Sister-in-law suspects key logger, how do I detect?

[iMacMart]

Hi Guys

I built my wife's sister a new laptop, well I did a fresh install of windows 7 and office etc I also installed NOD32 AV. Recently her iTunes account and eBay accounts have been accessed by someone and they have purchased items from iTunes for which funds have been removed from her account. I've told her to change the passwords straight away but she thinks some how a key logger has got onto her system and this is how they got the password?

Someone at her place of work has planted this seed, not saying it can't be true but is there any way for me to scan and double check? I have remote access via logmein so I can scan with NOD or anything else?

Any other advice would be great

Thanks

 

[Philtor]

I would run super antispyware and Malware bytes in safe mode for starters. Then whatever AV you choose - I would use Kaspersky personally.

 

[OminousLatinNoun]

I'd just reformat to be honest.

If it ever gets to the point where someone is screwing around with your finances and you suspect a keylogger just go for a clean install and change passwords, even if only for the peace of mind.

 

[iMacMart]

I would run super antispyware and Malware bytes in safe mode for starters. Then whatever AV you choose - I would use Kaspersky personally.

She already has NOD32 on which I would have thought was fairly secure?

I'd just reformat to be honest.

If it ever gets to the point where someone is screwing around with your finances and you suspect a keylogger just go for a clean install and change passwords, even if only for the peace of mind.

I'm beginning to think the same thing, trouble is I have no idea what they plug into the laptop which could still be carrying the nasty?

 

[bledd]

run..

ccleaner slim (to remove temp files which makes all other scans faster)
mbam
spybot s&d
nod32 full scan

 

[iMacMart]

run..

ccleaner slim (to remove temp files which makes all other scans faster)
mbam
spybot s&d
nod32 full scan

But would you be happy that this would cover all area's or should I bite the bullet and carry out a full and fresh install?

Thanks

 

[alex24]

Don't waste your time. If you suspect something like that I'd just format to be sure, though of course it may be possible the security breach was somewhere else.

 

[bledd]

But would you be happy that this would cover all area's or should I bite the bullet and carry out a full and fresh install?

Thanks

Tbh, I'd do all of them, run a hijackthis run, a format is overkill unless a system is riddled imo.

 

[alex24]

The issue I have with that is that you'll never know if you've got rid of everything. The keylogger could be a novel piece of software that's not yet picked up for all we know.

Besides, as long as you don't have a lot of programs installed, a format is quicker than running millions of scans to cover all bases.

Just my opinion.

 

[Sp00n]

run..

ccleaner slim (to remove temp files which makes all other scans faster)
mbam
spybot s&d
nod32 full scan

^all of that would take what... 3 maybe 4 hours depending on the system.

You could format and be back up and running within half that time.

 

[eXor]

I'm beginning to think the same thing, trouble is I have no idea what they plug into the laptop which could still be carrying the nasty?

If the system is secured properly following installation, it shouldn't matter what is plugged in thereafter. My mother came to visit last week and used her flash disk on one of my laptops. Avira found 41 nasties on her flash disk ( The 42nd was found via the Command Prompt ).

However, despite the presence of a malware planted autorun.inf, nothing was able to move from her flash disk to my laptop. Why?

Autoplay / Autorun is disabled for all media.

There is a Software Restriction Policy in place which prevents anything from launching outside \Program Files or \Windows. Unfortunately SRPs are available only on certain editions of Windows 7 ( e.g. Ultimate )

The account used is a Standard User Account.

I'm with the format crowd. Once passwords are compromised and money is being stolen, there's not really much choice.

I'd format, install, implement some defensive layers while network connectivity is disabled ( unplug ethernet, disable Wifi e.t.c. )

 

[iMacMart]

Well I've told her not to do anything on it until she brings it down for me to wipe and start from scratch, this includes connecting it to her wireless network at home

Thanks guys

 

[alex24]

Good man, you know it makes sense.

/delboy

 

[iMacMart]

Good man, you know it makes sense.

/delboy

I know it does "rodders" but I'm sick of building and fixing relatives pc's sure that's the reason I'm so popular with the family lol still it give peace of mind and I'm sure she'll buy me a bottle of JD for my troubles!

 

[alex24]

That's a different issue though, one I'm sure many people on here can relate to, me included.

 

[iMacMart]

That's a different issue though, one I'm sure many people on here can relate to, me included.

Yes it is, but I'd rather her be safe and her bank account secured from these low lifes that create these programs *shakes fist*

Thanks for the input all

 

[Frozennova]

Its not necessarily low files that create key loggers etc as they can be handy for parents etc to monitor a childs internet usage.

 

[Edward78]

I only log in to bank/credit card/anything to do with my money sites in Linux. The evil Windows shouldn't be trusted.

 

[Meatball]

In the future maybe recommend she uses the on screen keyboard to log into certain sites?

 

[iMacMart]

In the future maybe recommend she uses the on screen keyboard to log into certain sites?

I don't follow