Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm not sure if I have a keylogger


  • Please log in to reply
3 replies to this topic

#1 aaandy

aaandy

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 12 January 2016 - 03:21 AM

Hi everyone,

 

Something's got me really confused here.

 

I got some spam mail the other day which set off an alarm bell and surely enough, someone had hacked my Netvibes page and looked at my Twitter as a result. As the email didn't have any attachments, I opened the email on my phone and I saw instantly it was spam. Passwords were duly changed and virus scans run on my home computer:

 

AVG Free - no problems

MalwareBytes Anti-malware - no problems

Kapersky TDSSKiller - no problems

MalwareBytes Anti-rootkit - no problems

 

And my phone:

 

Malware Bytes Anti-malware - no problems

Avast Antivirus - no problems

AVG Free - no problems

 

However my online banking sends me emails to install 'Trusteer Rapport', and so I thought 'why not' and installed it on my home computer (from now, everything is concerned with my home computer). Anyway, I was done with worrying when I got this report:

 

The following password submissions were protected by the character replacement feature. Trusteer Endpoint Protection has prevented access to the original keystrokes from most common keyloggers. This does not necessarily mean you have keyloggers on your PC. However, applications on your PC that tried to log keystrokes while you were entering information to the websites below have failed.
  • Jan 11 2016 07:20: Password field on **Bank Name**. Anti-keylogging activated.
  • Jan 11 2016 07:17: Password field on *Bank Name**. Anti-keylogging activated.

I know I was logging onto my banking at that time. But I am confused by the message This does not necessarily mean you have keyloggers on your PC. However, applications on your PC that tried to log keystrokes while you were entering information to the websites below have failed. What does this mean? Do I have a keylogger or what? I'm confused by the contradictory messages. 

 

A bit of background on my internet usage:

 

- I use Windows 7 on a computer that is about four years old. 

- Near-paranoid about viruses: I run all four of my security programs religiously, at least once a week. 

- Haven't had a malware or virus problem with my computer for a long, long time.

- No real slowing up on my computer or typing. 

- Don't go on any websites that are dodgy and I don't download. I'm a wikipedia/facebook/bbc news kind of person.

- The websites used since I got that dodgy email are commonplace - wikipedia, bbc news etc... BUT...when I went onto Netvibes to change the password, could I have been infected then?

- Have used online banking for about 4 years on this computer and never had a problem. I phoned the bank yesterday after getting the trusteer report and they confirmed my funds were safe. 

- Since I've done online banking for so long, I assume if there was a keylogger it would have seen all my passwords pre-Trusteer installation and I would know by now - extortion, money missing etc, identity theft - is that right? 

 

I have three questions:

 

- What does that Trusteer Rapport message actually mean: Do I have keyloggers or not?

- If so, how can they be removed?

- What can I do to prevent this from happening again?

 

Thanks - I can show anti-virus logs if needed.

 

Aaandy

 

 

 

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 aaandy

aaandy
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 12 January 2016 - 03:47 AM

Update, just had an online chat with Rapport:

 

Heather: Please be advised that Rapport protects your sensitive information by decrypting it while it is being sent to the bank's server.

Heather: When this action is done, Rapport logs the activity in the Weekly Activity Report.

Heather: This does not mean that you have a malicious software on your computer, only that Rapport performed its protection properly.

Heather: The other part of the message means that in case you use any software that tries to copy that information for yourself (for documentary reasons for example), that software was also blocked.

Heather: Should you suspect you have a malicious software on your computer, we recommend you may scan your computer with an up to date Antivirus.

Andrew: Ahhhh

Andrew: So in other words, IF I had something I authorised to keylog, then it would block that as well.

Heather: Exactly.

Andrew: But the report itself is NOT saying 'You have a keylogger, red alert!!'

Heather: Correct.

 

So that makes me feel a lot better. But would any folks care to add anything?

 

EDIT: I performed all four security scans again, no problems.

 

Am I safe? 


Edited by aaandy, 12 January 2016 - 04:34 AM.


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:34 PM

Posted 13 January 2016 - 12:18 PM

You are probably OK,but if you want to be certain re post your issue in a new topic and we can get a deeper look. Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 aaandy

aaandy
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 20 January 2016 - 04:12 AM

Hi there,

 

Thank you for your assistance - since I got the response from Trusteer, I feel a lot more comfortable. 

 

Thanks for the help anyway - I appreciate it. Love this website!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users