|
|
#1
10-27-08, 04:59 AM
|
|
|
|
|
I was in Beijing, and I used my Windows PC there with a freeware firewall
and freeware anti virus and freeware malware scanners. Recently a friend said nearly all American travelers were to be warned by the State Department that their laptops, if left in the hotel, were almost certainly compromised. How could I tell if a keylogger or other spyware was inserted onto my laptop by the Chinese? |
|
|
|
#2
10-27-08, 07:53 AM
|
|
|
|
|
Donna Ohl wrote:
> I was in Beijing, and I used my Windows PC there with a freeware firewall > and freeware anti virus and freeware malware scanners. > > Recently a friend said nearly all American travelers were to be warned by > the State Department that their laptops, if left in the hotel, were almost > certainly compromised. > > How could I tell if a keylogger or other spyware was inserted onto my > laptop by the Chinese? You mean physically, by hands-on access to your machine? BTW, how is you water heater doing? Michael |
|
#3
10-27-08, 08:06 AM
|
|
|
|
|
"Donna Ohl" <donna.ohl> wrote in message
news:2757 >I was in Beijing, and I used my Windows PC there with a freeware firewall > and freeware anti virus and freeware malware scanners. > > Recently a friend said nearly all American travelers were to be warned by > the State Department that their laptops, if left in the hotel, were almost > certainly compromised. > > How could I tell if a keylogger or other spyware was inserted onto my > laptop by the Chinese? > Worse case scenario, you wont. There are programs inpervious to detection, you could always format and re-install your laptop if you are that worried about it. Next time be a little more aware of 'free' stuff ...... theres no such thing as free ! |
|
#4
10-27-08, 12:25 PM
|
|
|
|
|
Donna Ohl wrote...
> I was in Beijing, and I used my Windows PC there with a freeware firewall > and freeware anti virus and freeware malware scanners. > > Recently a friend said nearly all American travelers were to be warned by > the State Department that their laptops, if left in the hotel, were almost > certainly compromised. > > How could I tell if a keylogger or other spyware was inserted onto my > laptop by the Chinese? > Sniff the keyboard. If you can smell sweet & sour, you've been got at. |
|
#5
10-27-08, 03:41 PM
|
|
|
|
|
On Sun, 26 Oct 2008 21:59:26 -0700, Donna Ohl
<donna.ohl> wrote: >I was in Beijing, and I used my Windows PC there with a freeware firewall >and freeware anti virus and freeware malware scanners. > >Recently a friend said nearly all American travelers were to be warned by >the State Department that their laptops, if left in the hotel, were almost >certainly compromised. > >How could I tell if a keylogger or other spyware was inserted onto my >laptop by the Chinese? You MUST get one of these without delay http://zapatopi.net/afdb/ |
|
#6
10-27-08, 04:25 PM
|
|
|
|
|
Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum. Checking for/Help with Hijackware [url down] [url down] http://aumha.net/viewtopic.php?t=5878 [url down] http://mvps.org/winhelp2002/unwanted.htm [url down] [url down] http://windowsxp.mvps.org/Malware_Defence.htm http://defendingyourmachine2.blogspot.com/ http://www.elephantboycomputers.com/...moving_Malware When all else fails, HijackThis v2.0.2 (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in conjunction with some other utilities). HijackThis will NOT fix anything on its own, but it will help you to both identify and remove any hijackware/spyware with assistance from an expert. **Post your log to [url down], [url down], [url down], or another appropriate forum for review by an expert in such matters, not here.** |
|
#7
10-27-08, 08:39 PM
|
|
|
|
|
From: "PA Bear [MS MVP]" <PABearMVP>
| Run a /thorough/ check for hijackware, including posting your hijackthis log | to an appropriate forum. | Checking for/Help with Hijackware | [url down] | [url down] | http://aumha.net/viewtopic.php?t=5878 | [url down] | http://mvps.org/winhelp2002/unwanted.htm | [url down] | [url down] | http://windowsxp.mvps.org/Malware_Defence.htm | http://defendingyourmachine2.blogspot.com/ | http://www.elephantboycomputers.com/...moving_Malware | When all else fails, HijackThis v2.0.2 | (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in | conjunction with some other utilities). HijackThis will NOT fix anything on | its own, but it will help you to both identify and remove any | hijackware/spyware with assistance from an expert. **Post your log to | [url down], | [url down], | [url down], or another appropriate forum for review | by an expert in such matters, not here.** | -- | ~Robear Dyer (PA Bear) | MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 | AumHa VSOP & Admin http://aumha.net | DTS-L http://dts-l.net/ I agree emphatically with this. |
|
#8
10-28-08, 12:09 AM
|
|
|
|
|
"Donna Ohl" <donna.ohl> wrote in message
news:2757 >I was in Beijing, and I used my Windows PC there with a freeware firewall > and freeware anti virus and freeware malware scanners. Usually, depending on which ones you have, these are adequate safeguards. A couple of anti-spyware applications could also be added to round things out. > Recently a friend said nearly all American travelers were to be warned by > the State Department that their laptops, if left in the hotel, were almost > certainly compromised. Physical access to the machine trumps all! > How could I tell if a keylogger or other spyware was inserted onto my > laptop by the Chinese? Scan for everything under the sun from a *clean* environment. Booting from a known clean boot cd should thwart *most* malware from interfering with the scanning. Follow the advice of PA Bear as well. If I am not mistaken, the HijackThis program has to be run from the tainted environment in order to get at the registry data it needs to scan. |
|
#9
10-28-08, 12:26 AM
|
|
|
|
|
I guess zeroes are good enough for stopping a process from
accessing the data, by this leaves you open to forensic probes. "FromTheRafters" <erratic> wrote in message news:1396 [..] |
|
#10
10-28-08, 09:00 PM
|
|
|
|
|
"Trespasser" <andie_online> wrote in message
news:nz2d > Worse case scenario, you wont. There are programs inpervious to > detection, you could always format and re-install your laptop if you are > that worried about it. Next time be a little more aware of 'free' stuff > ...... theres no such thing as free ! > There is nothing impervious to detection if you use the right tools and are willing to invest the time needed to find them. Personally, I would just do a secure wipe and practice better safeguards in the future. |
|
#11
10-28-08, 10:24 PM
|
|
|
|
|
Damn, that post belongs in another thread.
I wanted to post this here: [url down] "FromTheRafters" <erratic> wrote in message news:2100 [..] |
|
#12
10-29-08, 03:08 AM
|
|
|
|
|
I've heard these rumors before, too, and I'm not convinced they're true.
I've traveled to China several times, it isn't the monolithic evil empire that bulletins like this would seem to indicate. Any laptop left anyplace unattended has risk; drive encryption like BitLocker is really the only way to mitigate such attacks (other than keeping the laptop with you at all times). |
|
#13
10-29-08, 10:28 AM
|
|
|
|
|
From: "Steve Riley [MSFT]" <steve.riley>
| I've heard these rumors before, too, and I'm not convinced they're true. | I've traveled to China several times, it isn't the monolithic evil empire | that bulletins like this would seem to indicate. Any laptop left anyplace | unattended has risk; drive encryption like BitLocker is really the only way | to mitigate such attacks (other than keeping the laptop with you at all | times). This is *not* a rumour! A warning was issued about Blackberries as well. You said "I'm not convinced they're true". Then you are naive. You obviously have not read any Chinese threat assesments. |
|
#14
10-29-08, 07:31 PM
|
|
|
|
|
"Steve Riley [MSFT]" <steve.riley> wrote in
news:E3C4B9CE-9821-4AB1-A7B4-F523991E1416: > I've heard these rumors before, too, and I'm not convinced they're > true. I've traveled to China several times, it isn't the monolithic > evil empire that bulletins like this would seem to indicate. Any > laptop left anyplace unattended has risk; drive encryption like > BitLocker is really the only way to mitigate such attacks (other than > keeping the laptop with you at all times). > Depending on where you go in China, if you leave a laptop behind, yes, someone might come along and install something and not take your laptop. Why would they do this? Having remote access is more valuable, let you decrypt the data for them. :) If you suspect your computer has been compromised, I wouldn't even bother scanning it unless your a pro; and are willing and know how to go low level on your own. If you don't have the skills, secure wipe the drive, and reload the system from known clean backups. In the future, keep all important data safe and encrypted. Using a proprierty encryption system for the entire HD isn't a bad idea in this case. That way, no password, no access, no dropping/installing anything. |
|
#15
10-30-08, 01:52 PM
|
|
|
|
|
Dear Dustin & friends:
Dustin Cook <bughunter.dustin> wrote: >"Steve Riley [MSFT]" <steve.riley> wrote in >news:E3C4B9CE-9821-4AB1-A7B4-F523991E1416: >>Depending on where you go in China, if you leave a laptop behind, yes, >someone might come along and install something and not take your laptop. >Why would they do this? Having remote access is more valuable, let you >decrypt the data for them. :) > >If you suspect your computer has been compromised, I wouldn't even bother >scanning it unless your a pro; and are willing and know how to go low level >on your own. If you don't have the skills, secure wipe the drive, and >reload the system from known clean backups. In the future, keep all >important data safe and encrypted. Using a proprierty encryption system for >the entire HD isn't a bad idea in this case. That way, no password, no >access, no dropping/installing anything. To encrypt the hard disk is a very good security measure if the laptop is stolen, but it is useless to avoid a keylogger install. To be able to install a keylogger, the user should be logged in with Administrator features, and I supposed that the user didn't leave the computer unattended *and* powered on *and* logged in, did you? Thanks Juan I. Cahis Santiago de Chile (South America) Note: Please forgive me for my bad English, I am trying to improve it! |
|
|
|
|
| Similar Threads | |
| .vcs file of beijing olympics? Hi, anyone knwo where I can find a .vcs file of Beijing Olympics to import into Outlook 2003 calendar? - I found other sports events like F1 and soccer, but not... |
|
| T-shirt Design for Gnu/Linux Geeks In Beijing Olympics Era I designed an Olympic T-shirt for Gnu/Linux Geeks: [..] - The baby Tux is contributed by Nicolas Rougier - The last two rows of Chinese characters means One World, One... |
|
| vista/ keylogger 5 and keylogger pro I have vista home premium and when I watch progress of Norton full scan I see c:\programs\keylogger5\watchdll.dll and also keylogger pro. I only know because I was quick... |
|
| XianZe advertising co., Ltd. of Beijing 1¡¢brief introduction of company: Our company was established formally with the approval of industrial and commercial bureau of Beijing in 1996, is it manage domestic foreign... |
|
| Need SBS expert in Beijing, China SBS 2003 expert required in Beijing, China, to set up a small corporate office network. Will include hardware, software and Internet connection orders. Support and... |
|
|
All times are GMT. The time now is 04:19 PM. | Privacy Policy
|
How can I tell if a keylogger got added to my PC while I was in Beijing?