Curse

singuken · Jul 22, 2005, 08:15 PM // 20:15

Quote:

Originally Posted by Teklord

I had to stop at this one and reply directly as it is inaccurate. Keylogger's can be invisible to the operating system, the task list, registry... and the like. And yes, this is in a Window's environment. I'm a Network Technician in a fairly large company and we have looked at such programs as a way to control (and sometimes use as evidence) the surfing habits of our community. I have studied extensively one such logger that is for sale by a security company and it absolutely does not show up in any process list or registry. I've run scans using popular and effective programs such as Ad Aware SE Personal, and Spybot S&D and it has FAILED to pick it up. As mentioned by other... the only way to be completely sure you are free of a key logger is to format and rebuild the comprimised system.

If you choose not to believe me, so be it. Just some friendly advice from someone who is in this field and has experience with this stuff.

I second all this and I'm also an IT security professional that works for a financial institution and has to protect other people's money. Cleaners are fine and good but the ultimate fix is fdisk and reinstall and if your really paranoid use a disk called DBAN on sourceforge.net.

As far as software firewalls I don't really trust them. With a few lines of a script Win XP SP2 firewall can be disabled but report to the user that it is turned on and the AV is current when in reality the box is wide open.

Loviatar · Jul 22, 2005, 08:15 PM // 20:15

Quote:

Originally Posted by Aniewiel

I run a suite of applications, all of which check for a variety of things. Some of them are freeware, others I have bought full-versions of:

Spyware Doctor
VoptXP
Ad-Aware
Start Up Cop
Registry Mechanic
Error Nuker
Spybot-Search & Destroy
Zone Alarm
AVG
Spy Cop

I run each of these at least once a week and, if I suspect some kind of infection, I run all of them one on top of the other.

i am surprised you dont run this as well since it is bouncing in and out of the top spot all the time

http://www.webroot.com/?rc=266&ac=629&WT.SRCH=1

singuken · Jul 22, 2005, 08:18 PM // 20:18

Quote:

Originally Posted by Loviatar

i am surprised you dont run this as well since it is bouncing in and out of the top spot all the time

http://www.webroot.com/?rc=266&ac=629&WT.SRCH=1

We run the corp version of that on my network at the office.

Godslayer · Jul 22, 2005, 08:26 PM // 20:26

Simple solution for next time:

Partition your drive, or buy a small drive for your operating system.

Install everything on the partition/small drive, and keep your regular files seperate so all you have to do is reformat the partition/small drive, and everything else remains intact.

Then all you need to do is reinstall and you're back to normal.

Scol · Jul 22, 2005, 08:35 PM // 20:35

Yeah, I've seen XP security center get tricked b4. Another system I was working on had an improper uninstall of ZoneAlarm (I think) so the only reason Win still thought it was still active was the presence of one file, if I remember correct... that and the registry. Annoyed the hell out of me cuz the file was "in use."

And yes, partitions are wonderful. Often n00b hackers always code for C:\, when in fact my C:\ is just an empty partition.

Algren Cole · Jul 22, 2005, 08:58 PM // 20:58

Quote:

Originally Posted by Teklord

I had to stop at this one and reply directly as it is inaccurate. Keylogger's can be invisible to the operating system, the task list, registry... and the like. And yes, this is in a Window's environment. I'm a Network Technician in a fairly large company and we have looked at such programs as a way to control (and sometimes use as evidence) the surfing habits of our community. I have studied extensively one such logger that is for sale by a security company and it absolutely does not show up in any process list or registry. I've run scans using popular and effective programs such as Ad Aware SE Personal, and Spybot S&D and it has FAILED to pick it up. As mentioned by other... the only way to be completely sure you are free of a key logger is to format and rebuild the comprimised system.

If you choose not to believe me, so be it. Just some friendly advice from someone who is in this field and has experience with this stuff.

since we're dropping professions....I'm a network security architect for the largest insurance company in the world....

now that we're on an even playing field....anyone that would suggest a reformat has NO experience with a computer...and therefore your entire argument is null & void. The very idea that you, coming from a background in which information is the essential commodity, would suggest a reformat is asinine.

there ARE keyloggers that can be injected as dlls....I took the liberty to assume that anyone with experience hooking and subclassing an operating systems functions would not be wasting their time or effort programming a keylogger for guild wars....

That said. there are numerous ways to detect a keylogger...it's your system you have complete control over it. Windows doesn't have a mind of it's own YOU control it. If there is a keylogger on your system there are better ways to detect and remove it than to reformat your hard drive.

In my 6 years as a developer/architect/programmer I have never ONCE had to reformat a hard drive.....the very idea that you would reformat a hard drive to get rid of something like a keylogger, a preschool style of hacking, is completely absurd.

Teklord · Jul 22, 2005, 09:07 PM // 21:07

Quote:

Originally Posted by Algren Cole

since we're dropping professions....I'm a network security architect for the largest insurance company in the world....

now that we're on an even playing field....anyone that would suggest a reformat has NO experience with a computer...and therefore your entire argument is null & void. The very idea that you, coming from a background in which information is the essential commodity, would suggest a reformat is asinine.

Okay. I've been watching these forums for a while, and I've seen you post quite a bit. So far I've been rather undecided / indifferent about you. That is until now. Now that you are directly attacking me by saying something like the above ("... anyone that would suggest a reformat has NO experience...") you've only proven to me, and likely a whole host of other people, that you are way too full of yourself. The World's Largest Insurance company? Whom might that be? Not that I actually care. I said what I said about my profession becuase I'm not some average joe basement computer enthusiast. I've gone to school for this, although now I bet you'll tell me about all the many degrees you have at World Renowned Institutions... go for it.

Get over yourself.

And BTW, its common knowledge with Network Administrator's everywhere to be a healthy habit to reformat a system at least once a year as part of a regular and view quite often as required maintainence.

Algren Cole · Jul 22, 2005, 09:16 PM // 21:16

I didn't go to college...I honestly don't care how you view me...and don't tell people to reformat their hard drives...it's awful advice

PhineasToke · Jul 22, 2005, 09:18 PM // 21:18

Quote:

Originally Posted by Elythor

If the key-logger is a custom program, your anti-spyware, anti-virus programs won't ever detect them. Because work by detecting known signitures of virii/spy-wares.

As RTSFirebat said...your friend better do a reformat and hope everything becomes right again. I'd go as far as d/ling software from the harddrive manufacturer to perform a low-level format.

Wrong

It is a TROJAN

if you have Norton or Microsoft anti-spyware on the system it WILL find it if auto-protect is loaded.

This is my business, and 75% is cleaning contaminated systems of these pests. One other program I HIGHLY recommend is the Cleaner by MooSoft. Trojan and worm hunter only.
The biggest problem with ganers is lack of maintinance. The soultion is always "format" and start over. Bullcaca. If you had downloaded the MS security patches regularly and did weekly or frequent scans, this wouldn't be an issue.

And speaking of signatures, it is simply an old keylogger customized for Guild Wars, nothing more. I have a "mule" I use to visit all of these wretched sites to specifically test the programs I use, and I haven't found one yet which caused me to have to format a customer's computer.

stratos_v2 · Jul 22, 2005, 09:21 PM // 21:21

I would opt for the computer wipe or let someone with some knowledge in computers clean it for you.
also in the future it might be a good idea to do some of the following things.

use firefox or opera. These are alternative browsers that also run on windows and offer much beter standard security then IE does. (IE is short for Internet Explorer, the browser that ships with windows) firefox link opera link
I would opt for firefox, since it's safe, fast and doesn't have a banner like opera.
(Opera is commercial software, firefox is opensource)

If for some reason you don't want to use anything else then IE or you don't have the security clearance on your computer to install firefox or opera. (or whatever)
Then you should make IE a bit more secure. To do this you need to look under options or preferences of the browser, somewhere there it will list a few zones.
Now you want to put the internet zone on it's highest security setting.
I'm pretty sure this will break all sorts of woozy effects on all sorts of sites, but at least you will be safe.

also copy this file hosts.txt
into one of the following directories depending on your version of windows. (also useful for other Os'es since the list is pretty much filled with al sorts of sites i never need to visit)
Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC
Win 98\ME = C:\WINDOWS
If you are uncertain which version you have, simply copy the file to each of those directories.

every time you want to go to a site. Like say guildwarsguru.com, the computer actually first looks up what IP number that name has. (because the internet works with IP numbers and not names)
The computer does this by querying a server called a DNS (Domain Name Server) however it also looks for a file called hosts on your own computer.
And if the hosts file has a rule about a certain website name, it will use that value.
So if for instance the ip of guildwarsguru.com was 67.15.63.192 but your hosts file listed it as 127.0.0.1 then your browser (and all other software) would try to find the guildwarsguru site at 127.0.0.1. And off course will not find it.
Now the file above lists a very very very long list of sitenames that only have spyware and commercials and viruses or whatever. (the crap of the crop) and redirects it to 127.0.0.1.
127.0.0.1 btw is a set IP in computer land, it is always your own computer.

more information about this file can be found here hosts file guide page

but really if you can just use another browser.

And while where at that topic, you might also want to switch email client.
As you probably have already heard, viruses and trojans via email are hot, and outlook is there prime target for abuse. So switching to a alternative e-mail client gives you a great way to protect yourself against viruses via email.
Take for instance Thunderbird (from the same people as firefox)
It's a opensource mail client that doesn't have all the security bugs that outlook has and has some nice features on top of that. thunderbird link

Now i also wanted to write something about switching away from windows all together but i'm getting a bit tired of trying to remember how windows worked, so i will simply conclude by saying that you should probably be using linux and the gnome desktop. linux link

The only down side is that not all games work on linux, but there already is a slight trend of also offering games for linux. (doom3,quake3,ut2k4,neverwinter nights,some more)

There are also some programs that don't have a equivalent on linux.
there is at the moment no full featured flash editor for linux. (there is a basic one though)
there is no graphical printing/publishing suite. (quark express, photshop CMYK stuff) (although there are some programs on the rise, but there still starting up)

for the rest everything is accounted for and then some more that simply isn't found on windows.
www.gnomefiles.com has a pretty good user friendly list of whats available for the gnome desktop.

Teklord · Jul 22, 2005, 09:23 PM // 21:23

Quote:

Originally Posted by Algren Cole

I didn't go to college...I honestly don't care how you view me...and don't tell people to reformat their hard drives...it's awful advice

I Knew you couldn't leave the schooling thing alone.

However, I can give out any advice I want. In the cases relating to computers and networking it will be adviced based on my education and experience in this field. If you do not like it, that is quite alright. If you feel the need to voice your concerns, again that is quite all right. But don't assume for a second you can take away my right to offer that advice.

Also, just reading that post again: Not all keyloggers found in Guild Wars 3rd party programs will have been programmed specifically for Guild Wars. There is a good chance that most people trying to exploit those programs to gain passwords no little or no programming to begin with. They simply know where to find the tools, and how to use them - much like myself.

Sereng Amaranth · Jul 22, 2005, 09:36 PM // 21:36

Quote:

Originally Posted by Tactical-Dillusions

I'm immune to keyloggers and hackers because i very rarely log out of guildwars.

1) Right-click the shortcut icon for Guild Wars
2) Select Properties
3) In the Target field, add -password=***** (replace asterisks with your password)
4) Never type your password again

stratos_v2 · Jul 22, 2005, 09:39 PM // 21:39

Quote:

Originally Posted by Algren Cole

In my 6 years as a developer/architect/programmer I have never ONCE had to reformat a hard drive.....the very idea that you would reformat a hard drive to get rid of something like a keylogger, a preschool style of hacking, is completely absurd.

Well i'm a computer programmer for one of the smallest webdevelopment companys in the entire world and personally think you are giving un-safe advice.

looking at how your write so easily about removing these problems i'm betting you never had to sit at helpdesk. With all do respect to the people i'm going to insult, but people are basicly dumb. They don't understand the system and don't want to understand the system.
The simplest thing for these people is to cut there losses and simply format and reinstall. (or if there really uncertain about there abilities let someone else do it)

Also there are numerous viruses that almost force you to reinstall. although these types of viruses aren't seen much anymore, there used to be dozens of boot sector viruses that destroy your filesystem in the wild.

and the fact that you never had to format/reinstall your computer is a non-argument, since your are aware of the danger and can indentify possible threats.
The average joe can't and won't and will think the flashing banner that hurts there eyes promising a great enhancement for there e-mail to send images is just very cool and will install it and then tell all there friends to get it too since it's so cool.

Algren Cole · Jul 22, 2005, 09:42 PM // 21:42

Quote:

Originally Posted by stratos_v2

Well i'm a computer programmer for one of the smallest webdevelopment companys in the entire world and personally think you are giving un-safe advice.

looking at how your write so easily about removing these problems i'm betting you never had to sit at helpdesk. With all do respect to the people i'm going to insult, but people are basicly dumb. They don't understand the system and don't want to understand the system.
The simplest thing for these people to to cut there losses and simply format and reinstall. (of if there really uncertain about there abilities let someone else do it)

Also there are numerous viruses that almost force you to reinstall. although these types of viruses aren't seen much anymore, there used to be dozens of boot sector viruses that destroy your filesystem in the wild.

and the fact that you never had to format/reinstall your computer is a non-argument, since your are aware of the danger and can indentify possible threats.
The average joe can't and won't and will think the flashing banner that hurts there eyes promising a great enhancement for there e-mail to send images is just very cool and will install it

you are correct...I have never had a helpdesk job..

my comment regarding never having to format a computer included the 70,000 computers on my corporate LAN. Data is our business...I would never jeopardize our business because I didn't want to use a more logical work around

Divinitys Creature · Jul 22, 2005, 10:04 PM // 22:04

I think for regular users who might accumulate a lot of spyware, a reformat is nice and simple compared to learning all about network security, examining processes and whatnot.

Two of you are professionals and you could prbably get to the bottom of these things and just get rid of the offending virus/trojan/keylogger but a lot of people don't want to go to those lengths. Could reformatting and re-installing be that bad? Hopeflly they patch it ASAP after doing so.

Algren Cole · Jul 22, 2005, 10:07 PM // 22:07

Quote:

Originally Posted by Divinitys Creature

I think for regular users who might accumulate a lot of spyware, a reformat is nice and simple compared to learning all about network security, examining processes and whatnot.

Two of you are professionals and you could prbably get to the bottom of these things and just get rid of the offending virus/trojan/keylogger but a lot of people don't want to go to those lengths. Could reformatting and re-installing be that bad? Hopeflly they patch it ASAP after doing so.

I had offered to help in numerous ways. even as far as using remote access to clean his OS. Formatting bad for two reasons...

1) you lose all of your information
2) hard drives were not meant to be wiped out...reformating renderes sections of your hard drive unuseable. It also causes corruption in Hard Drive sectors. Hard Drives that are formatted often die quicker than hard drives that are not formatted.

Teklord · Jul 22, 2005, 10:16 PM // 22:16

1. You don't have to lose all your information... this is what network storage is for. Or in the case of home computers, get a friend to bring his/her system over to copy off all your music / documents / save games etc.
2. Seriously I legitamately want to know your source of information on this point. If it was true, most of the HDDs that I've ever worked on should be half dead / unuseable by that logic. Yet they aren't. Not that it matters because most computers need to be replaced / upgraded every three years anyway. Keeping to a yearly maintainence wipe that would only total to three drive wipes.

Why do security intensive organizations practice intensive formatting procedures when recycling old equipment? Where they take the drive and with special software format it as all 1's, then all '0s, back and for a dozen times just to be sure the information that was stored on it is irretrievable.

lord_shar · Jul 22, 2005, 11:35 PM // 23:35

Quote:

Originally Posted by PhineasToke

Wrong

It is a TROJAN

if you have Norton or Microsoft anti-spyware on the system it WILL find it if auto-protect is loaded.

This is my business, and 75% is cleaning contaminated systems of these pests. One other program I HIGHLY recommend is the Cleaner by MooSoft. Trojan and worm hunter only.
The biggest problem with ganers is lack of maintinance. The soultion is always "format" and start over. Bullcaca. If you had downloaded the MS security patches regularly and did weekly or frequent scans, this wouldn't be an issue.

And speaking of signatures, it is simply an old keylogger customized for Guild Wars, nothing more. I have a "mule" I use to visit all of these wretched sites to specifically test the programs I use, and I haven't found one yet which caused me to have to format a customer's computer.

Are you sure about this? Known trojans will have known signatures, but a custom coded one which hasn't been propagated to any hacker web sites can be completely unique, unknown sig and possible new heuristics. A software firewall might be able to detect them when they attempt to open and outbound connection/port, but how do you find them without resorting to netstat?

lord_shar · Jul 22, 2005, 11:40 PM // 23:40

Reformatting is a last resort, but it seriously IS the safest solution with no guesswork. If you have a standardized PC disk image and network-backup software, restoration takes as little as an hour or so.

Another side benefit: your registry gets streamlined since old no-longer-used entries which aren't properly removed by uninstallers get completely removed. This speeds up boot time, frees more memory, etc. A PC-engineer buddy of mine logged more than 10,000 registry changes made by just 1 software title. Now imagine this multiplied by every software title you load on your PC.

Aniewiel · Jul 22, 2005, 11:44 PM // 23:44

Quote:

Originally Posted by Divinitys Creature

I think for regular users who might accumulate a lot of spyware, a reformat is nice and simple compared to learning all about network security, examining processes and whatnot.

Two of you are professionals and you could prbably get to the bottom of these things and just get rid of the offending virus/trojan/keylogger but a lot of people don't want to go to those lengths. Could reformatting and re-installing be that bad? Hopeflly they patch it ASAP after doing so.

Thank you, Divinity's Creature, for trying to get this back on track.

Algren and Teklord:

Would each of you post your suggestions as to your opinion on the best ways to get rid of key loggers and/or links to any helpful websites/programs that might help? Perhaps links to articles supporting your respective positions would be nice as well.

As for the dumb customer: You're right, people generally are rather stupid. But the only way to become wiser is to gather advice, weigh the evidence, read a bit and make your own choices or pay someone to make your choices for you.

Please, Algren & Teklord: Your summaries?