Tong-Pak-Fu

A place to relax and discuss.
 
HomePortalFAQSearchRegisterMemberlistUsergroupsLog in

Share | 
 

 Trojan/Keylogger Removal (100% Success)

View previous topic View next topic Go down 
AuthorMessage
Tong-Pak-Fu
Admin
Admin
avatar

Number of posts : 229
Registration date : 2007-03-24

PostSubject: Trojan/Keylogger Removal (100% Success)   Sat Mar 24, 2007 11:09 pm

Everybody knows that programs made to do what a human should do have flaws, it's the same with AdAware programs created to remove Spyware, AntiVirus' with Virii and so on. Well, the easiest way to stop and remove a keylogger, or any other malware, is to do it yourself.
There are a number of startup methods that any trojan or keylogger could use, and the most obvious one is the registry, so lets start there.

Registry Checking

HKLM = Hkey_Local_machine
HKLM/Software/Microsoft/Windows/CurrentVersion/

Within this folder the following folders are where your malware could be located:

Run
RunOnce
RunServices
RunServicesOnce

Anything suspicious, remove it - make sure it's not your favourite program or anything like that though.

HKCU = Hkey_Current_User
HKCU/Software/Microsoft/Windows/CurrentVersion/
Run
RunOnce
RunServices
RunServicesOnce

Configuration file checking

In relation to the following folders, %windowsbase is actually your Windows root directory, for most it'll just be C:\Windows\

Autoexec.bat

Right click and press edit to open this one in wordpad/notepad. Take a look for anything sus.

C:\%windowsbase\System.ini

Check inside this file, there may be run= lines.

C:\%windowsbase\Win.ini

If there are run and load sections in that file, check them.

Folder checking

Check your startup folder.
C:\Documents and Settings\%USER\Start Menu\

That's a really common way, I like to call it the lazy way. It's probably the best place to start looking, as most coders won't put too much thought/research into their startup method.
Check "explorer.exe" - Win 9x and ME only!

This is probably a less common way that you'll see being implemented, as it only works on Pre-ME OS'.

Microsoft are clever; so clever, in fact, that they included no directory for explorer.exe in these particular Operating Systems. So, if a coder wanted to, he could just rename his trojan to explorer.exe during runtime and throw it in your C:\ - and it'd run.

Windows NT and 2000

Another less common way, because of the narrow focus it presents.
It's a registry folder, you'll need to check it.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Within there it should have explorer.exe, if it's anything else, you're probably in a bit of trouble.

I was exaggerating when I said 100% success, but, in my opinion, a trained eye is a lot better than a narrow-minded database of malware. I'm not saying for you not to use your already installed malware and spyware prevention programs, but just remember that there's no need to waste all of your memory on them - when they follow, more or less, the same steps I just provided

_________________
- Latest Sig -


- Favorite Sig -
Back to top Go down
View user profile http://tongpakfu.niceboard.com
OpStardust
New Otaku
New Otaku
avatar

Number of posts : 79
Registration date : 2007-04-01

PostSubject: Re: Trojan/Keylogger Removal (100% Success)   Wed Apr 04, 2007 11:51 pm

lol are you sure this is 100%? has anyone done this before yet in here?
Back to top Go down
View user profile
 
Trojan/Keylogger Removal (100% Success)
View previous topic View next topic Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
Tong-Pak-Fu :: Otaku's Hangout Place :: Entertainment :: Computers :: Tech Support-
Jump to: