Upvote Upvoted 2 Downvote Downvoted
Potential keylogger?
posted in Off Topic
1
#1
0 Frags +

I know this will probably come over as dumb and overly paranoid, but whatever, would appreciate some thoughts.

In my first year of computer science atm and usb's are passed around quite a lot during classes for large file transfers (such as ubuntu for a virtual machine when the internet was being extremely slow). One of those usb's belonged to some guy who (confirmed) has a history with keyloggers and all sorts of hacking shenagigans. My pc was system restored 2 weeks later - files were kept - because of PrintConsole.dll, among other files, being deleted by AVG from the system32 map. Could this have anything to do with it?

My current antivirus, a paid version of norton, isn't detecting anything but I'm not sure it really detects keyloggers. I know I'm being paranoid here but seeing as this is my worklaptop, better to be safe than sorry.

I know this will probably come over as dumb and overly paranoid, but whatever, would appreciate some thoughts.

In my first year of computer science atm and usb's are passed around quite a lot during classes for large file transfers (such as ubuntu for a virtual machine when the internet was being extremely slow). One of those usb's belonged to some guy who (confirmed) has a history with keyloggers and all sorts of hacking shenagigans. My pc was system restored 2 weeks later - files were kept - because of PrintConsole.dll, among other files, being deleted by AVG from the system32 map. Could this have anything to do with it?

My current antivirus, a paid version of norton, isn't detecting anything but I'm not sure it really detects keyloggers. I know I'm being paranoid here but seeing as this is my worklaptop, better to be safe than sorry.
2
#2
0 Frags +

There's a chance.

btw hi

There's a chance.

btw hi
3
#3
5 Frags +

If he wrote his own keylogger no antivirus in the world would be able to detect it. Reformat and be done with it.

If he wrote his own keylogger no antivirus in the world would be able to detect it. Reformat and be done with it.
4
#4
0 Frags +
wareyaThere's a chance.

btw hi

yo

MasterKuniIf he wrote his own keylogger no antivirus in the world would be able to detect it. Reformat and be done with it.

I don't think he did though, got it off some scriptkiddy website

Phantomyoformat > profit

I would if I could... Installing all the programms I need again + upgrade to windows 8.1 (for widows 8 phone app dev, no idea why the fuck 8.0 can't) takes a really long time, which I don't have with exams coming up. Isn't there anything specific I could look out for in the system files?

[quote=wareya]There's a chance.

btw hi[/quote]
yo
[quote=MasterKuni]If he wrote his own keylogger no antivirus in the world would be able to detect it. Reformat and be done with it.[/quote]
I don't think he did though, got it off some scriptkiddy website

[quote=Phantomyo]format > profit[/quote]
I would if I could... Installing all the programms I need again + upgrade to windows 8.1 (for widows 8 phone app dev, no idea why the fuck 8.0 can't) takes a really long time, which I don't have with exams coming up. Isn't there anything specific I could look out for in the system files?
5
#5
6 Frags +

There's very little chance you picked up something just by attaching the USB drive or copying a file to your laptop. However, if you ran an executable from the USB drive you didn't trust and allowed it admin privileges (don't disable UAC, kids) you opened the floodgates to everything bad.

Personally, I'd reformat for peace of mind. Most IT shops just run a full-scan of Malwarebytes and call it a day if you want to give it the "professional" treatment. Since you're a CS student you should be able to find weird looking processes running and track down where they get started in Windows pretty easily. You could also run a Wireshark or MS Network Monitor capture on any outgoing packets to see what's "phoning home" based on port or PID. If you plan to do any networking in your CS curriculum, some Wireshark experience will be useful anyway.

Any kid with a "history for keyloggers" should get punched in the mouth.

There's very little chance you picked up something just by attaching the USB drive or copying a file to your laptop. However, if you ran an executable from the USB drive you didn't trust and allowed it admin privileges (don't disable UAC, kids) you opened the floodgates to everything bad.

Personally, I'd reformat for peace of mind. Most IT shops just run a full-scan of Malwarebytes and call it a day if you want to give it the "professional" treatment. Since you're a CS student you should be able to find weird looking processes running and track down where they get started in Windows pretty easily. You could also run a Wireshark or MS Network Monitor capture on any outgoing packets to see what's "phoning home" based on port or PID. If you plan to do any networking in your CS curriculum, some Wireshark experience will be useful anyway.

Any kid with a "history for keyloggers" should get punched in the mouth.
6
#6
0 Frags +

I didn't execute anything (or even click anything on it), all I did iirc was copy the standard ubunto iso file from my pc unto his usb, when we couldn't all download it due to slow internet. Full on paranoid I know.

I don't see anything in task manager that looks suspicious. I've looked up the names of some I didn't know (Hkcmd and Igfxpers) bt it turns out they're just windows processes.

I didn't execute anything (or even click anything on it), all I did iirc was copy the standard ubunto iso file from my pc unto his usb, when we couldn't all download it due to slow internet. Full on paranoid I know.

I don't see anything in task manager that looks suspicious. I've looked up the names of some I didn't know (Hkcmd and Igfxpers) bt it turns out they're just windows processes.
7
#7
3 Frags +
SchweppesMasterKuniIf he wrote his own keylogger no antivirus in the world would be able to detect it. Reformat and be done with it.I don't think he did though, got it off some scriptkiddy website

If he got it off some website the vast majority of the time most anti-viruses would catch it, if it's one of those free ones you could probably track it down yourself delete 1-2 files and be done with it rofl.

SchweppesI didn't execute anything (or even click anything on it), all I did iirc was copy the standard ubunto iso file from my pc unto his usb, when we couldn't all download it due to slow internet. Full on paranoid I know.

I don't see anything in task manager that looks suspicious. I've looked up the names of some I didn't know (Hkcmd and Igfxpers) bt it turns out they're just windows processes.

If you didn't pull anything off your flash drive you're almost certainly fine. Their's very few keyloggers that do key logging via usb and almost all of them require the usb drive to still be attached.

-edit-
Hkcmd and igfxpers are both fine btw both of those are related to integrated intel graphics.

[quote=Schweppes]
[quote=MasterKuni]If he wrote his own keylogger no antivirus in the world would be able to detect it. Reformat and be done with it.[/quote]
I don't think he did though, got it off some scriptkiddy website
[/quote]

If he got it off some website the vast majority of the time most anti-viruses would catch it, if it's one of those free ones you could probably track it down yourself delete 1-2 files and be done with it rofl.

[quote=Schweppes]I didn't execute anything (or even click anything on it), all I did iirc was copy the standard ubunto iso file from my pc unto his usb, when we couldn't all download it due to slow internet. Full on paranoid I know.

I don't see anything in task manager that looks suspicious. I've looked up the names of some I didn't know (Hkcmd and Igfxpers) bt it turns out they're just windows processes.[/quote]

If you didn't pull anything off your flash drive you're almost certainly fine. Their's very few keyloggers that do key logging via usb and almost all of them require the usb drive to still be attached.

-edit-
Hkcmd and igfxpers are both fine btw both of those are related to integrated intel graphics.
8
#8
0 Frags +

I used to have norton too and when I had issues I downloaded the free trial of vipre antivirus and ran a scan, found several malicious things that norton didn't detect, worth a shot I think.

I used to have norton too and when I had issues I downloaded the free trial of vipre antivirus and ran a scan, found several malicious things that norton didn't detect, worth a shot I think.
9
#9
8 Frags +
MasterKuniIf he wrote his own keylogger no antivirus in the world would be able to detect it.

Ugh... Have you ever heard of behaviour-based detection?

[quote=MasterKuni]If he wrote his own keylogger no antivirus in the world would be able to detect it.[/quote]

Ugh... Have you ever heard of behaviour-based detection?
10
#10
0 Frags +

MBAM4life m8

MBAM4life m8
11
#11
4 Frags +

USB devices can technically install drivers without permission, which is a common attack vector in corporate espionage. Just drop some bugged USB sticks in a parking lot, bam, internal access.

USB devices can technically install drivers without permission, which is a common attack vector in corporate espionage. Just drop some bugged USB sticks in a parking lot, bam, internal access.
12
#12
4 Frags +
wareyaUSB devices can technically install drivers without permission, which is a common attack vector in corporate espionage. Just drop some bugged USB sticks in a parking lot, bam, internal access.

https://www.youtube.com/watch?v=nuruzFqMgIw

[quote=wareya]USB devices can technically install drivers without permission, which is a common attack vector in corporate espionage. Just drop some bugged USB sticks in a parking lot, bam, internal access.[/quote]

[youtube]https://www.youtube.com/watch?v=nuruzFqMgIw[/youtube]
Please sign in through STEAM to post a comment.