d2jsp
Log InRegister
d2jsp Forums > Off-Topic > Computers & IT > Programming & Development > Modern Keyloggers > Undetected From The Task Manager?
12Next
Add Reply New Topic New Poll
Member
Posts: 469
Joined: May 9 2011
Gold: 35.00
Jul 1 2013 06:52pm
So a few weeks ago, I was hacked on League of Legends, and over the weekend, I was hacked on Diablo 3. I believe there was a keylogger on my computer.
The only kinds of keyloggers I know how to make are simple ones that track keystrokes on my own computer, and I know one can make a keylogger that would send that info to their own computer, but wouldn't you see it in the task manager? Because I certainly didn't.
I'm really confused; I sent a ticket to Blizzard, and I'm formatting my computer.

I don't know if this is the right forum or not, so if it's not, can someone move my topic please? Sorry if it is in the wrong section. :/

TL;DR: Are key-log progams nowadays undetectable and will not show up in the running programs list on the task manager?

Also, is this related? http://msdn.microsoft.com/en-us/library/windows/desktop/ms644990 (I know nothing about that link, I'm still a beginner in programming, Turing and C++ to be specific.)
Member
Posts: 3,386
Joined: May 4 2013
Gold: 1,780.00
Jul 1 2013 07:08pm
Some keyloggers may use some rootkit techniques

for example, you have your task manager. What if keylogger modified it to not show processes named "iamkeylogger.exe" ? Simple example.

Yes, it's possible they hide, you would need a program designed specifically to look for rootkits, that usually scans memory for oddities that shouldn't be there. rkhunter for example
Member
Posts: 469
Joined: May 9 2011
Gold: 35.00
Jul 1 2013 07:20pm
That would explain it; that's so deadly...

Thanks for helping :)

There's this thing I've had in my mind for awhile now: can a virus modify my system restore files? Like when I format my computer, it'll still have the same virus? I just hope not, or I'm just wasting my time..
Member
Posts: 3,386
Joined: May 4 2013
Gold: 1,780.00
Jul 1 2013 07:26pm
It's possible, but doubt that any vivid D3/LoL player could do it ;)

also: look at your task manager how many "svchost.exe" you have... you could just name keylogger like that and it'll be there, hidden in plain sight ^^
Member
Posts: 469
Joined: May 9 2011
Gold: 35.00
Jul 1 2013 07:31pm
Quote (nuvo @ Jul 1 2013 09:26pm)
It's possible, but doubt that any vivid D3/LoL player could do it ;)

also: look at your task manager how many "svchost.exe" you have... you could just name keylogger like that and it'll be there, hidden in plain sight ^^


svchost.exe is a keylog process? Well, I guess that explains it because I remember seeing it a lot of times when I was looking at my task manager before formatting it >.>
Member
Posts: 10,812
Joined: Oct 15 2009
Gold: Locked
Warn: 20%
Jul 1 2013 08:43pm
Quote (crazyfoo456 @ Jul 1 2013 06:31pm)
svchost.exe is a keylog process? Well, I guess that explains it because I remember seeing it a lot of times when I was looking at my task manager before formatting it >.>


svhost.exe is the generic executable used to launch many services. So it's normal to have several copies running. Which also makes it a nice place to hide services...

This post was edited by Azrad on Jul 1 2013 08:51pm
Member
Posts: 13,425
Joined: Sep 29 2007
Gold: 0.00
Warn: 20%
Jul 1 2013 09:41pm
Quote (nuvo @ Jul 1 2013 09:26pm)
It's possible, but doubt that any vivid D3/LoL player could do it ;)

also: look at your task manager how many "svchost.exe" you have... you could just name keylogger like that and it'll be there, hidden in plain sight ^^


easier technique is to just export machine code to a variable and inject it into a code cave in another running process and then create a remote thread for that injected code.

shits been done since before posion ivy and shit

and is the default function for any "malware encrypter" that you can find on the internet.

why do you make this shit out to be so hard when quick google searches can yield this for kids. like really im starting to doubt you actually know anything about the scene, not saying that i did to begin with.

edit:: sorry about rage thought you were the other idiot from the "ddos" thread. shit still applies though.

edit2: malware can delete/remove system restore points. i am pretty sure it is possible to inject itself into a older restore point as well, i havent personally done it. i dont mess with creating windows malware much. much rather spend my time developing new ways to hide shellcode from IDS systems on linux.

This post was edited by AbDuCt on Jul 1 2013 09:45pm
Member
Posts: 469
Joined: May 9 2011
Gold: 35.00
Jul 1 2013 11:03pm
Quote (AbDuCt @ Jul 1 2013 11:41pm)
easier technique is to just export machine code to a variable and inject it into a code cave in another running process and then create a remote thread for that injected code.

shits been done since before posion ivy and shit

and is the default function for any "malware encrypter" that you can find on the internet.

why do you make this shit out to be so hard when quick google searches can yield this for kids. like really im starting to doubt you actually know anything about the scene, not saying that i did to begin with.

edit:: sorry about rage thought you were the other idiot from the "ddos" thread. shit still applies though.

edit2: malware can delete/remove system restore points. i am pretty sure it is possible to inject itself into a older restore point as well, i havent personally done it. i dont mess with creating windows malware much. much rather spend my time developing new ways to hide shellcode from IDS systems on linux.


Thanks. How about when I format my computer; can that restore option get infected too?
Sorry if I'm sounding really stupid <_<
Member
Posts: 13,425
Joined: Sep 29 2007
Gold: 0.00
Warn: 20%
Jul 2 2013 12:29am
Quote (crazyfoo456 @ Jul 2 2013 01:03am)
Thanks. How about when I format my computer; can that restore option get infected too?
Sorry if I'm sounding really stupid  <_<


what is your definition of format. are you doing a system restore or a actual reformat in which you wipe the drive and use your windows cd to reinstall. the second is the actual definition of reformat rather than the first.

the first might not get rid of the infection, depends on the malware.
Member
Posts: 3,386
Joined: May 4 2013
Gold: 1,780.00
Jul 2 2013 02:19am
Quote (AbDuCt @ Jul 1 2013 11:29pm)
what is your definition of format. are you doing a system restore or a actual reformat in which you wipe the drive and use your windows cd to reinstall. the second is the actual definition of reformat rather than the first.

the first might not get rid of the infection, depends on the malware.


windows nowadays comes without cd, but with hidden partition with installer, i don't know if every malware kit has the option to infect that so i didn't jump to conclusion :P

but if the malware was running as "system", mounted & modified that partition, PROFIT

This post was edited by nuvo on Jul 2 2013 02:23am
Go Back To Programming & Development Topic List
12Next
Add Reply New Topic New Poll