I was in Beijing, and I used my Windows PC there with a freeware firewall
and freeware anti virus and freeware malware scanners.
Recently a friend said nearly all American travelers were to be warned by
the State Department that their laptops, if left in the hotel, were almost
certainly compromised.
How could I tell if a keylogger or other spyware was inserted onto my
laptop by the Chinese?
Donna Ohl wrote:
> I was in Beijing, and I used my Windows PC there with a freeware firewall
> and freeware anti virus and freeware malware scanners.
>
> Recently a friend said nearly all American travelers were to be warned by
> the State Department that their laptops, if left in the hotel, were almost
> certainly compromised.
>
> How could I tell if a keylogger or other spyware was inserted onto my
> laptop by the Chinese?
You mean physically, by hands-on access to your machine?
BTW, how is you water heater doing?
Michael
Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.
Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_R...:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/...moving_Malware
When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in
conjunction with some other utilities). HijackThis will NOT fix anything on
its own, but it will help you to both identify and remove any
hijackware/spyware with assistance from an expert. **Post your log to
http://spywarehammer.com/simplemachi...php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30, or another appropriate forum for review
by an expert in such matters, not here.**
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
Donna Ohl wrote:
> I was in Beijing, and I used my Windows PC there with a freeware firewall
> and freeware anti virus and freeware malware scanners.
>
> Recently a friend said nearly all American travelers were to be warned by
> the State Department that their laptops, if left in the hotel, were almost
> certainly compromised.
>
> How could I tell if a keylogger or other spyware was inserted onto my
> laptop by the Chinese?
From: "PA Bear [MS MVP]" <PABearMVP@gmail.com>
| Run a /thorough/ check for hijackware, including posting your hijackthis log
| to an appropriate forum.
| Checking for/Help with Hijackware
| http://aumha.org/a/parasite.htm
| http://aumha.org/a/quickfix.htm
| http://aumha.net/viewtopic.php?t=5878
| http://wiki.castlecops.com/Malware_R...:_Introduction
| http://mvps.org/winhelp2002/unwanted.htm
| http://inetexplorer.mvps.org/data/prevention.htm
| http://inetexplorer.mvps.org/tshoot.html
| http://www.mvps.org/sramesh2k/Malware_Defence.htm
| http://defendingyourmachine2.blogspot.com/
| http://www.elephantboycomputers.com/...moving_Malware
| When all else fails, HijackThis v2.0.2
| (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in
| conjunction with some other utilities). HijackThis will NOT fix anything on
| its own, but it will help you to both identify and remove any
| hijackware/spyware with assistance from an expert. **Post your log to
| http://spywarehammer.com/simplemachi...php?board=10.0,
| http://forums.spybot.info/forumdisplay.php?f=22,
| http://aumha.net/viewforum.php?f=30, or another appropriate forum for review
| by an expert in such matters, not here.**
| --
| ~Robear Dyer (PA Bear)
| MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
| AumHa VSOP & Admin http://aumha.net
| DTS-L http://dts-l.net/
I agree emphatically with this.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
"Donna Ohl" <donna.ohl@sbcglobal.net> wrote in message
news:ASbNk.4031$D32.757@flpi146.ffdc.sbc.com...
>I was in Beijing, and I used my Windows PC there with a freeware firewall
> and freeware anti virus and freeware malware scanners.
>
> Recently a friend said nearly all American travelers were to be warned by
> the State Department that their laptops, if left in the hotel, were almost
> certainly compromised.
>
> How could I tell if a keylogger or other spyware was inserted onto my
> laptop by the Chinese?
>
Worse case scenario, you wont. There are programs inpervious to detection,
you could always format and re-install your laptop if you are that worried
about it. Next time be a little more aware of 'free' stuff ...... theres no
such thing as free !
"Trespasser" <andie_online@hotmail.com> wrote in message
news:S62dnaLCn4x9bJjUnZ2dnUVZ8jSdnZ2d@bt.com...
> Worse case scenario, you wont. There are programs inpervious to
> detection, you could always format and re-install your laptop if you are
> that worried about it. Next time be a little more aware of 'free' stuff
> ...... theres no such thing as free !
>
There is nothing impervious to detection if you use the right tools and are
willing to invest the time needed to find them. Personally, I would just do
a secure wipe and practice better safeguards in the future.
"Donna Ohl" <donna.ohl@sbcglobal.net> wrote in message
news:ASbNk.4031$D32.757@flpi146.ffdc.sbc.com...
>I was in Beijing, and I used my Windows PC there with a freeware firewall
> and freeware anti virus and freeware malware scanners.
Usually, depending on which ones you have, these are adequate
safeguards. A couple of anti-spyware applications could also be
added to round things out.
> Recently a friend said nearly all American travelers were to be warned by
> the State Department that their laptops, if left in the hotel, were almost
> certainly compromised.
Physical access to the machine trumps all!
> How could I tell if a keylogger or other spyware was inserted onto my
> laptop by the Chinese?
Scan for everything under the sun from a *clean* environment.
Booting from a known clean boot cd should thwart *most*
malware from interfering with the scanning.
Follow the advice of PA Bear as well. If I am not mistaken, the
HijackThis program has to be run from the tainted environment
in order to get at the registry data it needs to scan.
I guess zeroes are good enough for stopping a process from
accessing the data, by this leaves you open to forensic probes.
"FromTheRafters" <erratic@nomail.afraid.org> wrote in message
news:O%23RknFJOJHA.1396@TK2MSFTNGP05.phx.gbl...
> "Donna Ohl" <donna.ohl@sbcglobal.net> wrote in message
> news:ASbNk.4031$D32.757@flpi146.ffdc.sbc.com...
>>I was in Beijing, and I used my Windows PC there with a freeware firewall
>> and freeware anti virus and freeware malware scanners.
>
> Usually, depending on which ones you have, these are adequate
> safeguards. A couple of anti-spyware applications could also be
> added to round things out.
>
>> Recently a friend said nearly all American travelers were to be warned by
>> the State Department that their laptops, if left in the hotel, were
>> almost
>> certainly compromised.
>
> Physical access to the machine trumps all!
>
>> How could I tell if a keylogger or other spyware was inserted onto my
>> laptop by the Chinese?
>
> Scan for everything under the sun from a *clean* environment.
> Booting from a known clean boot cd should thwart *most*
> malware from interfering with the scanning.
>
> Follow the advice of PA Bear as well. If I am not mistaken, the
> HijackThis program has to be run from the tainted environment
> in order to get at the registry data it needs to scan.
>
Damn, that post belongs in another thread.
I wanted to post this here:
http://www.ngssoftware.com/research/...CI_Rootkit.pdf
"FromTheRafters" <erratic@nomail.afraid.org> wrote in message
news:uHA7lPJOJHA.2100@TK2MSFTNGP05.phx.gbl...
>I guess zeroes are good enough for stopping a process from
> accessing the data, by this leaves you open to forensic probes.
>
> "FromTheRafters" <erratic@nomail.afraid.org> wrote in message
> news:O%23RknFJOJHA.1396@TK2MSFTNGP05.phx.gbl...
>> "Donna Ohl" <donna.ohl@sbcglobal.net> wrote in message
>> news:ASbNk.4031$D32.757@flpi146.ffdc.sbc.com...
>>>I was in Beijing, and I used my Windows PC there with a freeware firewall
>>> and freeware anti virus and freeware malware scanners.
>>
>> Usually, depending on which ones you have, these are adequate
>> safeguards. A couple of anti-spyware applications could also be
>> added to round things out.
>>
>>> Recently a friend said nearly all American travelers were to be warned
>>> by
>>> the State Department that their laptops, if left in the hotel, were
>>> almost
>>> certainly compromised.
>>
>> Physical access to the machine trumps all!
>>
>>> How could I tell if a keylogger or other spyware was inserted onto my
>>> laptop by the Chinese?
>>
>> Scan for everything under the sun from a *clean* environment.
>> Booting from a known clean boot cd should thwart *most*
>> malware from interfering with the scanning.
>>
>> Follow the advice of PA Bear as well. If I am not mistaken, the
>> HijackThis program has to be run from the tainted environment
>> in order to get at the registry data it needs to scan.
>>
>
>
I've heard these rumors before, too, and I'm not convinced they're true.
I've traveled to China several times, it isn't the monolithic evil empire
that bulletins like this would seem to indicate. Any laptop left anyplace
unattended has risk; drive encryption like BitLocker is really the only way
to mitigate such attacks (other than keeping the laptop with you at all
times).
--
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
Protect Your Windows Network: http://www.amazon.com/dp/0321336437
"Donna Ohl" <donna.ohl@sbcglobal.net> wrote in message
news:ASbNk.4031$D32.757@flpi146.ffdc.sbc.com...
> I was in Beijing, and I used my Windows PC there with a freeware firewall
> and freeware anti virus and freeware malware scanners.
>
> Recently a friend said nearly all American travelers were to be warned by
> the State Department that their laptops, if left in the hotel, were almost
> certainly compromised.
>
> How could I tell if a keylogger or other spyware was inserted onto my
> laptop by the Chinese?
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote