Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

what is a keylogger


  • Please log in to reply
9 replies to this topic

#1 kman621

kman621

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Olympia, WA
  • Local time:03:06 AM

Posted 05 August 2009 - 02:23 PM

I have online armor free edition and windows xp. when I am in microsoft word online armor warns me a keylogger is detected on word. When I open itunes it says a keylogger is detected. I open a-squared same thing anyway these are all trusted programs i think I'm clueless is this normal or is there something wacky on my pc? Are keyloggers normal or safe with some programs? I was under the impression they were always bad. I can't google my way to a straight answer can someone please help me in my ignorance.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:06 AM

Posted 05 August 2009 - 03:21 PM

Hello .. I am moving this from XP to Am I Infected as this is. Someone usually installs this.
Keylogger

A keylogger is a program or device that when installed on a computer, records the keystrokes entered on that computer. Those keystrokes can then be accessed at a later date to see what the users have typed on that machine.

You should run these.
Next run ATF and SAS:
Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Nia(:

Nia(:

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:06 AM

Posted 05 August 2009 - 06:05 PM

boopme will help you with removing the infections.

keyloggers are malicious programs that
record all of your keystrokes and send
them to hackers trying to gain information.
they are mostly used to find out your personal
information such as credit card numbers.
make sure if you KNOW you have a keylogger
do not enter any personal information on your
computer AT ALL.

http://en.wikipedia.org/wiki/Keystroke_logging
**USE WIKIPEDIA FOR MORE INFORMATION**

just trying to help.(:

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:06 AM

Posted 05 August 2009 - 07:23 PM

Absolutely Nia.. That's why I recommended they run those tools.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:06 AM

Posted 05 August 2009 - 11:03 PM

While I agree that most keyloggers are malicious, sometimes they are not. Sometimes they are just an innocent part of a program. I use a program for AOL called Power Tools, it logs my instant messages and chatroom chats. Spybot use to pick that up as a keylogger, which, in a way, it is, but it did not log anything other than those two items and it logged more than what I typed. It logged whatever was typed by all parties involved in those chats. AOL also has a feature that will do log those but it isn't an automatic thing like it is with Power Tools.

I do not use Word, I use WordPerfect so I do not know if Word works this way or not. I have WordPerfect setup to automatically backup my document every so many minutes. I do not know if Online Armor would detect that action as a keylogger or not since I do not use it, but, I can kind of see why it would.

If Online Armor is not detecting a keylogger while you are typing in other programs, or even the post you wrote here, I am kind of skeptical that you really have a keylogger.

I would however, still run all the scans you can to determine if you really have one or not as you very well could. I would follow all of the suggestions Boopme makes.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:06 AM

Posted 06 August 2009 - 07:43 AM

Keylogging, surveillance and monitor type programs can have legitimate uses in contexts where an authorized user or administrator has knowingly installed them. However, some embedded files that are part of legitimate programs are often detected by anti-virus or anti-malware scans as a "Risk Tool", "Hacking Tool", "Potentially Unwanted Program", or even "Malware" (Keylogger) when that is not always the case. Potentially unwanted does not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus and anti-malware utilities cannot cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

However, from what you describe Online Armor is providing warnings on various legit programs so more information is needed and further investigation is warranted. Please provide the complete warning message that you are getting to include any specific file names and where they are located (full file path) at on your system.

Edited by quietman7, 06 August 2009 - 07:46 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 kman621

kman621
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Olympia, WA
  • Local time:03:06 AM

Posted 16 August 2009 - 11:22 AM

quietman7 I would send you a screen shot but I can' t figure out how there's no attachment button but this is what the warning says:
key logger detected
the program WINWORD.EXE could be recording what you type.
The program is located here: C:\Program Files\Microsoft Office\Office10\

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:06 AM

Posted 16 August 2009 - 12:10 PM

winword.exe is the main executable for Microsoft Word located in C:\Program Files\Microsoft Office\Office11. However, if you have Microsoft Outlook set to use Word as your default e-mail editor then winword.exe will run when Outlook runs even after you quit Word.

Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location on your computer. Another techinique is for the process to alter the registry and add itself as a Startup program so that it can run automatically each time the computer is booted.

Tools to investigate running processes and gather additional information to identify them and resolve problems:These tools will provide information about each process, CPU usage, file description and its path location If you right-click on a file and select properties, you will see more details.

If you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 kman621

kman621
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Olympia, WA
  • Local time:03:06 AM

Posted 24 August 2009 - 03:45 AM

thank you to all for the help

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:06 AM

Posted 24 August 2009 - 06:16 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users