Anti-Keylogger Tricks

[T_r_y_p_t]

Here's some info though to help you know if you're being keylogged that a friend showed me recently. Apparently it's very effective at stopping rats/keyloggers

 

Basically all keyloggers are a type of RAT, or Remote Access Trojan. These are little programs which can do all sorts of things and are very easy to create if you have the right tools. Each have varying levels of functionality but in general they all grant access to view the happenings of an infected computer, showing everything from keystrokes to what is displayed on the screen, to taking screenshots upon command when certain things occur on the computer. They can even turn on your webcam :pedo:

 

One thing true to all RATs though is that they must be activated upon startup to be useful. They also tend to install themselves in the same locations on your computer regardless of the RAT you have.

 

Some of course are more complex but here are some simple tools to find if you are RATed and promptly remove said RAT.

 

DO ALL OF THIS AT YOUR OWN RISK. IF YOU DO IT WRONG YOU CAN EASILY DAMAGE YOUR COMPUTER. ONLY DO THIS IF YOU KNOW WHAT YOU ARE DOING AND ARE EXPERIENCED WITH COMPUTERS.

 

-Keep your computer simple. Keep all your files organized. Keep files of similar types all in the same folder and don't mix them up. Keep photos with photos and videos with videos, applications with other applications, etc.

 

-Uninstall unnecessary programs. This will make it easier to notice irregularities in your system.

 

TRICK #1 (APPDATA)

-First, open an explorer window. By this I mean a "my documents" or "my pictures" window or whatever. Next, type in the top address bar, character for character: %APPDATA%

 

-Now, check for strange files. Specifically files with no folder. If it's a really old file you're typically safe. To see the age of a file right click the top info bar and place a check mark next to "Date Modified" and organize it in descending order from that category. On top should be the most recent file.

 

-If there is some weird file in there, look it up. Find out what it is, and if you don't know what it is, investigate more. Don't delete if unless you're sure you don't need it.

 

-Additionally you may want to check in individual program APPDATA folders. Specifically your internet browsers, Java, and other ones which store temporary information (more specific to individual computers)

 

-Furthermore there have been reports of keylogger fragments infecting the LocalLow and Local directories in Vista and Windows 7 users, so search there if applicable.

 

TRICK #2 (MSCONFIG)

-Click the start menu and click "run" then type "msconfig" and hit enter

 

-Check your startup entries for any programs which you don't know what they are. Check every entry online to check if it's necessary. Some ARE necessary for everything from the system itself to random programs on your computer. If there's something on there which you don't know what it is, specifically a name like IJER83I8384j5345JIHRRATBOOTER[Caution: Executable File], uncheck it from startup

 

-If there is an entry which you suspect is a keylogger, hit "CTRL+ALT+DLT" to open a Task Manager. Order the processes by file name and then find one with the same name as the file you found. If you find a suspicious process look it up on Google to see what it is. Maybe it's just for a program you have running.

 

The ONLY necessary processes while running no programs are... (all of which have a dot exe at the end, apparently this forum censors that):

 

-System Idle Process

-explorer

-lsass

-taskmgr

-winlogon

-spoolsv

-csrss

-smss

-svchost – (There will be a few of these)

-services

 

TRICK #3 (NETSTAT -N) [last resort]

-Open a command prompt. If you don't know what that is, click the startup menu, accessories, then command prompt

 

-Type in "netstat -n" and it will open a list of all your computer's internet connections and some more info irrelevant for our purposes. {NOTE, if it's taking a LONG time to load and you want to just end it because there are too many entries, hold down control, minus, c and it will end the command}

 

Type in each IP address into an IP locator to find what they are. If they are for some programs they will typically locate a domain. If they are a residential person hacking you they will maybe show no specific address but just a world location and maybe some coordinates. If they are using a VPN it may also show this, look up the services or company or whatever it says, it depends on the IP lookup website you use but I suggest http://whatismyipaddress.com/ip-lookup

 

-If every IP address shows a domain name and none show up as residential IPs, you are probably safe. This is a last resort and is very inaccurate. Try it if all else fails I suppose and it's kind of interesting

 

 

OTHER RANDOM TRICKS

-Use the on-screen keyboard located in start > accessories > accessibility to type in your password if you suspect you are keylogged. This isn't a sure-fire way to avoid it as many foolishly believe but it could help in some circumstances.

 

This will only work if the keylogger is hardware. With software keyloggers it will not work because there is no difference between a real keypress and an onscreen keypress.

 

-Download CCleaner to fix registry errors and clean up temporary internet files

 

-Always use another computer to change passwords on. I suggest using an iPod or some sort of smart-phone because they are virtually 100% safe from things like this

 

-Install an Ubuntu OS partition on your computer to use if you suspect you are keylogged to log in and enter personal information. This is an entirely separate operating system which is 100% unrelated to your Windows OS assuming you don't mount your Windows partition to it to make it not so. Careful when installing though you can easily kill your old OS if you do it wrong.

 

 

So there. A few helpful tips to prevent yourself from being keylogged and to check if you are if you have a suspicion. This isn't foolproof so don't rely 100% on it. There may be some technical inaccuracies but none of this can ever really hurt in checking for RATs and this guide will generally help.

[Ermy]

Weird coincidence as I was just hacked. Following your first step I actually found the file that recorded my keyboard. You may also want to mention checking the Local and LocalLow folders for other bits of the trojan because I found the screenshots of me playing runescape.

[T_r_y_p_t]

Weird coincidence as I was just hacked. Following your first step I actually found the file that recorded my keyboard. You may also want to mention checking the Local and LocalLow folders for other bits of the trojan because I found the screenshots of me playing runescape.

What directory are those folders found in

 

Maybe they're specific to your RAT as I can't seem to find then. Or maybe I'm just blind lol xd

[obfuscator]

I believe those folders are only found in Windows 7 and Vista AppData folders.

[Karvinen]

 

-Use the on-screen keyboard located in start > accessories > accessibility to type in your password if you suspect you are keylogged. This isn't a sure-fire way to avoid it as many foolishly believe but it could help in some circumstances

 

This will only work if the keylogger is hardware.

 

With software keyloggers it will not work because there is no difference between a real keypress and an onscreen keypress.

[T_r_y_p_t]

Thanks added to OP.

[Power]

Just some small corrections RAT usually means remote administration tool, checking the date of install is worthless as most modern RATs can install with any pre-entered date, and as a side note they can do a lot more evil things than what you mentioned in the first post.(RATs are scary things :???: )

[T_r_y_p_t]

Just some small corrections RAT usually means remote administration tool, checking the date of install is worthless as most modern RATs can install with any pre-entered date, and as a side note they can do a lot more evil things than what you mentioned in the first post.(RATs are scary things :???: )

Well I still think it's the best way to organize your files when looking for one lol

 

No other organization method would really help and a large portion of rs-related rats are created on the spot without attention paid to creation date because they assume people won't find them anyway

 

And Remote Administration Tool, Remote Administration Trojan, Remote Access Tool, Remote Access Trojan, etc, are all synonymous.

[Power]

[hide]

Just some small corrections RAT usually means remote administration tool, checking the date of install is worthless as most modern RATs can install with any pre-entered date, and as a side note they can do a lot more evil things than what you mentioned in the first post.(RATs are scary things :???: )

Well I still think it's the best way to organize your files when looking for one lol

 

No other organization method would really help and a large portion of rs-related rats are created on the spot without attention paid to creation date because they assume people won't find them anyway

 

And Remote Administration Tool, Remote Administration Trojan, Remote Access Tool, Remote Access Trojan, etc, are all synonymous.

[/hide]

That's fair i was just trying to be helpful, sorry if it came out as anything but that.

[Left Click Path]

I do know my fair share of computer safety but i tend to get a bit loose on the safety. I have only been ratted once tho, and that was while i was playing CoD4, the guy started shooting and i was like "O_O", i exited the game and he opened notepad and started typing some random shit. I wrote something like "You know you would have gotten something out of this if you'd have had more patience". Then i formatted his ass. Idk if he was after my RS info or just other kinds of info because why would he interupt me when he knew i was at the computer? To scare me ofcourse, so i would change passwords (Never do it on an infected computer), that trick is also so stupid and probably only kids fall for it, anyone who "hacks" should be a ninja. He didn't even look throught the registry and take my cd keys for all the tons of games i had installed then. (Atleast not shared/used them)

 

Was like a year ago tho, maybe i should re-format once more, just to be safe.

 

Also, first post on Tip.It (And it was off-topic >.>)

Hello :)

[mashia]

Thank you very much.

But if I can't find the keylogger on task manager or it can't be detected by AVG?

[Sbrideau]

Then install Malwarebytes (which goes along with the Antivirus), and it should find it. I also suggest removing AVG and installing Microsoft Security Essentials or Avast.