Today I noticed an icon “test” on my desktop when I started up my laptop.
When I clicked on it to see what it was, it brought up a keylog showing all the websites I had been to and password (if i had entered one) as well as any other keystrokes - such as websearch uses.
WTF?!?
I dont recall downloading anything onto my laptop and McAfee didnt pick up anything on the scan. I thought maybe it had to do with a program I use with one of my MMO’s but i checked my desktop computer and did not see anything even resembling the same kind of file. Ran Webroot on the desktop puter and didnt pick up anything.
WTF?!?
But since neither picked up the logger app, I’m not certain if it’s on both puters and/or where the damn thing is hiding.
Thank gawds I saw the “test” icon and checked it out! And double so on a test log being left on the desktop for me to see on my laptop.
I’m concerned about going in and changing all my passwords since I’m not sure if it’s hiding on my desktop puter as well as the laptop. This has really freaked me out. My SO said he would check out my laptop and run it through his systemcheck so I left it with him, but from the info I have found on the internet it looks as though a lot of these programs are well hidden and undetectable. :smack:
Hate to say this: But did you consider the possibility that your SO put it there?
(and perhaps he configured your antivirus to ignore it)
I know someone who put a keylogger on the machine his wife uses in order to gain access to her password protected places and see what she was up to. He was doing it from the POV of a concerned husband who thought his wife was up to no good. Pretty stupid of him to admit it.
Well, my SO - who, btw, is also a Doper - has access but I cant imagine him being stupid enough to do something so unethical and underhanded. Especially, to be stupid enough to leave a “test” icon on the desktop for me to see and know! That would be like leaving a used condom on the nightstand next to the bed - knowing we dont use that kind of protection!
However… he IS in IT, knows a hell of a lot about computers, and has access toa lot of programs.
Do I suspect him? No.
If he did do it - well, he has a lot of explaining to do and it would be in his best interest to admit to it because I sure as hell would want to know what I did do make him be suspicious and untrusting.
Hmmm. Well, someone put it there. If it wasn’t you, it was … someone else.
Whether to spy on me or to test something out on MY computer without telling me wouldn’t matter. I’d be livid. Not to jump to conclusions yet but like I said, if you didn’t put it on then someone else either deliberately did it or was using your computer and accidentally did it. Start narrowing down the list of who could fit into one of those groups.
How long back does the keylog go? And when was the last time you used it without seeing this icon as opposed to the first time you noticed it?
Right-click on the desktop icon and select Properties. Click the “Find Target” button, which will open the folder the application is installed in. Zip up all the files in that folder and email it to me; let’s see what this thing is and where it comes from.
Yes, I would probably be the first person I would suspect that has physical access to the machine. Fortunately I have an ironclad aliby for the time the app appears to have been installed, at least by the timestamp of the file that appeared on the desktop. And for the time of the first and last log entries appearing in the file. The first, New Years Eve, I was with Pixilated and neither of us recalls me touching the machine all day. And the latter, yesterday just before lunch, I was helping myh brother with a project.
The file is in html format and is just a series of entries that shows a timestamp, the active app or website, and the keystrokes made within the app. I opened the file in notepad and there’s no malicious code of any sort in it, it’s pure html. It looks to me like it was intended to be transferred to a remote website to be accessed from a browser.
My best guess at this time is that something glitched during some setup or transfer process and the file landed on the desktop. Unfortunately I’m not running a log on my router that I could tell when or where it would have been going.
Nothing has come up under a mcafee scan so my next step will be to make an image of the drive and use a computer I know to be clean to scan the image with Norton and McAfee again. As well as a runthrough with some antispyware apps.
She doesn’t recall having gone to any websites outside those she normally frequents and I haven’t touched it at all lately until this incident. And I’ve never been on it that she wasn’t sitting right there with me.
