HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 40 guests and 1 member online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Malwarearrow New to Computer Exploits
EH-Net
May 22, 2013, 04:58:56 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: New to Computer Exploits  (Read 9203 times)
0 Members and 1 Guest are viewing this topic.
airforcegoonie
Guest
« on: October 12, 2008, 12:21:43 AM »
Currently I am stationed in Afghanistan.  I have noticed my computer adware program has been stopping a key logger.  I am new to Ethical hacking.  The only language I know a bit is HTML.  Where do I start to figure out who and what is the problem on my computer, thanks KC
Logged
BillV
Hero Member
*****
Offline Offline

Posts: 1892


View Profile WWW
« Reply #1 on: October 12, 2008, 10:14:27 AM »
Well what exactly is the problem? You have a keylogger that was blocked/denied access or is something else going on?

Isn't there an IA/INFOSEC person you can take it to?
Logged
airforcegoonie
Guest
« Reply #2 on: October 13, 2008, 03:44:38 AM »
My IA solution to everything is wipe the drive and start over.  I would rather find out where it is and fix it.  Or at least get the knowledge base to start figuring it out.  I have nothing but time to learn stuff over here.  The computer is my personal computer as well, not a military computer.  Thanks for you help, KC
Logged
Kev
Sr. Member
****
Offline Offline

Posts: 428


View Profile
« Reply #3 on: October 13, 2008, 06:18:00 PM »
Hopefully your anti-adware program has also identifies the offending keylogger program so you can examine it. You need to make sure that it truly is a being identified correctly and not a false positive.  If the keylogger is really being blocked by your program, you are not in immediate  danger (at least not form this particular malware) and you can take some time to research the particulars.
Logged
airforcegoonie
Guest
« Reply #4 on: October 14, 2008, 02:28:00 AM »
Thanks!  I'll check it out tonight, KC
Logged
Fathercat
Newbie
*
Offline Offline

Posts: 24


View Profile
« Reply #5 on: October 15, 2008, 10:35:08 AM »
What is the name of the keylogger?  The IAs I know over in the sandbox are pretty good at helping folks, if not call always call the geeks on the TNC.
Logged
CISSP
Cr@sh
Newbie
*
Offline Offline

Posts: 5


View Profile
« Reply #6 on: December 04, 2008, 01:40:18 PM »
I would also run rootkit revealer from microsoft, I found a keylogger that was completely undetectable under Norton corporate, spybot S&D, Adawarepro! rootkit revealer found it then I just removed it under safemode by deleting the files found in the windows/system32 folder and also deleting the registry entry's it made.
Logged
nebu10uz
Sr. Member
****
Offline Offline

Posts: 368



View Profile WWW
« Reply #7 on: December 04, 2008, 03:15:59 PM »

I would first check your adware program logs for information regarding this keylogger. Maybe you'll find clues that will tell you where it came from. Try looking for the first entry or the first time the program detected it. Also, if you know the name of the keylogger use the following command in a dos shell
Code:
c:\dir /TC /S keyloggername
This will you give the creation date/time for all the files that have this name. With this information you can start looking for system/application logs that were generated around this date.

Furthermore, if you want, you can use HijackThis  (http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis) and post the log for me to analyze.
Logged
Security+, OSCP, CEH
pseud0
Recruiters
Full Member
*
Offline Offline

Posts: 208



View Profile
« Reply #8 on: December 08, 2008, 05:13:09 PM »
Depending on how stable your internet connection is out in the suck, you could try to pull down Helix or Knoppix live CDs.  Boot off from the CD and run the external malware scanning tools.  You'll get a much more complete and trustworthy report. 
Logged
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.064 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Free Business and Tech Magazines and eBooks

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.