How can I tell if a keylogger got added to my PC while I was in Beijing?

[Guest Donna Ohl]

I was in Beijing, and I used my Windows PC there with a freeware firewall

and freeware anti virus and freeware malware scanners.

 

Recently a friend said nearly all American travelers were to be warned by

the State Department that their laptops, if left in the hotel, were almost

certainly compromised.

 

How could I tell if a keylogger or other spyware was inserted onto my

laptop by the Chinese?

[Guest msg]

Re: How can I tell if a keylogger got added to my PC while I wasin Beijing?

 

Donna Ohl wrote:

<span style="color:blue">

> I was in Beijing, and I used my Windows PC there with a freeware firewall

> and freeware anti virus and freeware malware scanners.

>

> Recently a friend said nearly all American travelers were to be warned by

> the State Department that their laptops, if left in the hotel, were almost

> certainly compromised.

>

> How could I tell if a keylogger or other spyware was inserted onto my

> laptop by the Chinese?</span>

 

You mean physically, by hands-on access to your machine?

 

BTW, how is you water heater doing?

 

Michael

[Guest Trespasser]

"Donna Ohl" <donna.ohl@sbcglobal.net> wrote in message

news:ASbNk.4031$D32.757@flpi146.ffdc.sbc.com...<span style="color:blue">

>I was in Beijing, and I used my Windows PC there with a freeware firewall

> and freeware anti virus and freeware malware scanners.

>

> Recently a friend said nearly all American travelers were to be warned by

> the State Department that their laptops, if left in the hotel, were almost

> certainly compromised.

>

> How could I tell if a keylogger or other spyware was inserted onto my

> laptop by the Chinese?

></span>

 

Worse case scenario, you wont. There are programs inpervious to detection,

you could always format and re-install your laptop if you are that worried

about it. Next time be a little more aware of 'free' stuff ...... theres no

such thing as free !

[Guest Jon]

Donna Ohl wrote...

<span style="color:blue">

> I was in Beijing, and I used my Windows PC there with a freeware firewall

> and freeware anti virus and freeware malware scanners.

>

> Recently a friend said nearly all American travelers were to be warned by

> the State Department that their laptops, if left in the hotel, were almost

> certainly compromised.

>

> How could I tell if a keylogger or other spyware was inserted onto my

> laptop by the Chinese?

> </span>

 

Sniff the keyboard. If you can smell sweet & sour, you've been got at.

[Guest Emil Tiades]

On Sun, 26 Oct 2008 21:59:26 -0700, Donna Ohl

<donna.ohl@sbcglobal.net> wrote:

<span style="color:blue">

>I was in Beijing, and I used my Windows PC there with a freeware firewall

>and freeware anti virus and freeware malware scanners.

>

>Recently a friend said nearly all American travelers were to be warned by

>the State Department that their laptops, if left in the hotel, were almost

>certainly compromised.

>

>How could I tell if a keylogger or other spyware was inserted onto my

>laptop by the Chinese?</span>

 

You MUST get one of these without delay

http://zapatopi.net/afdb/

[Guest PA Bear [MS MVP]]

Run a /thorough/ check for hijackware, including posting your hijackthis log

to an appropriate forum.

 

Checking for/Help with Hijackware

http://aumha.org/a/parasite.htm

http://aumha.org/a/quickfix.htm

http://aumha.net/viewtopic.php?t=5878

http://wiki.castlecops.com/Malware_Removal...n:_Introduction

http://mvps.org/winhelp2002/unwanted.htm

http://inetexplorer.mvps.org/data/prevention.htm

http://inetexplorer.mvps.org/tshoot.html

http://www.mvps.org/sramesh2k/Malware_Defence.htm

http://defendingyourmachine2.blogspot.com/

http://www.elephantboycomputers.com/page2....emoving_Malware

 

When all else fails, HijackThis v2.0.2

(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in

conjunction with some other utilities). HijackThis will NOT fix anything on

its own, but it will help you to both identify and remove any

hijackware/spyware with assistance from an expert. Post your log to

http://spywarehammer.com/simplemachinesfor....php?board=10.0,

http://forums.spybot.info/forumdisplay.php?f=22,

http://aumha.net/viewforum.php?f=30, or another appropriate forum for review

by an expert in such matters, not here.

--

~Robear Dyer (PA Bear)

MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

AumHa VSOP & Admin http://aumha.net

DTS-L http://dts-l.net/

 

Donna Ohl wrote:<span style="color:blue">

> I was in Beijing, and I used my Windows PC there with a freeware firewall

> and freeware anti virus and freeware malware scanners.

>

> Recently a friend said nearly all American travelers were to be warned by

> the State Department that their laptops, if left in the hotel, were almost

> certainly compromised.

>

> How could I tell if a keylogger or other spyware was inserted onto my

> laptop by the Chinese? </span>

[Guest David H. Lipman]

From: "PA Bear [MS MVP]" <PABearMVP@gmail.com>

 

| Run a /thorough/ check for hijackware, including posting your hijackthis log

| to an appropriate forum.

 

| Checking for/Help with Hijackware

| http://aumha.org/a/parasite.htm

| http://aumha.org/a/quickfix.htm

| http://aumha.net/viewtopic.php?t=5878

| http://wiki.castlecops.com/Malware_Removal...n:_Introduction

| http://mvps.org/winhelp2002/unwanted.htm

| http://inetexplorer.mvps.org/data/prevention.htm

| http://inetexplorer.mvps.org/tshoot.html

| http://www.mvps.org/sramesh2k/Malware_Defence.htm

| http://defendingyourmachine2.blogspot.com/

| http://www.elephantboycomputers.com/page2....emoving_Malware

 

| When all else fails, HijackThis v2.0.2

| (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in

| conjunction with some other utilities). HijackThis will NOT fix anything on

| its own, but it will help you to both identify and remove any

| hijackware/spyware with assistance from an expert. Post your log to

| http://spywarehammer.com/simplemachinesfor....php?board=10.0,

| http://forums.spybot.info/forumdisplay.php?f=22,

| http://aumha.net/viewforum.php?f=30, or another appropriate forum for review

| by an expert in such matters, not here.

| --

| ~Robear Dyer (PA Bear)

| MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

| AumHa VSOP & Admin http://aumha.net

| DTS-L http://dts-l.net/

 

I agree emphatically with this.

 

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Guest FromTheRafters]

"Donna Ohl" <donna.ohl@sbcglobal.net> wrote in message

news:ASbNk.4031$D32.757@flpi146.ffdc.sbc.com...<span style="color:blue">

>I was in Beijing, and I used my Windows PC there with a freeware firewall

> and freeware anti virus and freeware malware scanners.</span>

 

Usually, depending on which ones you have, these are adequate

safeguards. A couple of anti-spyware applications could also be

added to round things out.

<span style="color:blue">

> Recently a friend said nearly all American travelers were to be warned by

> the State Department that their laptops, if left in the hotel, were almost

> certainly compromised.</span>

 

Physical access to the machine trumps all!

<span style="color:blue">

> How could I tell if a keylogger or other spyware was inserted onto my

> laptop by the Chinese?</span>

 

Scan for everything under the sun from a clean environment.

Booting from a known clean boot cd should thwart most

malware from interfering with the scanning.

 

Follow the advice of PA Bear as well. If I am not mistaken, the

HijackThis program has to be run from the tainted environment

in order to get at the registry data it needs to scan.

[Guest FromTheRafters]

I guess zeroes are good enough for stopping a process from

accessing the data, by this leaves you open to forensic probes.

 

"FromTheRafters" <erratic@nomail.afraid.org> wrote in message

news:O%23RknFJOJHA.1396@TK2MSFTNGP05.phx.gbl...<span style="color:blue">

> "Donna Ohl" <donna.ohl@sbcglobal.net> wrote in message

> news:ASbNk.4031$D32.757@flpi146.ffdc.sbc.com...<span style="color:green">

>>I was in Beijing, and I used my Windows PC there with a freeware firewall

>> and freeware anti virus and freeware malware scanners.</span>

>

> Usually, depending on which ones you have, these are adequate

> safeguards. A couple of anti-spyware applications could also be

> added to round things out.

><span style="color:green">

>> Recently a friend said nearly all American travelers were to be warned by

>> the State Department that their laptops, if left in the hotel, were

>> almost

>> certainly compromised.</span>

>

> Physical access to the machine trumps all!

><span style="color:green">

>> How could I tell if a keylogger or other spyware was inserted onto my

>> laptop by the Chinese?</span>

>

> Scan for everything under the sun from a clean environment.

> Booting from a known clean boot cd should thwart most

> malware from interfering with the scanning.

>

> Follow the advice of PA Bear as well. If I am not mistaken, the

> HijackThis program has to be run from the tainted environment

> in order to get at the registry data it needs to scan.

> </span>

[Guest Rotten Ronny]

"Trespasser" <andie_online@hotmail.com> wrote in message

news:S62dnaLCn4x9bJjUnZ2dnUVZ8jSdnZ2d@bt.com...<span style="color:blue">

> Worse case scenario, you wont. There are programs inpervious to

> detection, you could always format and re-install your laptop if you are

> that worried about it. Next time be a little more aware of 'free' stuff

> ...... theres no such thing as free !

></span>

 

There is nothing impervious to detection if you use the right tools and are

willing to invest the time needed to find them. Personally, I would just do

a secure wipe and practice better safeguards in the future.

[Guest FromTheRafters]

Damn, that post belongs in another thread.

 

I wanted to post this here:

 

http://www.ngssoftware.com/research/papers...PCI_Rootkit.pdf

 

"FromTheRafters" <erratic@nomail.afraid.org> wrote in message

news:uHA7lPJOJHA.2100@TK2MSFTNGP05.phx.gbl...<span style="color:blue">

>I guess zeroes are good enough for stopping a process from

> accessing the data, by this leaves you open to forensic probes.

>

> "FromTheRafters" <erratic@nomail.afraid.org> wrote in message

> news:O%23RknFJOJHA.1396@TK2MSFTNGP05.phx.gbl...<span style="color:green">

>> "Donna Ohl" <donna.ohl@sbcglobal.net> wrote in message

>> news:ASbNk.4031$D32.757@flpi146.ffdc.sbc.com...<span style="color:darkred">

>>>I was in Beijing, and I used my Windows PC there with a freeware firewall

>>> and freeware anti virus and freeware malware scanners.</span>

>>

>> Usually, depending on which ones you have, these are adequate

>> safeguards. A couple of anti-spyware applications could also be

>> added to round things out.

>><span style="color:darkred">

>>> Recently a friend said nearly all American travelers were to be warned

>>> by

>>> the State Department that their laptops, if left in the hotel, were

>>> almost

>>> certainly compromised.</span>

>>

>> Physical access to the machine trumps all!

>><span style="color:darkred">

>>> How could I tell if a keylogger or other spyware was inserted onto my

>>> laptop by the Chinese?</span>

>>

>> Scan for everything under the sun from a clean environment.

>> Booting from a known clean boot cd should thwart most

>> malware from interfering with the scanning.

>>

>> Follow the advice of PA Bear as well. If I am not mistaken, the

>> HijackThis program has to be run from the tainted environment

>> in order to get at the registry data it needs to scan.

>></span>

>

> </span>

[Guest Steve Riley [MSFT]]

I've heard these rumors before, too, and I'm not convinced they're true.

I've traveled to China several times, it isn't the monolithic evil empire

that bulletins like this would seem to indicate. Any laptop left anyplace

unattended has risk; drive encryption like BitLocker is really the only way

to mitigate such attacks (other than keeping the laptop with you at all

times).

 

--

Steve Riley

steve.riley@microsoft.com

http://blogs.technet.com/steriley

Protect Your Windows Network: http://www.amazon.com/dp/0321336437

 

 

 

"Donna Ohl" <donna.ohl@sbcglobal.net> wrote in message

news:ASbNk.4031$D32.757@flpi146.ffdc.sbc.com...<span style="color:blue">

> I was in Beijing, and I used my Windows PC there with a freeware firewall

> and freeware anti virus and freeware malware scanners.

>

> Recently a friend said nearly all American travelers were to be warned by

> the State Department that their laptops, if left in the hotel, were almost

> certainly compromised.

>

> How could I tell if a keylogger or other spyware was inserted onto my

> laptop by the Chinese? </span>

[Guest David H. Lipman]

From: "Steve Riley [MSFT]" <steve.riley@microsoft.com>

 

| I've heard these rumors before, too, and I'm not convinced they're true.

| I've traveled to China several times, it isn't the monolithic evil empire

| that bulletins like this would seem to indicate. Any laptop left anyplace

| unattended has risk; drive encryption like BitLocker is really the only way

| to mitigate such attacks (other than keeping the laptop with you at all

| times).

 

This is not a rumour!

 

A warning was issued about Blackberries as well.

 

You said "I'm not convinced they're true".

Then you are naive.

 

You obviously have not read any Chinese threat assesments.

 

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Guest Dustin Cook]

"Steve Riley [MSFT]" <steve.riley@microsoft.com> wrote in

news:E3C4B9CE-9821-4AB1-A7B4-F523991E1416@microsoft.com:

<span style="color:blue">

> I've heard these rumors before, too, and I'm not convinced they're

> true. I've traveled to China several times, it isn't the monolithic

> evil empire that bulletins like this would seem to indicate. Any

> laptop left anyplace unattended has risk; drive encryption like

> BitLocker is really the only way to mitigate such attacks (other than

> keeping the laptop with you at all times).

> </span>

 

Depending on where you go in China, if you leave a laptop behind, yes,

someone might come along and install something and not take your laptop.

Why would they do this? Having remote access is more valuable, let you

decrypt the data for them. style_emoticons/

 

If you suspect your computer has been compromised, I wouldn't even bother

scanning it unless your a pro; and are willing and know how to go low level

on your own. If you don't have the skills, secure wipe the drive, and

reload the system from known clean backups. In the future, keep all

important data safe and encrypted. Using a proprierty encryption system for

the entire HD isn't a bad idea in this case. That way, no password, no

access, no dropping/installing anything.

 

 

--

Regards,

Dustin Cook, Author of BugHunter

BugHunter - http://bughunter.it-mate.co.uk

MalwareBytes - http://www.malwarebytes.org

[Guest Juan I. Cahis]

Dear Dustin & friends:

 

Dustin Cook <bughunter.dustin@gmail.com> wrote:

<span style="color:blue">

>"Steve Riley [MSFT]" <steve.riley@microsoft.com> wrote in

>news:E3C4B9CE-9821-4AB1-A7B4-F523991E1416@microsoft.com:

><span style="color:green">

>> I've heard these rumors before, too, and I'm not convinced they're

>> true. I've traveled to China several times, it isn't the monolithic

>> evil empire that bulletins like this would seem to indicate. Any

>> laptop left anyplace unattended has risk; drive encryption like

>> BitLocker is really the only way to mitigate such attacks (other than

>> keeping the laptop with you at all times).

>> </span>

>

>Depending on where you go in China, if you leave a laptop behind, yes,

>someone might come along and install something and not take your laptop.

>Why would they do this? Having remote access is more valuable, let you

>decrypt the data for them. style_emoticons/

>

>If you suspect your computer has been compromised, I wouldn't even bother

>scanning it unless your a pro; and are willing and know how to go low level

>on your own. If you don't have the skills, secure wipe the drive, and

>reload the system from known clean backups. In the future, keep all

>important data safe and encrypted. Using a proprierty encryption system for

>the entire HD isn't a bad idea in this case. That way, no password, no

>access, no dropping/installing anything.</span>

 

To encrypt the hard disk is a very good security measure if the laptop

is stolen, but it is useless to avoid a keylogger install.

 

To be able to install a keylogger, the user should be logged in with

Administrator features, and I supposed that the user didn't leave the

computer unattended and powered on and logged in, did you?

 

 

Thanks

Juan I. Cahis

Santiago de Chile (South America)

Note: Please forgive me for my bad English, I am trying to improve it!

[Guest Mark McIntyre]

Re: How can I tell if a keylogger got added to my PC while I wasin Beijing?

 

Juan I. Cahis wrote:<span style="color:blue">

>

> To be able to install a keylogger, the user should be logged in with

> Administrator features, and I supposed that the user didn't leave the

> computer unattended and powered on and logged in, did you?</span>

 

If the hacker has physical access to the computer, all bets are off. He

can boot from a CD or pendrive and install whatever the heck he likes on

the laptop.

[Guest Juan I. Cahis]

Mark McIntyre <markmcintyre@TROUSERSspamcop.net> wrote:

<span style="color:blue">

>Juan I. Cahis wrote:<span style="color:green">

>>

>> To be able to install a keylogger, the user should be logged in with

>> Administrator features, and I supposed that the user didn't leave the

>> computer unattended and powered on and logged in, did you?</span>

>

>If the hacker has physical access to the computer, all bets are off. He

>can boot from a CD or pendrive and install whatever the heck he likes on

>the laptop.</span>

 

Unless you have set the BIOS password, which any respectable SysAdmin

of any respectable business corporation doing international business

should always have set.

 

 

Thanks

Juan I. Cahis

Santiago de Chile (South America)

Note: Please forgive me for my bad English, I am trying to improve it!

[Guest Kerry Brown]

"Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message

news:09jOk.252876$5p1.56150@en-nntp-06.dc1.easynews.com...<span style="color:blue">

> Juan I. Cahis wrote:<span style="color:green">

>>

>> To be able to install a keylogger, the user should be logged in with

>> Administrator features, and I supposed that the user didn't leave the

>> computer unattended and powered on and logged in, did you?</span>

>

> If the hacker has physical access to the computer, all bets are off. He

> can boot from a CD or pendrive and install whatever the heck he likes on

> the laptop.</span>

 

 

If the laptop fully supports bitlocker and bitlocker is used, physical

access won't help you gain access to the contents of the hard drive.

 

--

Kerry Brown

MS-MVP - Windows Desktop Experience: Systems Administration

http://www.vistahelp.ca/phpBB2/

http://vistahelpca.blogspot.com/

[Guest Paul Adare]

On Thu, 30 Oct 2008 11:29:51 -0300, Juan I. Cahis wrote:

<span style="color:blue">

> Unless you have set the BIOS password, which any respectable SysAdmin

> of any respectable business corporation doing international business

> should always have set.</span>

 

BIOS passwords are trivial to bypass. Any sys admin, respectable or not,

who relies on those for security should be fired.

 

--

Paul Adare

MVP - Identity Lifecycle Manager

http://www.identit.ca

[Guest Dustin Cook]

Mark McIntyre <markmcintyre@TROUSERSspamcop.net> wrote in news:09jOk.252876

$5p1.56150@en-nntp-06.dc1.easynews.com:

<span style="color:blue">

> Juan I. Cahis wrote:<span style="color:green">

>>

>> To be able to install a keylogger, the user should be logged in with

>> Administrator features, and I supposed that the user didn't leave the

>> computer unattended and powered on and logged in, did you?</span>

>

> If the hacker has physical access to the computer, all bets are off. He

> can boot from a CD or pendrive and install whatever the heck he likes on

> the laptop.

> </span>

 

Not if the HD is entirely encrypted he can't. It would do him no good

whatsoever to boot from cd, no data to read. No drive to load anything

onto.

 

 

--

Regards,

Dustin Cook, Author of BugHunter

BugHunter - http://bughunter.it-mate.co.uk

MalwareBytes - http://www.malwarebytes.org

[Guest Dustin Cook]

"Kerry Brown" <kerry@kdbNOSPAMsys-tems.c a m> wrote in

news:uoX1I7pOJHA.4700@TK2MSFTNGP03.phx.gbl:

<span style="color:blue">

> "Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message

> news:09jOk.252876$5p1.56150@en-nntp-06.dc1.easynews.com...<span style="color:green">

>> Juan I. Cahis wrote:<span style="color:darkred">

>>>

>>> To be able to install a keylogger, the user should be logged in with

>>> Administrator features, and I supposed that the user didn't leave

>>> the computer unattended and powered on and logged in, did you?</span>

>>

>> If the hacker has physical access to the computer, all bets are off.

>> He can boot from a CD or pendrive and install whatever the heck he

>> likes on the laptop.</span>

>

>

> If the laptop fully supports bitlocker and bitlocker is used, physical

> access won't help you gain access to the contents of the hard drive.

> </span>

 

Indeed. style_emoticons/

 

 

--

Regards,

Dustin Cook, Author of BugHunter

BugHunter - http://bughunter.it-mate.co.uk

MalwareBytes - http://www.malwarebytes.org

[Guest David H. Lipman]

From: "Dustin Cook" <bughunter.dustin@gmail.com>

 

| "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c a m> wrote in

| news:uoX1I7pOJHA.4700@TK2MSFTNGP03.phx.gbl:

<span style="color:blue"><span style="color:green">

>> "Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message

>> news:09jOk.252876$5p1.56150@en-nntp-06.dc1.easynews.com...<span style="color:darkred">

>>> Juan I. Cahis wrote:</span></span></span>

<span style="color:blue"><span style="color:green"><span style="color:darkred">

>>>> To be able to install a keylogger, the user should be logged in with

>>>> Administrator features, and I supposed that the user didn't leave

>>>> the computer unattended and powered on and logged in, did you?</span></span></span>

<span style="color:blue"><span style="color:green"><span style="color:darkred">

>>> If the hacker has physical access to the computer, all bets are off.

>>> He can boot from a CD or pendrive and install whatever the heck he

>>> likes on the laptop.</span></span></span>

 

<span style="color:blue"><span style="color:green">

>> If the laptop fully supports bitlocker and bitlocker is used, physical

>> access won't help you gain access to the contents of the hard drive.</span></span>

 

 

| Indeed. style_emoticons/

 

 

All this has to what is called "Data at Rest" (DAR) and encryption techiniques to be

compliant with DAR protection requirements.

 

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Guest Mark McIntyre]

Re: How can I tell if a keylogger got added to my PC while I wasin Beijing?

 

Juan I. Cahis wrote:<span style="color:blue">

> Mark McIntyre <markmcintyre@TROUSERSspamcop.net> wrote:

><span style="color:green">

>> If the hacker has physical access to the computer, all bets are off. He

>> can boot from a CD or pendrive and install whatever the heck he likes on

>> the laptop.</span>

>

> Unless you have set the BIOS password, which any respectable SysAdmin

> of any respectable business corporation doing international business

> should always have set.</span>

 

Like I said, physical access trumps all. How long do you think it would

take to zap the cmos battery or remove the HDD, boot it in a spare

laptop and then replace the (now infected) HDD?

[Guest Mark McIntyre]

Re: How can I tell if a keylogger got added to my PC while I wasin Beijing?

 

Kerry Brown wrote:<span style="color:blue">

>

> If the laptop fully supports bitlocker and bitlocker is used, physical

> access won't help you gain access to the contents of the hard drive.</span>

 

While I understand your point, you're still wrong. If you have physical

access you can clone the drive and spend as long as you want cracking

encryption.

[Guest FromTheRafters]

"Kerry Brown" <kerry@kdbNOSPAMsys-tems.c a m> wrote in message

news:uoX1I7pOJHA.4700@TK2MSFTNGP03.phx.gbl...<span style="color:blue">

> "Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message

> news:09jOk.252876$5p1.56150@en-nntp-06.dc1.easynews.com...<span style="color:green">

>> Juan I. Cahis wrote:<span style="color:darkred">

>>>

>>> To be able to install a keylogger, the user should be logged in with

>>> Administrator features, and I supposed that the user didn't leave the

>>> computer unattended and powered on and logged in, did you?</span>

>>

>> If the hacker has physical access to the computer, all bets are off. He

>> can boot from a CD or pendrive and install whatever the heck he likes on

>> the laptop.</span>

>

>

> If the laptop fully supports bitlocker and bitlocker is used, physical

> access won't help you gain access to the contents of the hard drive.</span>

 

With physical access to a machine, what prevents you from adding

option rom and re-initializing the TPM? I assume by "fully supports"

you were referring to boot axis validation through the TPM.

 

Otherwise, as the thread is about keylogging (and possible rootkit)

the contents can be had. The TPM feature puts up quite a roadblock

though.

 

http://www.ngssoftware.com/research/papers...PCI_Rootkit.pdf