+I ran the scan at TrendMicroHouse and just like I thought I have a keylogger on my computer. I realize I could just remove it and be done with it but this particular relative has been dogging me all my life when I have been mostly nothing but good to them. So now this thing is serious. I want proof where this is going and any way I can link it to the person. How would you go about it?

What angles can I attack it from?

Ironically, I got this far by a hunch. So I followed my hunch and joined an online dating site. This relative has a history of loving to fuck with my romances so this was the perfect lure for baiting them. This time I gave them the easy opening, I put inaccurate information on the profile I started. I mentioned none of this to anyone. So when my first romantic interest and I were IMing each other after long enough one day she brings up, totally out of the blue, this inaccurate piece of information and questions me on it. How could she know unless some one told her, some one who has a keylogger on my computer? Also keep in mind the girl I am IMing has never seen a picture of me, never had an email address on me, did not know my job, and never knew anything more than my very common first name. We had not met at that point. I never gave her my phone number and any time I called her I called from different payphones.

Does anyone know where I can download this keylogger from? What company makes it?

SPYWARE_KEYL_PERFECTKEYLOGGER



Overview Solution Technical Details Statistics





QUICK LINKS Printer Friendly Page



--------------------------------------------------------------------------------

Type: Spyware

In the wild: No

Destructive: No

Language: English

Systems affected: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No
Overall risk rating:
Low

--------------------------------------------------------------------------------

Reported detections:
Low
System impact:
High
Information exposure:
High


--------------------------------------------------------------------------------




Description:


This spyware provides a user the option for a Regular Install or Stealth Install. In Stealth Install, it does not create shortcut icons, help files, and uninstaller application on a system.

An evaluation version is freely downloadable from the Internet and can be upgraded to the full version via purchase of a license.

This spyware, together with several other files, is installed by default in the BPK folder located in the Program Files folder. Moreover, it drops files in the current user's Temporary folder found in the Local Settings folder.

It creates a certain registry entry to ensure its automatic execution at every Windows startup. It registers itself as a Browser Helper Object (BHO) by creating particular registry keys. As a BHO, this spyware is able to automatically execute every time the Internet Explorer browser is launched.

This spyware has several capabilities, such as capture screen information on every mouse click, log text strings typed in every application, perform keyword detection and notification, and perform remote installation, update, or uninstallation without the user’s consent.

It has an email function, where the user can set the sending of the logged information to a specified email address.

What I am thinking here is maybe if I can find the software I can download it myself and fool around with it. Figure out how to access the text inside where it might store the email address using something like Notepad or whatever.

I would also like to be dead sure of who is using it because my credit card information has been compromised since I have made purchases of CDs over the net and on amazon.

Anyone else know anyone who has had this happen? The stats at trendmicrohouse say 450 computer keyloggers detected this year and we are only about half way through it. Has anyone you known gotten the authorities involved and were they of any use?

Otherwise I would just like to get proof and maybe take them to small claims court, it's proof they are stalking me and my habits and that alone should be enough to get a restraining order without costing me an arm and leg. Right now that would be a start. Not because I think I need it or that it in and of itself would do any good beyond the sheer intimidation factor of letting the person know that I now have control and the hunter has become the hunted. This is the seed of doubt that will terrorify them from the inside out.
Thank You.

Wow......

Dude, just call the police anonymously and ask...I don't know jack about key-loggers, but the folks in General Mayhem (http://www.hardforum.com/announcement.php?f=16&a=50) seem too, you might want to get a subscription and start a thread there, as that is really where this type of thread belongs (I think...)

Good luck man..

Before you go any further, you should look into getting some drive imaging software so you can make a perfect (no pun intended) bit-for-bit backup of that entire system drive and possibly all the other partitions as well for possible legal ramifications and activity. If you wipe the machine as I'm about to suggest, all that evidence will be lost pretty much forever. You need make a backup, a total complete bit-for-bit backup using some software like Acronis True Image, or Norton Ghost, it really doesn't matter as long as you get the job done.

Having said that, and once you have a complete bit-for-bit image of the entire system drive or all the drives in the machine (I know it's complicated and time consuming, even costly, but you've apparently had someone doing something illegal and this is just the first step), the rest follows.

From the Perfect Keylogger online help file located here (http://www.blazingtools.com/help/bpk/):

"Do you want to know what your buddy or colleague is typing? Or perhaps you just want to control your family members? With Perfect Keylogger you can do so in 2 minutes!

Also it can be used for special purposes."

Dare I ask waht "special purposes" might be, geezus. This is dangerous stuff, and even hinting at "control your family members" is crossing so many lines it's not even funny.

My suggestion, and I mean this with all seriousness:

Wipe the machine, right now, like, right this fuckin' minute after reading this post. Back up whatever data you can that you're confident is safe, and wipe that fuckin' machine clean. On the reinstall, get some AV software installed pronto, make sure the firewall is enabled in Windows - if you have a hardware one also in a router that'll help out considerably also. Put a long complicated password on both the Admin account and your user account, don't let anyone touch that machine, ever, unless you're sitting there every freakin' second.

It only takes a few seconds to stick in a USB drive that can be configured to automagically install such software again using AutoPlay and one click of the mouse, so don't even think about leaving anyone alone with that machine except you.

If you can't do all that, at least not now, then it should be pretty damned high on the priority list. I looked over the Perfect Keylogger removal instructions here (http://www.2-spyware.com/remove-perfect-keylogger.html) and they seem legit to me, so they might be able to get rid of it for you.

But that machine is tainted, and that installation is also. I wouldn't trust it myself any further than I could throw it, so again, a reinstallation of everything from scratch is highly recommended, ASAP.

Hope this helps... and also consider the legal ramifications of all this as well. Just don't wipe that machine until you get that bit-for-bit image copy of it, then you can do the necessary reinstall if you take that path.

I really really appreciate that, bbz ghost, and I know you don't understand this but while this is serious at the same time there are several things in my favor. First I pretty well know who it is and who else knows. Secondly, said person or persons have been at this harassment for such a long time that this is hardly even a bump in the road to me. I will deal with it, but probably not in the way you expect because I have spent the last few months studying the psychology behind this person(s) and their psychological disorders and as such I have a pretty good idea what triggers them and what is going on here. Thirdly, the reason said persons never used my credit card information is because they know I know where they live. They also know I was already an extremely good shot before I received further training from a lifetime military member who was a qualified rangemaster. Because he is a qualified rangemaster we privately bought the very same shooting range the police use for just one night and I was trained with the M1911 pistol, a round favored by sharpshooters and federal officers alike because it has enough force to take down even the most psychotic, methed up, coked up, wet-smoking crazies out there and stop them cold in their tracks. You don't have to hit something vital, you just have to hit and the shockwave sent through the body is so strong even a peripheral hit can immediately stop the heart.

I appreciate the link. I will have to read some more. They know I made these posts because today, for this coincidental reason, my peoplepc internet security pack picked up a keylogger. Imagine that! It is surely a strawman, a double or triple install. A pull back manuever.

I ran another scan, spybegone, I think it was. That name, blazing tools, came up. So you know exactly who made this keylogger.
So what I am curious about is this stuff:
Advanced keyword detection and notification
Clipboard logging
Sending log and screenshots by e-mail in the hidden mode
Stealth uploading logs by FTP

How do I find what email address this goes to?
Ditto for the FTP,

If I disable the FTP in my browser will this temporarily put me in control? If not, how do I accomplish being able to turn this on/off at my control?

Thanks!

The persons doing this are sociopaths and more than anything what will benefit the world, and probably me in the long run, is simply positive proof exposing this behavior whether or not it ever goes to any law enforcement agency. That will show them for what they are and discredit them in others eyes which means everything to them. Sociopaths value being in good standing with others.

Remember BTK? Bind Torture Kill? Another sociopath who happened to be a low level law enforcement officer (media did not mention that enough!) as well as a person who was trusted to installed security systems into homes and most interestingly he was on his church member council board. My two sociopaths are in good standing positions in their church as well.

People like this seek power to abuse it. It must be some kind of sick rush. For a lot of them they get pleasure in their mind greater than that of sex and that means something within their cranium is seriously miswired. Most that reach this level are beyond treatment. Doing these things to other is partially a rush and partially a cry for help, part of them always wishes they are caught so they can try to be like regular people.

I think based on that last post I'm going to step away from this one. If you've been 'studying' someone for months down to creating your own pysche profile/dossier on them, that borders on obsessive behavior (my opinion) and then the totally tangential concept of guns and weapons and shooting people, ugh. Too weird for me at this point...

Good luck with the hopefully legal and non-violent resolution. :eek:

It did not happen like that, and no, I am not the sicko here. I described some things on another forum and some people pointed me towards some stuff to read. I read and as I was reading, low and behold, I realized this is all quite possible. Too many things from the past fit too well. I was reading the acronym CORRUPT and realized too much of it fit too well, but until you have it all right there in front of your face like that as the officially recognized DSM mneumonic of Sociopathic Behavior you never think of it.

Realize, too, it is hard to condense this so that others understand. For that matter it is hard for me to face, that I was raised with a sociopath. It's not something that I am anxious to admit in casual conversation.

You never realize bad things about your family because you are too close to them. That doesn't make me bad, too. You interact with other human beings based on a certain amount of faith in how they act when you are not around. Even when it is grossly broken, because this person is family, you want to give them the benefit of the doubt because it is what you have always done. You need solid proof.

I seriously wish you would reconsider helping. This is the kind of help I need. I am not asking about trying to get into their system. I am not doing anything aggressive other than collecting information in order to go to law enforcement with something more than a likely laughable "My system has a keylogger on it and I think it is..." because I don't think that is going to get any lazy cop off his butt and yield any results.

Of course it sounds weird, but some types of people only respect that and if they know everything I say here and I reiterate some of my skills, such as target shooting, it will only benefit us both in its end effect. Surely you are a smart enough fellow to realize that some parts of what I am saying are more to the one with the keylogger than anyone here. Sociopaths respect force. Clear lines MUST be drawn with sociopaths, wikipedia has a clear definition. I am not making the rules here, I am only going by what professionals have said.

At this point all I want is a way to prove where that keylogger is sending data. That is all I am asking for help with. Weirdness should not sway your moral compass of what is right and what is wrong. My mere circumstances should prove to you I am on the morally right side of this issue. Thanks

Whoa whoa whoa, DON'T WIPE THE DRIVE. The files are likely hidden in your system folders. I've taken these programs apart and know exactly how they work. Hell I've used one for quite awhile on my gf's computer to make sure she's being honest.

Do this for me:

Go to start -> run type msconfig and hit enter. Go to the startup tab and write down all the programs with a check mark next to them. Chances are, the keylogger is there. The program can be named anything your stocker wants it to be.

Next, go to start -> run and type cmd and hit enter. type in netstat -n and hit enter. Copy and paste everything into wordpad. To copy in cmd prompt, just go to the top left corner of the prompt to bring down the dropdown menu, go to edit and click select all. Then hit enter and it acts the same as ctrl+c. Paste that all into wordpad. That will give you all of the IP addresses of everything that is connecting to your computer (it's best that you exit out of iexplorer/firefox when you do it.) The person behind the keylogger has to connect to your computer in order to get the logs.

On a sidenote, what is your relationship to the person you believe is behind it?

Surely you are a smart enough fellow to realize that some parts of what I am saying are more to the one with the keylogger than anyone here. Sociopaths respect force. Clear lines MUST be drawn with sociopaths, wikipedia has a clear definition. I am not making the rules here, I am only going by what professionals have said.

Seriously, you're out-of-line by bringing this shit here. If you want help with the keylogger, just ask. We don't need to hear your one-sided psycho-babble. It sounds like you've done just as much lame "investigation" as the person in question here. For you to even jump to the conclusion that you need to use lethal force on this person is ridiculous and unnecessary.


At this point all I want is a way to prove where that keylogger is sending data. That is all I am asking for help with. Weirdness should not sway your moral compass of what is right and what is wrong. My mere circumstances should prove to you I am on the morally right side of this issue. Thanks

If you want to learn how it works, install it yourself and toy with it. In your description of it, you might have noticed it has a free trial. Try it, learn it, and move on with it. And stop writing to us about your way-too-personal endeavor.

I found two suspicious things via the netstat command. One is 209.179.166.66 at port 80... how do I find out where this address goes or use it?

How can I temporarily disable that? Turn it on and off at will?

A VAIO music server boots up on start up that seems suspicious. I don't have anything like that set to start at bootup and in general do not mess with music on my computer much.

The person is a sibling.

google whois and type in ip. ITs earthlink by the way.

If you already know who it is- why on earth do you keep seeking this crap out? I just don't understand it.

For the technical side of things I have a few comments:
Clone your drive as bzz_ghost suggested. If they do freak out at some point if you start "closing in" or whatever, they'll most likely abandon ship and try to erase all proof.
You would have a clone (maybe burnable to a DVD) of your drive that you can ship off to the police.

And port 80, is just HTTP. Webpages. I don't see a darned thing wrong with it.
You mentioned FTP at some point: That uses port 23.
Most likely this keylogger is using a port you don't know about (not a well-known one). Check the program's website to see what it uses to talk back home. Just call the keylogging company to see if they can help you track it back to the IP address it is using. At that point in time you find the IP address, write it down. Write the date and time down. Nothing more to do than package up all your information and send it into the police.
They have way more power than you do working with ISPs: They can find out the physical street address of that IP address.
The cloned disk is 100% proof of the keylogger.

If you don't want to go to the police, all I have to say is you won't find much help around here.