how we Know if any Keylogger run in our Computer

Shining White · 06-30-2011, 07:27 AM

i heard about some way with "run" or "CMD" that we can know if any key logger run in our computer.., can u tell me if u know that ???
or any other methods ??? :innocent:

Coder-san · 06-30-2011, 07:51 AM

I think what you are looking for is:

Code:
netstat -b

Description:

Quote:Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient
permissions.

You will get an output like this:

Code:
Active Connections

  Proto  Local Address          Foreign Address        State

  TCP    127.0.0.1:49160        PC:49161               ESTABLISHED

 [firefox.exe]

  TCP    127.0.0.1:49161        PC:49160               ESTABLISHED

 [firefox.exe]

  TCP    127.0.0.1:49162        PC:49163               ESTABLISHED

 [firefox.exe]

  TCP    127.0.0.1:49163        PC:49162               ESTABLISHED

 [firefox.exe]

  TCP    192.168.1.2:49165      67.221.174.64:https    ESTABLISHED

 [digsby-app.exe]

  TCP    192.168.1.2:49185      hx-in-f125:5222        ESTABLISHED

 [digsby-app.exe]

  TCP    192.168.1.2:49190      baymsg1030127:msnp     ESTABLISHED

 [digsby-app.exe]

  TCP    192.168.1.2:49192      jabber-01-01-snc2:5222  ESTABLISHED

 [digsby-app.exe]

  TCP    192.168.1.2:49287      download:http          CLOSE_WAIT

 [cmdagent.exe]

  TCP    192.168.1.2:49288      vip1:http              CLOSE_WAIT

 [cmdagent.exe]

  TCP    192.168.1.2:49341      by2msg4010804:msnp     ESTABLISHED

 [digsby-app.exe]

  TCP    192.168.1.2:49349      httpcs204:http         ESTABLISHED

 [digsby-app.exe]

Shining White · 06-30-2011, 08:01 AM

(06-30-2011, 07:51 AM)Coder-san Wrote: I think what you are looking for is:

Code:
netstat -b

Description:

Quote:Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient
permissions.

You will get an output like this:

Code:
Active Connections Proto Local Address Foreign Address State TCP 127.0.0.1:49160 PC:49161 ESTABLISHED [firefox.exe] TCP 127.0.0.1:49161 PC:49160 ESTABLISHED [firefox.exe] TCP 127.0.0.1:49162 PC:49163 ESTABLISHED [firefox.exe] TCP 127.0.0.1:49163 PC:49162 ESTABLISHED [firefox.exe] TCP 192.168.1.2:49165 67.221.174.64:https ESTABLISHED [digsby-app.exe] TCP 192.168.1.2:49185 hx-in-f125:5222 ESTABLISHED [digsby-app.exe] TCP 192.168.1.2:49190 baymsg1030127:msnp ESTABLISHED [digsby-app.exe] TCP 192.168.1.2:49192 jabber-01-01-snc2:5222 ESTABLISHED [digsby-app.exe] TCP 192.168.1.2:49287 download:http CLOSE_WAIT [cmdagent.exe] TCP 192.168.1.2:49288 vip1:http CLOSE_WAIT [cmdagent.exe] TCP 192.168.1.2:49341 by2msg4010804:msnp ESTABLISHED [digsby-app.exe] TCP 192.168.1.2:49349 httpcs204:http ESTABLISHED [digsby-app.exe]

thanks Admin Smile

think this is i searched about ,but if you can you explain me more ., how to check it ??
Edit - netstat -b is not workin for me why is that ?? :o but netstat -a is working ???

Coder-san · 06-30-2011, 08:08 AM

I'm not sure what can be the problem. Here is the full contents of netstat:

Quote:Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation. All rights reserved.

E:\Users\User>netstat /?

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-t] [interval]

-a Displays all connections and listening ports.
-b Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient
permissions.
-e Displays Ethernet statistics. This may be combined with the -s
option.
-f Displays Fully Qualified Domain Names (FQDN) for foreign
addresses.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each connection.
-p proto Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s
option to display per-protocol statistics, proto may be any of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
the -p option may be used to specify a subset of the default.
-t Displays the current connection offload state.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.

E:\Users\User>

Shining White · 06-30-2011, 08:20 AM

hmm.., i'm using Dongle right now, maybe problem is that.., Smile

thanks Coder-san

samir1990 · 07-01-2011, 06:53 AM

HI
IS ANY ONE KNOW THAT HOW TO SET KEEP ASKING PASSWORD IN OUTLOOK EXPRESS BY BATCH FILE.........

♠J0K3R♠ · 07-03-2011, 01:46 AM

(06-30-2011, 08:01 AM)Shining White Holmse Wrote:
(06-30-2011, 07:51 AM)Coder-san Wrote: I think what you are looking for is:

Code:
netstat -b

Description:

Quote:Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient
permissions.

You will get an output like this:

Code:
Active Connections Proto Local Address Foreign Address State TCP 127.0.0.1:49160 PC:49161 ESTABLISHED [firefox.exe] TCP 127.0.0.1:49161 PC:49160 ESTABLISHED [firefox.exe] TCP 127.0.0.1:49162 PC:49163 ESTABLISHED [firefox.exe] TCP 127.0.0.1:49163 PC:49162 ESTABLISHED [firefox.exe] TCP 192.168.1.2:49165 67.221.174.64:https ESTABLISHED [digsby-app.exe] TCP 192.168.1.2:49185 hx-in-f125:5222 ESTABLISHED [digsby-app.exe] TCP 192.168.1.2:49190 baymsg1030127:msnp ESTABLISHED [digsby-app.exe] TCP 192.168.1.2:49192 jabber-01-01-snc2:5222 ESTABLISHED [digsby-app.exe] TCP 192.168.1.2:49287 download:http CLOSE_WAIT [cmdagent.exe] TCP 192.168.1.2:49288 vip1:http CLOSE_WAIT [cmdagent.exe] TCP 192.168.1.2:49341 by2msg4010804:msnp ESTABLISHED [digsby-app.exe] TCP 192.168.1.2:49349 httpcs204:http ESTABLISHED [digsby-app.exe]

thanks Admin think this is i searched about ,but if you can you explain me more ., how to check it ??
Edit - netstat -b is not workin for me why is that ?? :o but netstat -a is working ???

You probably forgot to run cmd.exe as administrator.

Shining White · 07-03-2011, 07:55 PM

Yeah man....... <3 Thanks.. Ãƒâ€šÃ‚Â» Ãƒâ€šÃ‚Â¥ Ãƒâ€šÃ‚Â« Smile

Leture · 07-11-2011, 09:32 AM

The easiest way is to install antivirus in your compter, most of the antivirus will pick up keylogger software, however, if the keylogger is added to the ignore list, it's hard to find out it.

1337 · 07-14-2011, 11:43 AM

Try MBAM or SpyBot Destroy.