Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible keylogger on computer


  • Please log in to reply
6 replies to this topic

#1 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:42 AM

Posted 23 April 2013 - 01:47 PM

Hi, I am running a Windows 7 HP desktop and I think I may have some sort of keylogger on it because 2 members of my family use their emails (Yahoo) on that computer. Both of them have had their emails logged into more than once, even after one has changed the password to something quite difficult to guess. I have no such problems as I only use my email on my laptop.

 

Any help would be much appreciated,

xXToffeeXx


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


BC AdBot (Login to Remove)

 


#2 sflatechguy

sflatechguy

  • BC Advisor
  • 2,255 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:42 PM

Posted 23 April 2013 - 02:19 PM

It sounds possible. It may also be that their passwords are easily guessable using a dictionary attack. Have them change the passwords to something complex -- a minimum of 8 characters, using upper and lower case letters, numbers and special characters (! @ # $, etc.) in a random order that doesn't resemble any known words.

Also, are they using https instead of http to log into their email accounts? Yahoo allows you to require a secure connection -- anything not https is being sent in cleartext and can those packets can be captured and read by anyone.

And don't have them use the "Keep me logged in" feature. Those  session tokens are capturable as well, hackers can use them to impersonate them and gain access to their accounts.

If the accounts are still getting hacked after the changes, especially if they switch to using secure https logins, then yes, it is most likely a keylogger.

Hope that helps.



#3 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear

  • Topic Starter

  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:42 AM

Posted 23 April 2013 - 02:49 PM

I will get them to change their passwords again, but one already used capitals and letters, although it did contain names. The other after getting hacked once with an easy password changed it to something a lot harder which contained numbers, a punctuation mark and a word which isn't in the dictionary, but I think is a name. We use sign in seals and the https connection already, and haven't use the "keep me logged in" feature for a while, not sure how long though.
Thanks for your help, I hope it isn't a keylogger as that means nothing is safe on that computer. AVG has not picked anything up so far, so I don't know.

xXToffeeXx

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#4 sflatechguy

sflatechguy

  • BC Advisor
  • 2,255 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:42 PM

Posted 23 April 2013 - 02:57 PM

That's good. However, if the passwords do resemble a name -- even if they contain numbers and special characters, like l@rry instead of larry -- they aren't secure. The passwords have to be truly random.

Your antivirus may not pick up a keylogger. You may have to download and install a special keylogger detection program for that. Fortunately, there are some good free ones out there -- Spybot Search and Destroy, for example.



#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear

  • Topic Starter

  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:42 AM

Posted 24 April 2013 - 01:40 PM

Okay, that's good to know. Both have changed their passwords now which include letters, numbers and caps randomly. I think Spybot has run successfully since I wasn't responding the first time so I closed it and ran it again. I think it worked that time.

Thank you for all your help and hopefully we should not have any more problems.

 

xXToffeeXx


Edited by xXToffeeXx, 24 April 2013 - 01:41 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#6 sflatechguy

sflatechguy

  • BC Advisor
  • 2,255 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:42 PM

Posted 24 April 2013 - 01:45 PM

That's great. If the problem does recur -- knock on wood it won't, but if it does -- the best way to eliminate any keyloggers is to back up all the user data and applications and do a clean reinstall of the operating system. A pain, but that will do the trick if nothing else works.



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,897 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:42 PM

Posted 07 November 2013 - 10:35 AM

In most cases this issue is due to the email account being hacked or spoofed (email address forged as the sender). When this happens, you need to change your password (or reset your Microsoft account password if using Hotmail/Outlook). I suggest you create a strong password. Sometimes just doing that will resolve the issue.* Spam from your friends: hacked and spoofed e-mail
* What to Do if Your Email Account Gets Hijacked and Sends Out Spam
* Is Your Hacked Email Account Sending Spam to Your Friends?
* Hacked and Hijacked: What to Do if Your E-mail Account Gets Compromised
* Help! My Email was Hacked!
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users