Windows 7 Stealth Mode Detection

L

lazycarrot

New Member
Joined
Mar 28, 2010
Messages
4
Is it possible to detect if there is a program running on my machine in stealth mode?
Specifically if i suspect a keylogger (eg eblaster) has been covertly installed on my machine is there any way to detect this?
 
Solution
A good security program will detect it.


How to detect a Keylogger :

* Check the task list by press ctrl+alt+del in windows. Examine all the tasks running, if you unsure of a task look it up on a search engine.

* Use the system configuration utility to determine which task are loaded at start-up (type "msconfig" in the run box to start).

* Run your antivirus checker, it's possible this will pick up the Keylogger on your system.
Scan your hard disk for the most recent files stored. Look at the contents of any files continually updating (these might be logs).

* Download a specific keylogger detector program, and see if it detects anything.
Run Spybot S&D, this program checks for some known...
Sort by date Sort by votes
A good security program will detect it.


How to detect a Keylogger :

* Check the task list by press ctrl+alt+del in windows. Examine all the tasks running, if you unsure of a task look it up on a search engine.

* Use the system configuration utility to determine which task are loaded at start-up (type "msconfig" in the run box to start).

* Run your antivirus checker, it's possible this will pick up the Keylogger on your system.
Scan your hard disk for the most recent files stored. Look at the contents of any files continually updating (these might be logs).

* Download a specific keylogger detector program, and see if it detects anything.
Run Spybot S&D, this program checks for some known keyloggers.
 
Upvote 0 Downvote
Solution
Thanks Cybercore - I'll try those out...

Actually received a zip file attachment that i'd been tipped off as containing 'a virus'...
Ran it past 36 different anti-virus programs, including AVG, McAfee and Microsoft - only 1 program flagged it as suspicious - kind of set the alarm bells ringing.

Will run the checks you suggest just for peace of mind.
 
Upvote 0 Downvote
I am not sure I would panic if only 1 out of 36 scanners detected a problem. I would try Link Removed due to 404 Error (MBAM) too. And of course keyloggers need to call home, so check your firewall too.
 
Upvote 0 Downvote
Digerati said:
I am not sure I would panic if only 1 out of 36 scanners detected a problem. I would try Link Removed due to 404 Error (MBAM) too. And of course keyloggers need to call home, so check your firewall too.
Click to expand...

Completely on everything, Diggy. 1 scanner suspicious report is enough in my opinion because (1) you can never know and (2) try for example submitting a clean file, like a licensed installer, all the ~ 50 scanners will report it clean. So I mean a clean file is a clean file, I personally never risk.
 
Last edited:
Upvote 0 Downvote
I am definitely NOT saying to ignore the warning - you must still check it out. But even the best scanners have false positives and 1 out of 36 sounds like just that.
 
Upvote 0 Downvote
You are right. A huge chance that 1 out of 36 is a false positive. However, I have tried submitting files from trusted locations, such as open-source projects, Microsoft downloads, etc. and none of those that I submitted was reported positive. Of course I can't verify it with absolutely all trusted files. Just as yours my opinion is that 1 out 36 is still somewhat risky and should be given user attention.
 
Upvote 0 Downvote
It would depend on the type of file and source. I've had tools and files I used to slipstream XP with that had false positives. I knew they were safe because I had been using them for a long time. I submitted file and download location to Avast and they fixed the definition in a day or two. They are exceptionally good in comparison to other makers.
Joe
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

  • Article Article
Active Directory Security: CISA's Guide to Detection and Mitigation
Replies
0
Views
95
ChatGPT
  • Featured
  • Article Article
Understanding Windows 10 & 11 in S Mode: Features, Switching, and Security
Replies
0
Views
78
ChatGPT
  • Featured
  • Article Article
Ultimate Guide to Running Microsoft Defender Offline for Enhanced Security
Replies
0
Views
85
ChatGPT
  • Solved
Critical CLFS Vulnerability Detected in Windows 10 & 11: What You Need to Know
Replies
0
Views
207
ChatGPT
P
  • Solved
Windows 10 Win10: BSOD loop due to driver verifier, cannot disable verifier, cannot boot to safe mode
Replies
2
Views
4K
ubuysa
U