1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Keylogging Fucks

Discussion in 'BlackHat Lounge' started by Italian Hawk, Jul 25, 2009.

  1. Italian Hawk

    Italian Hawk Power Member

    Joined:
    Apr 21, 2009
    Messages:
    589
    Likes Received:
    126
    Okay, so I have a question. So I'm on AIM and this guy I've never spoken to before messages me saying he wants to show me a video. Well, I never accept files over AIM, especially from people I don't know. After I continued to say no, and tell him to upload it to youtube if anything, he continues to make up excuses as to why I should accept the transfer.

    I had literally typed "fuck off" and as I hit enter, the request was sent for about the 10th time. Well, it ended up accepting with the hit of enter. It starts downloading, and seeing that it wasn't a video format even (.exe) I make a stab for my charger (battery is pulled out already as it was fully charged). I guess I didn't get it in time.

    I turn my computer back on and find the .exe. Didn't open it, put it in my recycle bin, and emptied my recycling bin.

    Now, if the single file sent was titled "yo.exe" and I deteled "yo.exe" am I safe? I didn't open/run the file. Is there anything that could have been done to me?
     
  2. Mr.Whitehat

    Mr.Whitehat Senior Member

    Joined:
    Apr 23, 2009
    Messages:
    855
    Likes Received:
    220
    Occupation:
    Wandering Around !
    Location:
    Dating Moolah Babe^
    Well its custom coded undetected keylogger i doubt it'll log the activities in your computer even if itsnt installed. well, there is a way to fuck keyloggers. i'm using keyscrambler, a premium application which will encrypt your key strokes.i suggest you to start using it. pm me if you need the link to it. :)
     
  3. pavan

    pavan Elite Member

    Joined:
    Mar 30, 2008
    Messages:
    1,603
    Likes Received:
    432
    scan ur pc with spy bot
    its free
    chances are there bcoz its exe
    it can run without execution
     
  4. Italian Hawk

    Italian Hawk Power Member

    Joined:
    Apr 21, 2009
    Messages:
    589
    Likes Received:
    126
    See, that's what I thought pavan. That's why I was worried, despite somebody telling me I shouldn't be...

    Are we talking spy bot search and destroy? Wasn't sure that detected keyloggers?
     
  5. sleepparalysis

    sleepparalysis Registered Member

    Joined:
    Feb 9, 2009
    Messages:
    86
    Likes Received:
    34
    Location:
    US
    If you did not run the executable it did not install. Really the only way it could have installed otherwise is if there is some exploit with the file transfer routine(s) within AIM that allowed them to force your AIM client to open the executable after it successfully downloaded.

    Also maybe if you have "auto-accept and open file transfers" enabled. I don't even know if AIM has these options as I don't use it but some messaging clients do.
     
  6. Italian Hawk

    Italian Hawk Power Member

    Joined:
    Apr 21, 2009
    Messages:
    589
    Likes Received:
    126
    I didn't even see the file completely finish as I unplugged my computer before that should have happened. It was about a 10 second transfer. I unplugged it as it appeared it was still downloading.

    How can I tell if something was added to my computer? What scans would you recommend. I did a malware scan with charter security suites. And I'm redownloading spybot search and destroy.
     
  7. sleepparalysis

    sleepparalysis Registered Member

    Joined:
    Feb 9, 2009
    Messages:
    86
    Likes Received:
    34
    Location:
    US
    I don't think you need to worry man. It probably didn't even finish like you said. You could just download malwarebytes, S&D like you have. Maybe sopho's anti-rootkit if you want and then some sort of anti-virus.

    Install it all and then reboot your machine and press F8 before the Windows logo to bring up Windows boot options.

    Boot into safe mode without networking and run your scans.
     
  8. pavan

    pavan Elite Member

    Joined:
    Mar 30, 2008
    Messages:
    1,603
    Likes Received:
    432
    yes exactly
    u r safe but still dnt take any risk
    and afterall its totally free
    so just scan ur pc and stay safe
     
  9. sleepparalysis

    sleepparalysis Registered Member

    Joined:
    Feb 9, 2009
    Messages:
    86
    Likes Received:
    34
    Location:
    US
    Yeah, I'd do it anyways as pavan suggests. Sounds like you might not run frequent scans with enough software. Maybe you've had something sitting on there for a while now and you're due for a checkup anyways ;d
     
  10. Italian Hawk

    Italian Hawk Power Member

    Joined:
    Apr 21, 2009
    Messages:
    589
    Likes Received:
    126
    Okay, well I'm hoping I good here because I've got a lot that I can lose here.

    Granted, I can think of a way I would be able to catch the guy if he were to actually get anything from me. Well, I'm going to do a few more scans, and continue googling the .exe's running on my computer to see if there are any google doesn't recognize.

    Edit: All of the problems that showed up in spybot search and destroy were cookies on either chrome or internet explorer. Does this mean I am totally clear, or just most likely? Like it was supposed to show up in there wasn't it?
     
    Last edited: Jul 25, 2009
  11. sonneti

    sonneti Regular Member

    Joined:
    Jan 27, 2009
    Messages:
    205
    Likes Received:
    127
    If you want keylogger protection get snoopfree (snoopfree.com)
     
  12. zackster

    zackster Registered Member

    Joined:
    Jan 9, 2009
    Messages:
    66
    Likes Received:
    33
    You only have to worry about an aim exploit that could run it, or the run on completed download option and the final thing to worry about but its a long shot.. If the attacker used an icon exploit..
    But all of these are very rare so you should be safe, hit alt control delete and look for weird programs... I don't bother with AV products they tend to be a waste if you know what you are doing.
    Posted via Mobile Device
     
  13. currentnews

    currentnews Junior Member

    Joined:
    Jan 17, 2009
    Messages:
    116
    Likes Received:
    28
    Occupation:
    cleaning winchester
    Location:
    next to palin house
    ok one more addition, who so ever use ftp (file zilla free ware soft) do not store password just use quick connection and make sure all your private data are cleard. There is security access in ftp stored password.
     
  14. taironbc

    taironbc BANNED BANNED

    Joined:
    Jan 29, 2009
    Messages:
    45
    Likes Received:
    4
    sniff your traffic
     
  15. Italian Hawk

    Italian Hawk Power Member

    Joined:
    Apr 21, 2009
    Messages:
    589
    Likes Received:
    126
    Well this morning the following popped up on my anti-virus.

    trojan-downloader.multi.musldr.a

    And when I tried deleting it there was some error. Seeing as I've not seen my anti-virus pop up with something like this probably for a few months, I have a feeling it's new and probably the work of the keylogger?
     
  16. plouyd

    plouyd Regular Member

    Joined:
    Feb 26, 2008
    Messages:
    473
    Likes Received:
    356
    Location:
    ;=-
    You need to run the .exe for it to infect your machine.

    If it was a FUD, no virus scanner is going to tell you its a virus.

    If your still paranoid, your best bet would be to back up all the precious info and burn it onto a CD and format the drive and reinstall windows. (I'm doing this today myself)

    From there, don't run anything except for inside a virtual machine or sandbox.. look up vmware, it's good stuff. This will keep you a lot safer from viruses since they're contained inside the VM. You can keep a copy of the VM that's clean so if anything happens you can go back to normal just by replacing the dirty VM.

    Oh, and using specific VM's for specific things is what I'd do, like one for work, one for finances, one for sketchy software, ect.
     
    Last edited: Jul 25, 2009
  17. zappak

    zappak Junior Member

    Joined:
    Mar 8, 2007
    Messages:
    101
    Likes Received:
    9
    Well sometimes it won't get detected with any anti virus is if it's crypted by some cryptors so try to remove it manaual way

    It will be mostly staying in your startup so to to start > run > msconfig

    Go to tab "Services"
    Check "Hide all Microsoft Services"
    and you will find all non-ms services so you would probably find suspicious service there.
    also go to "Startup" tab and go through items which are running on system startup.
    Unchecked all suspicious items.

    for better removal, Get system mechanic and look running programs, it will show the path of running process and other informations so you can find the running exe easily
     
    • Thanks Thanks x 1
  18. Italian Hawk

    Italian Hawk Power Member

    Joined:
    Apr 21, 2009
    Messages:
    589
    Likes Received:
    126
    Thanks for all the help guys. I'll go through thanking certain posts. I've taken a few steps to counter the possible keylogger in both means of trying to detect it, looking where it should be, and changing my keystrokes. Hopefully that's enough.

    (I don't mind additional posts being made with ways to "find" potential keyloggers. Just note that it's not as urgent. I'd probably still do the process, and at the very least I'd have them as future reference.)
     
  19. LHaskins

    LHaskins Regular Member

    Joined:
    Apr 30, 2008
    Messages:
    264
    Likes Received:
    165
    You have been given a lot of great advice. :)

    One thing I didn't see mentioned, and it's so basic that most people overlook it,
    is not running your computer with admin access. Most Malware out there
    depend on the computer having full admin rights. That's basically how a Sandbox
    works, it's a set of permissions that do not allow programs access to the rest
    of the computer.

    Check out w3.sandboxie.com
     
    • Thanks Thanks x 1
  20. Italian Hawk

    Italian Hawk Power Member

    Joined:
    Apr 21, 2009
    Messages:
    589
    Likes Received:
    126
    I'd like to remain on the admin account is the only thing.