Keylogger question

[Tymon]

searched for this earlier, couldn't find the original thread. must have fell off.

anyway, this morning when I turned on my pc I realized that my PoL pass wasn't saved anymore. this set off some red flags as I know it was related to some of the keyloggers earlier on, so I got on ps2 and changed my pass.

my first thought was that last night, I did a lot of registry edits installing some drivers for a capture card. it could have messed up a string or two in all of that ruckus and cause it to go unsaved. the chances of that are small, though, so it's still unexplained


long story short I'm not gonna type in that pass til I'm pretty damn sure nothing is on my pc.

I use kaspersky anti virus and zone alarm firewall / spyware

I knew about that rsbo.exe stuff a while ago and searched for that, found nothing, so it isn't that. is there any new keyloggers that I haven't kept up with?

[Cephius]

Could just be something quirky, if you've run full scans on your computer I'd say you have nothing to worry about. If you're that paranoid, make a text file on another computer with your password, put it on a USB stick, bring to your main PC and copy and paste your new password and save it. Even if your keystrokes are being recorded it can't pick up what was pasted.

[Gere]

Most keyloggers can read what you've copy+pasted.

[Changz]

That's happened to me before after some POL updates. I freaked out the first time it happened also like a year ago, but I still have my character.

[Raelz]

I've had this happen a few times, and I've yet to get my account stolen. Sometimes I find that it was an accidental keystroke, or series of them, whereby I erased the saved password, or I unchecked something, or borked a registry key, etc.

That being said, there are any number of reasons why this could happen, but I'd err on the side of caution.

Ultimately, if you think you have a keylogger, it's best to obtain a copy of ProcessXP from winternals or some more verbose process/service monitoring application like Autoruns from MS, and a copy of TCPView or some more verbose network monitoring tool, like Port Explorer. You should then dig through the running processes on your machine and try to discern if any of them are suspicious. Use TCPView to see if there are any strange waiting or established connections being made to foreign addresses. This will usually yield good results, although sometimes keyloggers are fairly stealthy.

Zone Alarm is a fairly good firewall, and should pick up any application connecting out or in, that is not part of it's ruleset. If you want to really dig through Zonealarm's logs, there used to be a tool called VisualZone that was very good for that purpose. Alternatively, running a combination of Zonealarm and TeaTimer(a addon of Spybot S&D,) can provide you with ultra mega OCD-like security. It may drive you nuts, answering all the prompts regarding registry changes and network connection permissions, but it may just save your ass as well.

If it seems clean, and you can't find any issues, and the firewall hasn't picked anything up, and there are no shady processes or services running, and there are no unexplainable network connections, it is probably safe to assume you're clean. That's about all you can do, or hope for.

[Spekkio]

wasn't it demonstrated that changing computer hardware caused the saved password to be reset? i seem to remember something about your current configuration being compared with what's stored with the password before it will allow the stored password data to be reused. someone was commenting on how if they flipped on or off the wireless card in their laptop it affected their stored passwords iirc.

[Tymon]

wasn't it demonstrated that changing computer hardware caused the saved password to be reset? i seem to remember something about your current configuration being compared with what's stored with the password before it will allow the stored password data to be reused. someone was commenting on how if they flipped on or off the wireless card in their laptop it affected their stored passwords iirc.

Well, that would satisfy me, I added new hardware last night.

[Suiram]

wasn't it demonstrated that changing computer hardware caused the saved password to be reset? i seem to remember something about your current configuration being compared with what's stored with the password before it will allow the stored password data to be reused. someone was commenting on how if they flipped on or off the wireless card in their laptop it affected their stored passwords iirc.

Yeah this was me. I use the ethernet card on my laptop when I'm at home, and when I visit my parents a couple times a year I'll use wireless. At first I would disable the ethernet card and enable the wireless card and it would unsave my password when I did, and then when I came home and enabled my ethernet card and disabled wireless it would unsave it again. Now I don't disable the ethernet card ever and just enable/disable the wireless card when I need it, and my password stays saved. Something about how your saved data is tied to the MAC address of your card, someone was saying.