[dba-Tech] keylogger ?

Thanks John.
No "parental oversight" spyware has been deliberately installed here. We
keep the pc in the living room but after that it's just trust.

I think Spybot recognised the keylogger the first time, and claimed to have
to have fixed it but I had to delete the files myself. This time, maybe
because it wasn't running, Spybot didn't see it at all.

What I have in mind now is a scheduled daily and on-startup batch file that
looks for the executable and deletes it - or screams if it can't delete it
because it's in use. But that wouldn't be as good as finding out how it gets
in and blocking it there.

Their website is proud of the keylogger's remote and silent installation
method but it boils down to piggy-backing on another program's
installation - and everyone here denies installing anything lately. Makes me
wonder if this isn't a general random probe and may be a specific attack.
But it's the unregistered version claiming to have 3 days for evaluation
that shows up, and surely that's too stupid.

Regards
MikeTope



----- Original Message ----- 
From: "John Bartow" <john at winhaven.net>
To: "'Discussion of Hardware and Software issues'"
<dba-tech at databaseadvisors.com>
Sent: Saturday, January 01, 2005 9:03 PM
Subject: RE: [dba-Tech] keylogger ?


Mike,
Don't always trust spyware detectors as being 100% correct in refferrring to
software as unwanted/unneeded. I have radmin show up in spyware dtections
quite a bit. It is a remote access program that I installed. (The potential
for abuse is always present with a remote access host of any kind - this is
something one needs to understand and prevent via security settings.) Some
keyloggers are put there on purpose. They are monitors and may be because of
some parental oversight program that keeps tabs on what your computer is
being used for. Do you have any of those installed? I don't know anything
about BlazingTools keylooger but am just advising that you should check into
it before assuming the spyware scan is correct. I recommend disabling it via
the spyware detectors' "quarantine" function or via "msconfig" and then
deleting it when you're sure. Note that some programs can get around
msconfig's methods of disabling (and some get around the spyware detector's
methods too.) You should always rescan after restarting your system.

HTH
John B.

-----Original Message-----
From: dba-tech-bounces at databaseadvisors.com
[mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Mike Tope
Sent: Saturday, January 01, 2005 10:50 AM
To: Discussion of Hardware and Software issues
Subject: [dba-Tech] keylogger ?

List
A couple of times lately I have discovered BlazingTools Perfect KeyLogger on
our family pc.

Windows 98; I have now disabled Internet Explorer (in ZoneAlarm) but it
wasn't in common use before. Anyone know how the keylogger gets in there ?
And how I can stop it ?

Msconfig shows it up as c:\windows\system\bpk.exe in the startup tab. But we
don't startup very often (for Windows98). That's a legacy of a duff power
supply, that taught us not to switch it off in case we can't switch it on
again. (The power supply has gone, but the habit remains.)

So just because the keylogger files are dated two days ago doesn't
necessarily mean it's running. If you go to their website (BlazingTools are
quite open about it - http://www.blazingtools.com/bpk.html) you learn that
it can run completely invisibly so I can't be sure whether it's been
activated or not.

I just ran Ad-Aware and Spybot S&D and neither detected it.

It's a problem because my wife won't do the shopping if she thinks her
credit card number is being logged.

Any hints anyone ?
Mike Tope

_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com



_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com