How can I tell if a keylogger got added to my PC while I was in Beijing?

November 5, 2008

No, we've done it before, and he keeps coming back. Besides, it's 'Be Kind

to Nutjobs' week.

"Leonard Grey" <l.grey@invalid.invalid> wrote in message

news:%23pitmguPJHA.4224@TK2MSFTNGP04.phx.gbl...

: Everyone: The sooner we stop giving this guy an audience, the sooner

: he'll go away.

: ---

: Leonard Grey

: Errare Humanum Est

:

: ~BD~ wrote:<snipped>

November 6, 2008

Are you kidding. I know this guy since a few years when he started posting on other servers and as they say you cannot even b t him to d th

--

Peter

Please Reply to Newsgroup for the benefit of others

Requests for assistance by email can not and will not be acknowledged.

"Leonard Grey" <l.grey@invalid.invalid> wrote in message news:%23pitmguPJHA.4224@TK2MSFTNGP04.phx.gbl...

> Everyone: The sooner we stop giving this guy an audience, the sooner

> he'll go away.

> ---

> Leonard Grey

> Errare Humanum Est

>

> ~BD~ wrote:<snipped>

November 6, 2008

"Kayman" <kaymanDeleteThis@operamail.com> wrote in message

news:OmOFM9kPJHA.2348@TK2MSFTNGP05.phx.gbl...

> On Mon, 3 Nov 2008 22:19:57 -0500, FromTheRafters wrote:

>

>>> Thanks for your post - I very nearly posted a similar article about the

>>> Sinowal virus this morning!

>>

>> Despite what you may find experts saying, this is not a virus. A virus is

>> a very specific type of malware - this does not qualify.

>>

>>> My understanding is that this virus can, and indeed does, install itself

>>> silently - without the knowledge of the user of the computer.

>>

>> It is a trojan horse program - to begin with.

>>

>> ...then, once installed, it is many other things.

>>

>>> If the machine continues to all intents and purposes to 'work' the

>>> malware

>>> is unlikely to be discovered. However, let's suppose that I mention this

>>> 'nastie' to a friend and he says "How can I check to see if I have been

>>> infected?".

>>>

>>> What answer should I give him?

>>

>> The most important aspect of the program (once installed) is its ability

>> to hide - it uses the MBR to implement a 'rootkit' - you need to detect

>> this rootkit.

>>

>> David Lipman recommends GMER often enough for me to think that

>> it is a good rootkit detector. I suspect he would know better than most

>> posters here.

>>

>> - just a hunch ;-)

>

> Educational viewing!

> Mark Russinovich - Advanced Malware Cleaning

> http://www.microsoft.com/emea/spotlight/se...spx?videoid=359

> (Rootkit issues are discussed towards to the end of the presentation).

Thanks for the link Kayman.

....and I'm glad somebody else threw a Pakistani Brain 20th anniversary

bash. style_emoticons/)

November 6, 2008

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

news:enDi%23AjPJHA.4372@TK2MSFTNGP04.phx.gbl...

> From: "FromTheRafters" <erratic@nomail.afraid.org>

>

>>> Thanks for your post - I very nearly posted a similar article about the

>>> Sinowal virus this morning!

>

> | Despite what you may find experts saying, this is not a virus. A virus

> is

> | a very specific type of malware - this does not qualify.

>

>>> My understanding is that this virus can, and indeed does, install itself

>>> silently - without the knowledge of the user of the computer.

>

> | It is a trojan horse program - to begin with.

>

> | ...then, once installed, it is many other things.

>

>>> If the machine continues to all intents and purposes to 'work' the

>>> malware

>>> is unlikely to be discovered. However, let's suppose that I mention this

>>> 'nastie' to a friend and he says "How can I check to see if I have been

>>> infected?".

>

>>> What answer should I give him?

>

> | The most important aspect of the program (once installed) is its ability

> | to hide - it uses the MBR to implement a 'rootkit' - you need to detect

> | this rootkit.

>

> | David Lipman recommends GMER often enough for me to think that

> | it is a good rootkit detector. I suspect he would know better than most

> | posters here.

>

> | - just a hunch ;-)

>

> http://www2.gmer.net/mbr/

Nice write-up!

Did you view the link Kayman posted? It is recommended apparently

that many different rootkit detectors be employed - such as is the case

with the non-viral malware (spyware/adware) detectors. Some may

catch what others may miss (no real surprise there).

Thanks for the link, it's a keeper.

November 6, 2008

On Wed, 5 Nov 2008 21:34:02 -0500, FromTheRafters wrote:

> "Kayman" <kaymanDeleteThis@operamail.com> wrote in message

> news:OmOFM9kPJHA.2348@TK2MSFTNGP05.phx.gbl...

>> On Mon, 3 Nov 2008 22:19:57 -0500, FromTheRafters wrote:

>>

>>>> Thanks for your post - I very nearly posted a similar article about the

>>>> Sinowal virus this morning!

>>>

>>> Despite what you may find experts saying, this is not a virus. A virus is

>>> a very specific type of malware - this does not qualify.

>>>

>>>> My understanding is that this virus can, and indeed does, install itself

>>>> silently - without the knowledge of the user of the computer.

>>>

>>> It is a trojan horse program - to begin with.

>>>

>>> ...then, once installed, it is many other things.

>>>

>>>> If the machine continues to all intents and purposes to 'work' the

>>>> malware

>>>> is unlikely to be discovered. However, let's suppose that I mention this

>>>> 'nastie' to a friend and he says "How can I check to see if I have been

>>>> infected?".

>>>>

>>>> What answer should I give him?

>>>

>>> The most important aspect of the program (once installed) is its ability

>>> to hide - it uses the MBR to implement a 'rootkit' - you need to detect

>>> this rootkit.

>>>

>>> David Lipman recommends GMER often enough for me to think that

>>> it is a good rootkit detector. I suspect he would know better than most

>>> posters here.

>>>

>>> - just a hunch ;-)

>>

>> Educational viewing!

>> Mark Russinovich - Advanced Malware Cleaning

>> http://www.microsoft.com/emea/spotlight/se...spx?videoid=359

>> (Rootkit issues are discussed towards to the end of the presentation).

>

> Thanks for the link Kayman.

> ...and I'm glad somebody else threw a Pakistani Brain 20th anniversary

> bash. style_emoticons/)

YW.

Here's some additional info:

Avoiding Rootkit Infection.

The rules to avoid rootkit infection are for the most part the same as

avoiding any malware infection however there are some special

considerations:

Because rootkits meddle with the operating system itself they require

full Administrator rights to install. Hence infection can be avoided by

running Windows from an account with lesser privileges" (LUA in XP and

UAC in Vista).

Running MRT provided monthly by MSFT can be beneficial detecting some

rootkits.

Rootkit Removal applications.

The effectiveness of an individual Rootkit removal application are

wide-ranging and it is recommended utilizing a collection of

detection/removal tools; You are encouraged to try all of them (join

relevant fora for additional support i.e. interpretation of scan results):

ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

DarkSpy

http://www.antirootkit.com/software/DarkSpy.htm

http://www.antirootkit.com/forums/viewforum.php?f=18

F-Secure BlackLight (Download Trial)

http://www.f-secure.com/blacklight/

http://www.antirootkit.com/forums/viewforum.php?f=13

GMER - is an application that detects and removes rootkits.

http://www.gmer.net/index.php

http://antirootkit.com/forums/index.php?si...781ffe4361c3a17

IceSword

http://www.antirootkit.com/software/IceSword.htm

http://www.antirootkit.com/forums/index.php

McAfee Rootkit Detective

http://download.nai.com/products/mcafee-av...itDetective.zip

RAIDE

http://www.rootkit.com/project.php?id=33

download:

http://www.rootkit.com/vault/petersilberman/RAIDE_BETA_1.zip

http://www.rootkit.com/boardm.php

RootAlyzer

http://forums.spybot.info/showthread.php?t=24185

http://www.spybotupdates.com/files/rootalyz.zip

Rootkit Revealer

http://www.microsoft.com/technet/sysintern...itRevealer.mspx

http://forum.sysinternals.com/forum_topics.asp?FID=15

RootKit Hook Analyzer

http://www.softpedia.com/get/Security/Secu...-Analyzer.shtml

http://www.antirootkit.com/forums/viewforum.php?f=17

RootKit Hook Analyzer

http://www.resplendence.com/hookanalyzer

http://www.antirootkit.com/forums/viewforum.php?f=17

RootAlyzer

http://forums.spybot.info/showthread.php?t=24185

http://www.spybotupdates.com/files/rootalyz.zip

Panda Anti Rootkit

http://research.pandasecurity.com/blogs/im...AntiRootkit.zip

Sophos Anti-Rootkit - Free tool for rootkit detection and removal

http://www.sophos.com/products/free-tools/...ti-rootkit.html

Direct link:

http://www.sophos.com/support/cleaners/sarsfx.exe

http://www.techsupportforum.com/networking...ti-rootkit.html

System Virginity Verifier

http://www.softpedia.com/get/System/System...-Verifier.shtml

http://www.antirootkit.com/forums/viewforum.php?f=25

System Virginity Verifier

http://www.antirootkit.com/software/System...ty-Verifier.htm

http://www.antirootkit.com/forums/viewforum.php?f=25

VICE

http://www.rootkit.com/project.php?id=20

download:

http://www.rootkit.com/vault/fuzen_op/vice.zip

http://www.rootkit.com/boardm.php

November 6, 2008

"Peter Foldes" <okf22@hotmail.com> wrote in message

news:OUamoO7PJHA.4864@TK2MSFTNGP06.phx.gbl...

Are you kidding. I know this guy since a few years when he started posting

on other servers and as they say you cannot even b t him to d th

--

Peter

Please Reply to Newsgroup for the benefit of others

Requests for assistance by email can not and will not be acknowledged.

--

Tenacious is the appropriate word Mr Foldes.

If you recall, I didn't simply 'start posting on other servers' - I

responded to an email from a Kuay Tim 'inviting' me to Annexcafe (on your

behalf, I seem to remember). I was highly suspicious from the outset. I

believe that all is not quite as is seems at first sight at

www.annexcafe.com - with specific reference to the User2User group.

FYI - I've been in email contact with Tim Kauppila <kuaytim at

earthlink.net> recently. He has cancer.

November 6, 2008

On Thu, 6 Nov 2008 09:13:43 -0000, ~BD~ wrote:

> Tenacious is the appropriate word Mr Foldes.

No, once again, off-topic is the word. This news group is not your personal

chat area, nor is it an appropriate location for you to air your

grievances. Take this garbage elsewhere.

--

Paul Adare

MVP - Identity Lifecycle Manager

http://www.identit.ca

November 10, 2008

I didn't like EOD!

"How nice it would be if similar info was available about Mr Lipman!"

Read below please.

Dave

--

"~BD~" <~BD~@no.mail.afraid.com> wrote in message

news:OyD70YuPJHA.1908@TK2MSFTNGP04.phx.gbl...

> My replies in-line!

>

> "FromTheRafters" <erratic@nomail.afraid.org> wrote in message

> news:ONiG5wiPJHA.4576@TK2MSFTNGP03.phx.gbl...

>>> Thanks for your post - I very nearly posted a similar article about the

>>> Sinowal virus this morning!

>>

>> Despite what you may find experts saying, this is not a virus. A virus is

>> a very specific type of malware - this does not qualify.

>

> My bad. Sorry!

>

>

>>> My understanding is that this virus can, and indeed does, install itself

>>> silently - without the knowledge of the user of the computer.

>>

>> It is a trojan horse program - to begin with.

>>

>> ...then, once installed, it is many other things.

>

> My bad x2. Sorry!

>

>

>>> If the machine continues to all intents and purposes to 'work' the

>>> malware is unlikely to be discovered. However, let's suppose that I

>>> mention this 'nastie' to a friend and he says "How can I check to see if

>>> I have been infected?".

>>>

>>> What answer should I give him?

>>

>> The most important aspect of the program (once installed) is its ability

>> to hide - it uses the MBR to implement a 'rootkit' - you need to detect

>> this rootkit.

>>

>> David Lipman recommends GMER often enough for me to think that

>> it is a good rootkit detector. I suspect he would know better than most

>> posters here.

>>

>> - just a hunch ;-)

>>

>

> So ......... now what many will think a stupid question.

>

> How can one be certain that GMER is simply a great tool to detect

> rootkits? (and doesn't damage a machine!)

>

> I caught this item 'in passing' as it were:-

>

> Sanctuary (thank you Paul Vixie and ISC) welcomes gmer.net.

> I also thank Matt Jonkman for his excellent assistance,

> and Register.com for being on the phone all day with us.

>

> gmer, this one is for you brother.

>

> GMER Application: download

> Catchme: download

>

> gmer has asked that this page remain, so to visit the site, click here.

>

> -Paul Laudanski, 12:55PM EST Sunday, 21Jan2007

>

> If there are problems with the site, please contact me.

>

> So then a trip here: http://www.linkedin.com/pub/1/49a/17b to dicover lots

> about Paul Laudanski.

>

> Seems pretty conclusive to me! (Edit: i.e. PL is an OK guy!)

>

> Dave

>

> PS How nice it would be if similar info was available about Mr Lipman!

>

> --

November 11, 2008

From: "~BD~" <~BD~@nomail.afraid.com>

| I didn't like EOD!

| "How nice it would be if similar info was available about Mr Lipman!"

| Read below please.

| Dave

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

November 12, 2008

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

news:uwvF7N5QJHA.4008@TK2MSFTNGP02.phx.gbl...

<Nothing!>

Whist I seriously doubt it, he may have been refering to this site

http://www.notyourmamasreligion.com/web/pa...11536/pages.asp , which says

........

"What is truth? Who has it? Let's face it: In today's world, it's hard to

know what's true anymore. How's your journey going? Has your search for real