|
#1
|
|||
|
|||
SCKeylogger found - what is next?
I have a wireless router with three computers connected. I rarely use my laptop. Today I logged onto the laptop and entered a poker tourney. As I had not run spybot on this computer for a while I updated and checked the laptop. It came back with SCKeylogger found. My kids utilize the laptop very often and play online games. I suspect this is how the virus was picked up. I restarted the laptop and am running spybot again. It says the keylogger has been fixed. I am on one of the pc's and checked my poker account balances. Those balances appear intact. I am running spybot on all three machines. What should I do next? I have windows firewall turned on. Will that help? My router I think also acts as a firewall? If I remove that virus and change all of my passwords will I be safe? Thank you for any help you may provide! Thank you, Jim Kuhn |
#2
|
|||
|
|||
Re: SCKeylogger found - what is next?
First thing, change passwords to all sites that the laptop accessed recently. Do this from a secure computer. I will post more in a bit but that is the most important thing for the moment.
|
#3
|
|||
|
|||
Re: SCKeylogger found - what is next?
Thank you for the response. I don't think I have accessed any of my poker or email accounts from this computer recently. I also recently changed most of my passwords. I am not sure if I should change those again. By changing those again could I actually be helping a hacker gain those new passwords? One pc came back from spybot and adaware clean. I am utilizing that pc.
The other pc I am not sure about. My spybot icon was missing so I went to download.com and downloaded the latest version of spybot. It froze my computer when I tried to download the latest definitions. I rebooted the computer and received a spybot message that spybot terminated abnormally and was altered or something like that. It suggested a possible virus or keylogger. I ran adaware and it came back fine. I am trying to download new definitions for spybot. Thanks, Jim |
#4
|
|||
|
|||
Re: SCKeylogger found - what is next?
[ QUOTE ]
Thank you for the response. I don't think I have accessed any of my poker or email accounts from this computer recently. I also recently changed most of my passwords. I am not sure if I should change those again. By changing those again could I actually be helping a hacker gain those new passwords? [/ QUOTE ] np. Well that would be a problem if your not 100% sure about the computer you are using to change the passwords. If a keylogger is installed its going to see everything you type. Ssome have evolved to even take screenshots now on mouseclicks [img]/images/graemlins/frown.gif[/img] [ QUOTE ] The other pc I am not sure about. My spybot icon was missing so I went to download.com and downloaded the latest version of spybot. It froze my computer when I tried to download the latest definitions. I rebooted the computer and received a spybot message that spybot terminated abnormally and was altered or something like that. It suggested a possible virus or keylogger. I ran adaware and it came back fine. I am trying to download new definitions for spybot. [/ QUOTE ] This could be a concern. I had a nasty trojan once upon a time that would actually reboot my machine when I tried to run adaware -- malware is certainly capable of interfering with cleaning programs. If your at all unsure about any computers I would honestly recommend a complete reformat. Its a serious pain I know but really the only 100% sure way. Also, if you do reformat be sure to get a firewall on first thing (preferable before you connect to the net for the first time(ie use a flashdrive/portable HD to load it) then patch up immediately. |
#5
|
|||
|
|||
Re: SCKeylogger found - what is next?
[ QUOTE ]
If your at all unsure about any computers I would honestly recommend a complete reformat. Its a serious pain I know but really the only 100% sure way. Also, if you do reformat be sure to get a firewall on first thing (preferable before you connect to the net for the first time(ie use a flashdrive/portable HD to load it) then patch up immediately. [/ QUOTE ] Leap, you offer good advice; I would only add one thing: I have a DVDburner on my comp and I created a 'reformat' disk. It contains all necessary applications as well as their patches (i.e. AV, anti-spyware apps, etc). That way when you connect to the internet for the first time you have decent protection (usb drive can hold all smaller patches). Coldcaller(or Kyle...something)'s post made me realize you need your defenses up as soon as you are connected for the first time. On average I do reformat about once every six months. I guess I am a geek, but for that 1/2 day you spend tweaking & re-tweaking the comp is a small price to pay for cleanliness, speed, etc. |
#6
|
|||
|
|||
Re: SCKeylogger found - what is next?
Would Mcafee pick up a keylogger running in the background?
|
#7
|
|||
|
|||
Re: SCKeylogger found - what is next?
[ QUOTE ]
I would only add one thing: I have a DVDburner on my comp and I created a 'reformat' disk. It contains all necessary applications as well as their patches [/ QUOTE ] This is a great idea, thanks for throwing it out. I have a flashdrive that I use for this purpose but ultimately a DVD or CD is safer. Supposedly a USB drive can be infected if plugged into an infected computer that has auto play on (default). Re your other post [ QUOTE ] I don't think I am qualified to answer this, but I think it depends. Maybe someone more knowledgeable will intervene.... [/ QUOTE ] Based on your well thought out post I think you are [img]/images/graemlins/smile.gif[/img] I'm certainly no security expert but I chime in. We have many intelligent and knowledgeable people on 2+2, any mistake or misinformation is probably going to be corrected at some point. My view is its definitely +EV to throw things out there, even if not always 100% correct. New ideas and viewpoints will if nothing else spur discussion and as a community we can try and find the best solution. |
#8
|
|||
|
|||
Re: SCKeylogger found - what is next?
Also - this keylogger could have been on the laptop for several weeks. I have not run spybot on the laptop for a long time!
Thanks, Jim |
#9
|
|||
|
|||
Re: SCKeylogger found - what is next?
Be sure to change passwords to email sites as well as they can be used to launch social engineering attacks.
Well, my recommendation is to format the laptop to be on the safe side. Yes, you can try removal and spybot may have done the job, but many of the trojans nowadays are able to resurrect themselves. Also you could have some sort of stealth trojan thats not showing up that was responsible for installing the logger. Only thing to consider is if you want to save the HD for possible forensics investigation (ie everything is fine now, in a day your have problems with money missing from the bank, the cops may be intersted in the HD contents). Thats up to you... As for using the laptop, to me its just not worth the risk that the laptop hasn't been fully cleaned, format is safest. Some other advice -- have a completely separate computer for poker/financial transactions if you can afford to. Don't let the kids use it. Don't websurf with it except to go to known safe sites, ie bank/neteller, etc. If your patches/security isn't up to date it can be easy for lots of nasty crap to get on the computer just by websurfing. I would add ZoneAlarm as well to your computers. Its a free firewall that last time I checked is considered superior to windows firewall. Make sure your wireless connection is encrypted. |
#10
|
|||
|
|||
Re: SCKeylogger found - what is next?
you are probably lucky this time jim. it has been said many times never let anyone touch a computer that has anything financial or personal on it but yourself. and use that computer only on secure sites and dont follow any links you arent familar with.
computers are cheap you can have a few if neccessary. a person wouldnt let someone know their ss number or their bank accounts number but put it on their computer and go surfing. |
|
|