|
|
|
|||||||
| Notices |
 |
|
|
Thread Tools | Display Modes |
23-01-2006, 11:30 PM
|
#1 |
|
Junior Member (25+)
Join Date: Nov 2005
Posts: 34
Thanks: 0
Thanked 8 Times in 3 Posts
Rep Power: 0
  |
Trojan / Keylogger manual removal
Everybody knows that programs made to do what a human should do have flaws, it's the same with AdAware programs created to remove Spyware, AntiVirus' with Virii and so on. Well, the easiest way to stop and remove a keylogger, or any other malware, is to do it yourself.
There are a number of startup methods that any trojan or keylogger could use, and the most obvious one is the registry, so lets start there. Registry Checking HKLM = Hkey_Local_machine HKLM/Software/Microsoft/Windows/CurrentVersion/ Within this folder the following folders are where your malware could be located: Run RunOnce RunServices RunServicesOnce Anything suspicious, remove it - make sure it's not your favourite program or anything like that though. HKCU = Hkey_Current_User HKCU/Software/Microsoft/Windows/CurrentVersion/ Run RunOnce RunServices RunServicesOnce Configuration file checking In relation to the following folders, %windowsbase is actually your Windows root directory, for most it'll just be C:\Windows\ Autoexec.bat Right click and press edit to open this one in wordpad/notepad. Take a look for anything sus. C:\%windowsbase\System.ini Check inside this file, there may be run= lines. C:\%windowsbase\Win.ini If there are run and load sections in that file, check them. Folder checking Check your startup folder. C:\Documents and Settings\%USER\Start Menu\ That's a really common way, I like to call it the lazy way. It's probably the best place to start looking, as most coders won't put too much thought/research into their startup method. Check "explorer.exe" - Win 9x and ME only! This is probably a less common way that you'll see being implemented, as it only works on Pre-ME OS'. Microsoft are clever; so clever, in fact, that they included no directory for explorer.exe in these particular Operating Systems. So, if a coder wanted to, he could just rename his trojan to explorer.exe during runtime and throw it in your C:\ - and it'd run. Windows NT and 2000 Another less common way, because of the narrow focus it presents. It's a registry folder, you'll need to check it. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Within there it should have explorer.exe, if it's anything else, you're probably in a bit of trouble. In my opinion, a trained eye is a lot better than a narrow-minded database of malware. I'm not saying for you not to use your already installed malware and spyware prevention programs, but just remember that there's no need to waste all of your memory on them - when they follow, more or less, the same steps I just provided. |
|
|
|
29-06-2006, 03:57 PM
|
#2 |
|
Newbie
Join Date: Jun 2006
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
 |
|
|
|
|
|
29-06-2006, 05:21 PM
|
#3 |
|
ƒ(ψ)=Θº×φ
 
Join Date: May 2006
Location: India
Age: 23
Posts: 6,621
Thanks: 19
Thanked 645 Times in 603 Posts
Rep Power: 87
 OS:
|
The registry checking will be much easier if Autoruns is used. and also a scan by HijackThis
__________________
Please don't click here |
|
|
|
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Manual available? | Edwin Smith | Windows Mobile | 5 | 03-09-2007 11:33 PM |
| Manual update across sites | Ashpoint | Windows Server 2003 | 8 | 28-08-2007 07:36 AM |
| HELP! F2 shortcut key to rename file/folder no longer working in XP Pro. Settings issue or keylogger infection? | mad.scientist.jr@gmail.com | Windows XP | 4 | 18-08-2007 12:13 PM |
| Req; Good manual for learning XP. | Jackson | Windows XP | 12 | 16-08-2007 11:34 AM |
| a freeware keylogger | netsQuid | Computer Security | 4 | 05-06-2006 07:04 PM |
< Windows Help - MS Office Help - Hardware Support >
| New To Site? | Need Help? |
Linear Mode
