HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 29 guests and 1 member online
EH-Net Donations

Enter Amount:
$
Google Ads
EH-Net News Feeds
Latest Additions
Book Recommendations



 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Malwarearrow New to Computer Exploits
Ethical Hacker Community Forums
January 08, 2009, 03:00:04 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: ChicagoCon 2-Day Ethical Hacking Conference with MS Blue Hats Oct 31 - Nov 1. Tickets Only $100! www.chicagocon.com/content/view/103/51/
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: New to Computer Exploits  (Read 3730 times)
0 Members and 1 Guest are viewing this topic.
airforcegoonie
Newbie
*
Offline Offline

Posts: 3


View Profile
« on: October 12, 2008, 12:21:43 AM »
Currently I am stationed in Afghanistan.  I have noticed my computer adware program has been stopping a key logger.  I am new to Ethical hacking.  The only language I know a bit is HTML.  Where do I start to figure out who and what is the problem on my computer, thanks KC
Logged
BillV
Hero Member
*****
Offline Offline

Posts: 883


View Profile
« Reply #1 on: October 12, 2008, 10:14:27 AM »
Well what exactly is the problem? You have a keylogger that was blocked/denied access or is something else going on?

Isn't there an IA/INFOSEC person you can take it to?
Logged
airforcegoonie
Newbie
*
Offline Offline

Posts: 3


View Profile
« Reply #2 on: October 13, 2008, 03:44:38 AM »
My IA solution to everything is wipe the drive and start over.  I would rather find out where it is and fix it.  Or at least get the knowledge base to start figuring it out.  I have nothing but time to learn stuff over here.  The computer is my personal computer as well, not a military computer.  Thanks for you help, KC
Logged
Kev
Sr. Member
****
Offline Offline

Posts: 359


View Profile
« Reply #3 on: October 13, 2008, 06:18:00 PM »
Hopefully your anti-adware program has also identifies the offending keylogger program so you can examine it. You need to make sure that it truly is a being identified correctly and not a false positive.  If the keylogger is really being blocked by your program, you are not in immediate  danger (at least not form this particular malware) and you can take some time to research the particulars.
Logged
airforcegoonie
Newbie
*
Offline Offline

Posts: 3


View Profile
« Reply #4 on: October 14, 2008, 02:28:00 AM »
Thanks!  I'll check it out tonight, KC
Logged
Fathercat
Newbie
*
Offline Offline

Posts: 18


View Profile
« Reply #5 on: October 15, 2008, 10:35:08 AM »
What is the name of the keylogger?  The IAs I know over in the sandbox are pretty good at helping folks, if not call always call the geeks on the TNC.
Logged
CISSP
Cr@sh
Newbie
*
Offline Offline

Posts: 5


View Profile
« Reply #6 on: December 04, 2008, 01:40:18 PM »
I would also run rootkit revealer from microsoft, I found a keylogger that was completely undetectable under Norton corporate, spybot S&D, Adawarepro! rootkit revealer found it then I just removed it under safemode by deleting the files found in the windows/system32 folder and also deleting the registry entry's it made.
Logged
blackazarro
Sr. Member
****
Offline Offline

Posts: 259



View Profile
« Reply #7 on: December 04, 2008, 03:15:59 PM »

I would first check your adware program logs for information regarding this keylogger. Maybe you'll find clues that will tell you where it came from. Try looking for the first entry or the first time the program detected it. Also, if you know the name of the keylogger use the following command in a dos shell
Code:
c:\dir /TC /S keyloggername
This will you give the creation date/time for all the files that have this name. With this information you can start looking for system/application logs that were generated around this date.

Furthermore, if you want, you can use HijackThis  (http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis) and post the log for me to analyze.
Logged
Security+, OSCP, CEH
pseud0
Full Member
***
Offline Offline

Posts: 154



View Profile
« Reply #8 on: December 08, 2008, 05:13:09 PM »
Depending on how stable your internet connection is out in the suck, you could try to pull down Helix or Knoppix live CDs.  Boot off from the CD and run the external malware scanning tools.  You'll get a much more complete and trustworthy report. 
Logged
CISSP, CISM
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.7 | SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.037 seconds with 23 queries.
 
Sponsors

cwnp_moto__120x90.gif

Polls
How many security events including conferences and training do you attend a year:
 
Support EH-Net

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.
cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2009 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.