How can I tell if a keylogger got added to my PC while I was in Beijing?

I was in Beijing, and I used my Windows PC there with a freeware firewall and freeware anti virus and freeware malware scanners.

Recently a friend said nearly all American travelers were to be warned by the State Department that their laptops, if left in the hotel, were almost certainly compromised.

How could I tell if a keylogger or other spyware was inserted onto my laptop by the Chinese?

Reply to
Donna Ohl
Loading thread data ...

You mean physically, by hands-on access to your machine?

BTW, how is you water heater doing?

Michael

Reply to
msg

Worse case scenario, you wont. There are programs inpervious to detection, you could always format and re-install your laptop if you are that worried about it. Next time be a little more aware of 'free' stuff ...... theres no such thing as free !

Reply to
Trespasser

Sniff the keyboard. If you can smell sweet & sour, you've been got at.

Reply to
Jon

You MUST get one of these without delay

formatting link

Reply to
Emil Tiades

Usually, depending on which ones you have, these are adequate safeguards. A couple of anti-spyware applications could also be added to round things out.

Physical access to the machine trumps all!

Scan for everything under the sun from a *clean* environment. Booting from a known clean boot cd should thwart *most* malware from interfering with the scanning.

Follow the advice of PA Bear as well. If I am not mistaken, the HijackThis program has to be run from the tainted environment in order to get at the registry data it needs to scan.

Reply to
FromTheRafters

I guess zeroes are good enough for stopping a process from accessing the data, by this leaves you open to forensic probes.

Reply to
FromTheRafters

There is nothing impervious to detection if you use the right tools and are willing to invest the time needed to find them. Personally, I would just do a secure wipe and practice better safeguards in the future.

Reply to
Rotten Ronny

Damn, that post belongs in another thread.

I wanted to post this here:

Reply to
FromTheRafters

I've heard these rumors before, too, and I'm not convinced they're true. I've traveled to China several times, it isn't the monolithic evil empire that bulletins like this would seem to indicate. Any laptop left anyplace unattended has risk; drive encryption like BitLocker is really the only way to mitigate such attacks (other than keeping the laptop with you at all times).

Reply to
Steve Riley [MSFT]

From: "Steve Riley [MSFT]"

| I've heard these rumors before, too, and I'm not convinced they're true. | I've traveled to China several times, it isn't the monolithic evil empire | that bulletins like this would seem to indicate. Any laptop left anyplace | unattended has risk; drive encryption like BitLocker is really the only way | to mitigate such attacks (other than keeping the laptop with you at all | times).

This is *not* a rumour!

A warning was issued about Blackberries as well.

You said "I'm not convinced they're true". Then you are naive.

You obviously have not read any Chinese threat assesments.

Reply to
David H. Lipman

"Steve Riley [MSFT]" wrote in news: snipped-for-privacy@microsoft.com:

Depending on where you go in China, if you leave a laptop behind, yes, someone might come along and install something and not take your laptop. Why would they do this? Having remote access is more valuable, let you decrypt the data for them. :)

If you suspect your computer has been compromised, I wouldn't even bother scanning it unless your a pro; and are willing and know how to go low level on your own. If you don't have the skills, secure wipe the drive, and reload the system from known clean backups. In the future, keep all important data safe and encrypted. Using a proprierty encryption system for the entire HD isn't a bad idea in this case. That way, no password, no access, no dropping/installing anything.

Reply to
Dustin Cook

To encrypt the hard disk is a very good security measure if the laptop is stolen, but it is useless to avoid a keylogger install.

To be able to install a keylogger, the user should be logged in with Administrator features, and I supposed that the user didn't leave the computer unattended *and* powered on *and* logged in, did you?

Thanks Juan I. Cahis Santiago de Chile (South America) Note: Please forgive me for my bad English, I am trying to improve it!

Reply to
Juan I. Cahis

If the hacker has physical access to the computer, all bets are off. He can boot from a CD or pendrive and install whatever the heck he likes on the laptop.

Reply to
Mark McIntyre

Unless you have set the BIOS password, which any respectable SysAdmin of any respectable business corporation doing international business should always have set.

Thanks Juan I. Cahis Santiago de Chile (South America) Note: Please forgive me for my bad English, I am trying to improve it!

Reply to
Juan I. Cahis

BIOS passwords are trivial to bypass. Any sys admin, respectable or not, who relies on those for security should be fired.

Reply to
Paul Adare

Mark McIntyre wrote in news:09jOk.252876 $ snipped-for-privacy@en-nntp-06.dc.easynews.com:

Not if the HD is entirely encrypted he can't. It would do him no good whatsoever to boot from cd, no data to read. No drive to load anything onto.

Reply to
Dustin Cook

"Kerry Brown" wrote in news: snipped-for-privacy@TK2MSFTNGP03.phx.gbl:

Indeed. :)

Reply to
Dustin Cook

From: "Dustin Cook"

| "Kerry Brown" wrote in | news: snipped-for-privacy@TK2MSFTNGP03.phx.gbl:

| Indeed. :)

All this has to what is called "Data at Rest" (DAR) and encryption techiniques to be compliant with DAR protection requirements.

Reply to
David H. Lipman

Like I said, physical access trumps all. How long do you think it would take to zap the cmos battery or remove the HDD, boot it in a spare laptop and then replace the (now infected) HDD?

Reply to
Mark McIntyre

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.