Harlan,
Why don't you try Adaware first and see for yourself? We have run tests
with keylogger detection and adaware detected 90% of them. Adaware does not
rely on whether a software uses a string for the "remove Programs" listing
but rather by unique file names, locations (most keyloggers install into
the %system root%) and by their unique cslid.
At 04:41 AM 3/22/2003 -0800, you wrote:
>Stephen,
>
>First off, AdAware likely won't detect what you've
>asked about.
>
>A keystroke logger may "hide" itself from the
>"Add/Remove Programs" listing, but they may not take
>many more steps to "hide" themselves beyond that.
>
>What you may want to do is this:
>
>1. Get listdlls.exe, pslist.exe, and handle.exe from
>SysInternals. If you want to run these remotely, get
>psexec.exe, too. Get fport.exe from FoundStone. See
>if you can get a copy of drivers.exe from the RK.
>
>2. Run the utilities against the system, enumerating
>the running processes, installed drivers, and
>port-to-process mappings.
>
>3. Parse through the output, looking for "unusual"
>listings. Another method would be to find one of
>those sites that lists trojans and whatnot, and see if
>they also list keyloggers. This isn't as
>comprehensive of an approach, but it might go a bit
>quicker.
>
>HTH,
>
>Harlan
>
>__________________________________________________
Received on Mon Mar 24 10:17:16 2003
This archive was generated by hypermail 2.1.8
: Wed Aug 23 2006 - 14:01:38 EDT
|
