Somebody has been logging into my spare laptop. It's my personal laptop i keep at my business. I've noticed it in web history and i've been getting viruses. I can change the pw, but would rather not.
CHANGF THE PASSWORD!
I'd like to install "Free Keylogger"
Free Keylogger - CNET Download.com
with 10k+ downloads and over 100 reviews and on cnet and reviewed by cnet would you thnk this application is safe?
NO! Will get you nothing but trouble and poor performance.
1. How can I be sure this software is safe and won't send my sensitive information over the net back to some DB? I can see the logger records my passwords to it's logs.
2. Its a simple program. To feel safer I added a inbound and outbound firewall rules on my laptop (windows 7) to stop traffic from the one program. Does this help? Is this enough. Can the program still send data if these firewall rules are in place?
EXCELLENT! If that's the only offending program, then you should have no problems.
3. I have a new Cisco router 4500 I think with Cisco Cloud. Any way I can stop all non 80/443 traffic FROM/TO the device? Not sure how I can do this with the router.
No experience. Someone else will need to guide you on this one.
Since you are infected, then to have a clean system you must run Windows Defender Offline which is NOT Windows Defender as you know it.
Here is the procedure and info you need:
HOW TO USE WINDOWS DEFENDER OFFLINE ON A USB STICK
Windows Defender Offline
· is a
free standalone,
bootable malware and virus remover from Microsoft.
· performs an offline scan of an infected PC to remove viruses, rootkits and other advanced malware.
Download Windows Defender Offline (about 764 kB)
You will have the choice of downloading the 32bit version (x86) or the 64 bit version (x64).
The link will help you determine whether you are running a 32 bit version or 64 bit version of Windows
NOTE!! You can download and prepare a 32 bit version using a 64 bit version of Windows
NOTE!! You can download and prepare a 64 bit version using a 32bit version of Windows.
You run the 32 bit version on a 32 bit version of Windows.
You run the 64 bit version on a 64 bit version of Windows.
The 32 bit download file name is:
mssstool32.exe
The 64 bit download file name is:
mssstool64.exe
For the curious, this program was originally name
Microsoft
Standalone
System
Sweeper.
INSTALLATION:
You will need an Internet Connection.
Insert 512 mB (Microsoft’s 256 mB is no longer accurate) or larger USB stick into a usb port.
Run the downloaded program--
mssstool64.exe or
mssstool32.exe
NEXT button
Choose the option
On a USB flash drive that is not password protected
NEXT button
NEXT button
.
The install program will format the usb stick using the NTFS format.
The install program will download about 210 mB.
The install program will name the USB stick
WDO_Media32 or
WDO_Media64
The WDO_Media32 usb stick will have used space of 255 mB (268,140,544 bytes)
The WDO_Media64 usb stick will have used space of 282 mB (296,165,376 bytes)
You can expect the number of mB to increase as more malware appears.
UPDATE Windows Defender Offline USB stick:
· reinsert the usb stick
· run the installation program,
mssstool64.exe or
mssstool32.exe, again.
· the update will download about 66 mB (mssstool32.exe) and 68 mB (mssstool64.exe).
Since the malware database is sometimes updated several times in a day, always update before running.
PERFORM AN OFFLINE SCAN
Bootup your computer from the USB stick
Windows Defender Offline will automatically perform a
quick scan.
After the quick scan finishes,
Choose Full Scan
Select
all of your drives
The initial,
full scan can easily take several hours, but
Remember, your computer is being very thoroughly checked for all types of malware.
RESULTS OF THE SCAN
The results will be in 4 log files on your computer's disk in:
\Windows\Microsoft Antimalware\Support
==============================================
==============================================
After running WDO, then carry out following and upload the resulting .ZIP file.
I'll await the ZIP file before I proceed.
PHP:
# ************************************************************
# Zips up your log files from Windows Defender Offline
# and extended info about the log files
# Places WDOlogs.ZIP on your Desktop
#
# **********************INSTRUCTIONS**************************
# STEP 1 *****************************************************
# RUN PowerShell as administrator
# START ORB | type POWERSHELL | CTRL+SHIFT+ENTER key combo | ALT+Y keycombo
# ************************************************************
# STEP 2 *****************************************************
# COPY, using CTRL+C, every line down thru both EXIT statements
# PASTE into Powershell == Right-Click at the PowerShell Prompt
# (Ctrl+V does not work)
# Start copying with first line without a # at start of the line
# Note: Actually, you can paste the entire file if you rather
# Lines starting with a # are ignored by PowerShell
# ************************************************************
#functions
function New-Zip {
param([Parameter(Mandatory=$true, Position=0, ValueFromPipeline=$true)]
[String] $Path, [Switch] $PassThru, [Switch] $Force )
Process { if (Test-Path $path) {if (-not $Force) { return } }
Set-Content $path ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18))
$item = Get-Item $path; $item.IsReadOnly = $false;if ($passThru) { $item } } }
function Copy-ToZip {param(
[Parameter(Mandatory=$true,Position=0,ValueFromPipelineByPropertyName=$true)] [Alias('FullName')]
[String]$File, [Parameter(Mandatory=$true,Position=1)] [String]$ZipFile,[Switch]$HideProgress,[Switch]$Force )
Begin {$ShellApplication = New-Object -ComObject Shell.Application
if (-not (Test-Path $ZipFile)) {New-Zip $ZipFile};$Path = Resolve-Path $ZipFile
$ZipPackage =$ShellApplication.Namespace("$Path")}
Process {$RealFile = Get-Item $File; if (-not $RealFile) { return }
if (-not $hideProgress) {$perc +=5; if ($perc -gt 100) { $perc = 0 }
Write-Progress "Copying to $ZipFile" $RealFile.FullName -PercentComplete $perc}
$Flags = 0; if ($force) {$flags = 16 -bor 1024 -bor 64 -bor 512};Write-Verbose $realFile.Fullname
$ZipPackage.CopyHere($realFile.Fullname, $flags);Start-Sleep -Milliseconds 500}}
$fileinfo = join-path $env:TEMP \wdofileinfo.txt
IF (test-path $fileinfo) {del $fileinfo -ea:silentlycontinue -force:$true}
$dir = $env:windir + '\Microsoft Antimalware\Support'
$a = dir $dir -rec -force -ea:silentlycontinue | sort-object -property lastwritetime
$b = $a | where {$_.extension -eq '.log'} |Select mode, fullname, name, creationtime, lastwritetime, lastaccesstime, length, extension
$b | out-file -append $fileinfo
$b | foreach ($_.fullname) {get-content -path $_.fullname} | out-file -append $fileinfo
$ziploc = $env:userprofile + '\desktop\WDOlogs.ZIP'
new-zip $ziploc -verbose:$false -ea:silentlycontinue -force:$true
copy-tozip $fileinfo $ziploc -verbose:$false -hideprogress:$true
del $fileinfo
EXIT
EXIT
# ***************** NOTE - POWERSHELL VERSION*****************
# if you receive this error msg:
# Get-WinEvent: The system can not find the path specified
# you need to update your PowerShell
# you must be using Powershell 2.0 or later.
#
# To determine your Powershell version:
# Run PowerShell
# enter $host.version
# you should see at least:
# Major Minor Build Revision
# ----- ----- ----- --------
# 2 0 -1 -1
#
# If you do not see the above, update your Vista/Win 7.
# ************************************************************
# *************** NOTE - EXECUTION POLICY*********************
# If you haven't set the execution policy, you may need to:
# Run PowerShell
# enter Set-ExecutionPolicy -executionpolicy remotesigned
#
# ************************************************************
==================================================
karl
