EH-Net

Currently I am stationed in Afghanistan.  I have noticed my computer adware program has been stopping a key logger.  I am new to Ethical hacking.  The only language I know a bit is HTML.  Where do I start to figure out who and what is the problem on my computer, thanks KC

Well what exactly is the problem? You have a keylogger that was blocked/denied access or is something else going on?

Isn't there an IA/INFOSEC person you can take it to?

My IA solution to everything is wipe the drive and start over.  I would rather find out where it is and fix it.  Or at least get the knowledge base to start figuring it out.  I have nothing but time to learn stuff over here.  The computer is my personal computer as well, not a military computer.  Thanks for you help, KC

Hopefully your anti-adware program has also identifies the offending keylogger program so you can examine it. You need to make sure that it truly is a being identified correctly and not a false positive.  If the keylogger is really being blocked by your program, you are not in immediate  danger (at least not form this particular malware) and you can take some time to research the particulars.

Thanks!  I'll check it out tonight, KC

What is the name of the keylogger?  The IAs I know over in the sandbox are pretty good at helping folks, if not call always call the geeks on the TNC.

I would also run rootkit revealer from microsoft, I found a keylogger that was completely undetectable under Norton corporate, spybot S&D, Adawarepro! rootkit revealer found it then I just removed it under safemode by deleting the files found in the windows/system32 folder and also deleting the registry entry's it made.

I would first check your adware program logs for information regarding this keylogger. Maybe you'll find clues that will tell you where it came from. Try looking for the first entry or the first time the program detected it. Also, if you know the name of the keylogger use the following command in a dos shell This will you give the creation date/time for all the files that have this name. With this information you can start looking for system/application logs that were generated around this date.

Furthermore, if you want, you can use HijackThis  (http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis) and post the log for me to analyze.

Depending on how stable your internet connection is out in the suck, you could try to pull down Helix or Knoppix live CDs.  Boot off from the CD and run the external malware scanning tools.  You'll get a much more complete and trustworthy report.