Technological help needed.
A family member installed a keyloggker in my PC.
Its installation process creates a folder C:\WINDOWS\system32\MPK.
I tried to uninstall it but it asked for a password.
Then I deleted all the contents of the folder MPK .
Then I downloaded micro keylogger setup and installed it.
When I opened it , it asked for the password, not the new, but the old one set by that family member.
Now I think all my activities are monitored by this keylogger.
And i wish to completely uninstall it,
I dont know what to do ?
Kindly help.
Its installation process creates a folder C:\WINDOWS\system32\MPK.
I tried to uninstall it but it asked for a password.
Then I deleted all the contents of the folder MPK .
Then I downloaded micro keylogger setup and installed it.
When I opened it , it asked for the password, not the new, but the old one set by that family member.
Now I think all my activities are monitored by this keylogger.
And i wish to completely uninstall it,
I dont know what to do ?
Kindly help.
Reinstalling Windows is a fairly safe bet. However, do you have any idea why said family member installed that keylogger?
-Albatross
-Albatross
I don't know if the free KVRT will detect and remove your keylogger, but it's a better approach than trying to manually delete its files.
http://www.kaspersky.com/virusscanner
Since you have administrative rights (you wrote that you deleted a folder in system32),
you can use Start -> Run -> services.msc and look for anything suspicious.
If you're running Professional or above, msconfig could also be of use?
The best thing to do would be reinstalling Windows, setting an Administrator password and then to annihilate what threatens to destroy you.
http://www.kaspersky.com/virusscanner
Since you have administrative rights (you wrote that you deleted a folder in system32),
you can use Start -> Run -> services.msc and look for anything suspicious.
If you're running Professional or above, msconfig could also be of use?
The best thing to do would be reinstalling Windows, setting an Administrator password and then to annihilate what threatens to destroy you.
Write a program that takes encrypted text (Of which you have memorized the cypher) and outputs the text in standard ascii.
Run this program for all situations where you may or may not be typing something that you would have to plead the 5th (US constitution amendment). COpy the output, paste the output. PROFIT
Run this program for all situations where you may or may not be typing something that you would have to plead the 5th (US constitution amendment). COpy the output, paste the output. PROFIT
If the person who installed the software is a sibling and not a parent then I find that the fastest and most effective way to crack a password is the "Rubber-hose" technique >:D : http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis
Keyloggers are pretty limited in their options for installation. The good news is that the entry points and attack vectors are pretty well known so many Anti-virus applications will remove them although it may require an off-line scan if the logger uses some of the more advanced techniques. You are correct that deleting this file under system32 will NOT remove the infection and it is highley probable that your activity is still being monitored.
Keyloggers are pretty limited in their options for installation. The good news is that the entry points and attack vectors are pretty well known so many Anti-virus applications will remove them although it may require an off-line scan if the logger uses some of the more advanced techniques. You are correct that deleting this file under system32 will NOT remove the infection and it is highley probable that your activity is still being monitored.
You could try Malwarebytes Anti-Malware, there is a free version and it often seems to detect things that other AV programs don't.
closed account (DSLq5Di1)
Googley senses tingling.. identical thread from 2009 -> http://www.raymond.cc/forum/software/10894-refog-keylogger-uninstall.html
.. and many more results I won't bother to post, this smells like advertising.
.. and many more results I won't bother to post, this smells like advertising.
I couldn't find the keylogger on my computer, however, I caught my mom watching the logs on her own computer last night, and I know which kind of spy software it is, http://www.microkeylogger.com. Then I tried to remove it from my computer, but it asked the password to delete it. My god, my mom will not tell me the password of course.
I actually have a solution for this.
Presumably she'd need the password to access the keylogger's log, so use that to your advantage. Install your own keylogger, wait a week or two, check it for the password to HER keylogger, and then access her's and proceed as desired.
For setting your keylogger's password I would recommend creating a txt file on another computer containing all the valid characters for a password in the keylogger program, and then copying and pasting them in order of your desired password to the input box for the password creation, that way she won't be able to find the password you made in her log.
My dad did the same thing to me when I was about 13, this is more or less the same solution I used then
Presumably she'd need the password to access the keylogger's log, so use that to your advantage. Install your own keylogger, wait a week or two, check it for the password to HER keylogger, and then access her's and proceed as desired.
For setting your keylogger's password I would recommend creating a txt file on another computer containing all the valid characters for a password in the keylogger program, and then copying and pasting them in order of your desired password to the input box for the password creation, that way she won't be able to find the password you made in her log.
My dad did the same thing to me when I was about 13, this is more or less the same solution I used then
Just tell her that you know she has a keylogger, talk about the reasons, and talk about it. If she's sane (she's not if she's logging your keys) she'll probably tell you what she's worried about. Sneaking around never helps anything.
Or you could just boot a different OS and delete the executable, bypassing any kind of protection. It can probably also be done from maintenance mode (F8 at boot, after passing POST).
I like xander337's method, though helios' way works too. I just like the deviousness :)
This software claims to be "invisible", I know that it's just advertising and they are not concerned about being accurate but let's assume for a second that this is as close to being true as we can resonably expect, let's also assume that a responsible company would not try to hook their clients IAT, SSDT or any of those neat little tricks.
Without hooking anything a process and its start up entry* are plainly visible so we can rule those out. A service would not need a startup entry but would still be plainley visible to any user who cares to look. This along with the function of the software suggests that it is loaded as a device driver. Although to many of us this does not qualify as invisible they could have patched over the existing keyboard driver there by making it harder to notice(Aren't default drivers a wonderful thing? Such predictable behavior). Reinstall this driver from your system disk and that should break the whole thing. That reporting component is probably running as a service with a bunch of obnoxious persistence conditions so you may have to boot into safe mode to remove this part of it. Of course this is only if you, for some reason, have to or want to remove this by hand, otherwise the AV suggestions that other people brought up earlier are better.
*: Exempting the 255+ rule in WinXP in regards to the startup entry.
Without hooking anything a process and its start up entry* are plainly visible so we can rule those out. A service would not need a startup entry but would still be plainley visible to any user who cares to look. This along with the function of the software suggests that it is loaded as a device driver. Although to many of us this does not qualify as invisible they could have patched over the existing keyboard driver there by making it harder to notice(Aren't default drivers a wonderful thing? Such predictable behavior). Reinstall this driver from your system disk and that should break the whole thing. That reporting component is probably running as a service with a bunch of obnoxious persistence conditions so you may have to boot into safe mode to remove this part of it. Of course this is only if you, for some reason, have to or want to remove this by hand, otherwise the AV suggestions that other people brought up earlier are better.
*: Exempting the 255+ rule in WinXP in regards to the startup entry.
sloppy9 called this one:
| sloppy9 wrote: |
|---|
| this smells like advertising |
| dorthy wrote: |
|---|
| I couldn't find the keylogger on my computer, however, I caught my mom watching the logs on her own computer last night, and I know which kind of spy software it is, http://www.microkeylogger.com. |
No problem. I do feel obligated to strongly suggest you do your best to talk to your mother about having the keylogger removed before doing it your self covertly.
Topic archived. No new replies allowed.