannot be bitched about later.

Whether or not the link caused the keylogging, or the download, your friend, by your own account of things, was SEEKING a hack or exploit program, and thus has no sympathy on my end...

SOT · Jul 22, 2005, 07:38 PM // 19:38

Quote:

Originally Posted by Teklord

I had to stop at this one and reply directly as it is inaccurate. Keylogger's can be invisible to the operating system, the task list, registry... and the like. And yes, this is in a Window's environment. I'm a Network Technician in a fairly large company and we have looked at such programs as a way to control (and sometimes use as evidence) the surfing habits of our community. I have studied extensively one such logger that is for sale by a security company and it absolutely does not show up in any process list or registry. I've run scans using popular and effective programs such as Ad Aware SE Personal, and Spybot S&D and it has FAILED to pick it up. As mentioned by other... the only way to be completely sure you are free of a key logger is to format and rebuild the comprimised system.

If you choose not to believe me, so be it. Just some friendly advice from someone who is in this field and has experience with this stuff.

Yessss...To Obiwan you listen!

Good call bud

Scol · Jul 22, 2005, 08:04 PM // 20:04

Just curious, how would it not show up in processes or whatever? Wouldn't the process have to be in the startup or something of the like? Hijackthis has caught pretty much everything for me in my experiences with malware.

Plus wouldn't a secure personal firewall program block the traffic or ask for permission first before it allows it through?

SOT · Jul 22, 2005, 08:08 PM // 20:08

Quote:

Originally Posted by Scol

Just curious, how would it not show up in processes or whatever? Wouldn't the process have to be in the startup or something of the like? Hijackthis has caught pretty much everything for me in my experiences with malware.

Plus wouldn't a secure personal firewall program block the traffic or ask for permission first before it allows it through?

Nothing is 100% secure.

And no, and no.

Teklord · Jul 22, 2005, 08:13 PM // 20:13

Honestly I don't know how it avoids the process list, I just know it does.

Hijackthis I didn't test on my test system I deployed this particular logger to, so maybe it can... maybe it can't. As for the firewall... a lot of personal firewalls are setup to default allow anything outbound, and only allow inbound based on responses to outbound requests. This makes sense and works as the typical home user doesn't want to be bothered with setting up allow rules for everything they need it to do. Now I've never heard of keyloggers that install themselves from websites but if it were possible, unless it uses a well known port (like 80) then a typical firewall should be blocking it. However, another nifty feature of the program I have tested is that you can combine it into any other program out there. For example, I set it up to install out of a Spyboy 1.4 executable (oh the irony I know)... with the option enabled to delete itself 7 days later. So when you install from that particular Spybot 1.4 executable you are installing the keylogger as well, without realizing it. That of course bypasses all firewall technology as you already have it on your system and you the user are installing it (without realizing it of course).

You'll notice I'm purposefully not naming the actual program or company that creates it. This is simply because I'm quite familiar with Torrent networks, and I have seen copies of it floating around there. I'd prefer not to point potential evil-doers (oh to the days of Darkwing Duck when I was young

) in the right direction where they may try to use this particular program to exploit unsuspecting Guild Wars players.