Stealth Mode Detection

Discussion in 'Windows 7 Help and Support' started by lazycarrot, Mar 28, 2010.

  1. lazycarrot

    lazycarrot New Member

    Joined:
    Mar 28, 2010
    Messages:
    4
    Likes Received:
    0
    Is it possible to detect if there is a program running on my machine in stealth mode?
    Specifically if i suspect a keylogger (eg eblaster) has been covertly installed on my machine is there any way to detect this?
     
  2. cybercore

    cybercore New Member

    Joined:
    Jul 7, 2009
    Messages:
    15,823
    Likes Received:
    321
    A good security program will detect it.


    How to detect a Keylogger :

    * Check the task list by press ctrl+alt+del in windows. Examine all the tasks running, if you unsure of a task look it up on a search engine.

    * Use the system configuration utility to determine which task are loaded at start-up (type "msconfig" in the run box to start).

    * Run your antivirus checker, it's possible this will pick up the Keylogger on your system.
    Scan your hard disk for the most recent files stored. Look at the contents of any files continually updating (these might be logs).

    * Download a specific keylogger detector program, and see if it detects anything.
    Run Spybot S&D, this program checks for some known keyloggers.
     
    lazycarrot and (deleted member) like this.
  3. lazycarrot

    lazycarrot New Member

    Joined:
    Mar 28, 2010
    Messages:
    4
    Likes Received:
    0
    Thanks Cybercore - I'll try those out...

    Actually received a zip file attachment that i'd been tipped off as containing 'a virus'...
    Ran it past 36 different anti-virus programs, including AVG, McAfee and Microsoft - only 1 program flagged it as suspicious - kind of set the alarm bells ringing.

    Will run the checks you suggest just for peace of mind.
     
  4. cybercore

    cybercore New Member

    Joined:
    Jul 7, 2009
    Messages:
    15,823
    Likes Received:
    321
    You're welcome. :)

    You can also submit any file to VirusTotal. If at least 1 threat or suspicion is found, do not use the risky file.
     
  5. Digerati

    Digerati Fantastic Member
    Microsoft MVP

    Joined:
    Oct 25, 2009
    Messages:
    2,069
    Likes Received:
    159
    I am not sure I would panic if only 1 out of 36 scanners detected a problem. I would try Malwarebytes's Anti-Malware (MBAM) too. And of course keyloggers need to call home, so check your firewall too.
     
  6. cybercore

    cybercore New Member

    Joined:
    Jul 7, 2009
    Messages:
    15,823
    Likes Received:
    321
    Completely on everything, Diggy. 1 scanner suspicious report is enough in my opinion because (1) you can never know and (2) try for example submitting a clean file, like a licensed installer, all the ~ 50 scanners will report it clean. So I mean a clean file is a clean file, I personally never risk. :)
     
    #6 cybercore, Mar 29, 2010
    Last edited: Mar 29, 2010
  7. Digerati

    Digerati Fantastic Member
    Microsoft MVP

    Joined:
    Oct 25, 2009
    Messages:
    2,069
    Likes Received:
    159
    I am definitely NOT saying to ignore the warning - you must still check it out. But even the best scanners have false positives and 1 out of 36 sounds like just that.
     
  8. cybercore

    cybercore New Member

    Joined:
    Jul 7, 2009
    Messages:
    15,823
    Likes Received:
    321
    You are right. A huge chance that 1 out of 36 is a false positive. However, I have tried submitting files from trusted locations, such as open-source projects, Microsoft downloads, etc. and none of those that I submitted was reported positive. Of course I can't verify it with absolutely all trusted files. Just as yours my opinion is that 1 out 36 is still somewhat risky and should be given user attention.
     
  9. Joe S

    Joe S Excellent Member

    Joined:
    Jan 12, 2009
    Messages:
    3,785
    Likes Received:
    113
    It would depend on the type of file and source. I've had tools and files I used to slipstream XP with that had false positives. I knew they were safe because I had been using them for a long time. I submitted file and download location to Avast and they fixed the definition in a day or two. They are exceptionally good in comparison to other makers.
    Joe
     

Share This Page

Loading...