[dshield] Re: [Dshield] Guru Help Please.
RShady at stny.rr.com
Sun Aug 24 20:29:29 GMT 2003
Probably one of the best is SpyBot S&D here:
Be careful when you use it though - it lists windows files also.
Read the help files carefully.
Wayne Jr wrote:
> Is there anyway to tell if there is a keylogger program running (or
> on your computer)?
> Wayne Jr
> On Sun, 24 Aug 2003 12:10:50 -0600, Chris Ream wrote:
>>I'm not quite sure what to do with something I'm working on so I
>>I would put it out to the group to see if you bright folks can help
>>Using filemon I discovered that an application calling itself
>>is running out of my startup folder. It seems to be a keystroke
>>because it's writing temp files when I do things like send email,
>>to notepad etc...
>>I am proficient in assembly and wish to disassemble it and see
>>what it's doing however, it's packed with upx. I tried decompressing
>>with the latest version of upx but it gives me a checksum error and
>>decompress the file. The weird thing is that it obviously
>>itself when it runs.
>>I am thinking that the virus writer intentionally modified the
>>so it would be harder to un-upx and disassemble. This thing is scary
>>it's making calls to winsock.
>>Has anyone dealt with this type of situation before? If so, help me
>>list mailing list
>>list at dshield.org
>>To change your subscription options (or unsubscribe), see:
>>This message has been processed by Firetrust Benign.
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
More information about the list