Welcome, Guest. Please Login or Register.
Search
Members
Login
Register
   Mischel Internet Security Forum
   Internet Security
   General (Moderators: Helena, Gavin_Coe, Magnus)
   Keylogger found on my office computer		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Keylogger found on my office computer  (Read 1820 times)
ams007
Newbie
*





   


Posts: 2
Keylogger found on my office computer
« on: Jan 14th, 2009, 10:52pm »		 Quote Quote  Modify Modify
I work for a MAJOR US financial institution with offices world-wide. I mention this so that you can imagine how structured and secure the network is (or should be).
 
For a while now, I have had the feeling that my email was being monitored since occasionally co-workers would make comments coincidentally related to subjects in recent personal (hotmail account not company) emails. It's one thing if IT is monitoring computer activity, but how would my co-workers get that info? This has been going on for months.
 
I just ran spyware software (ad-aware) and found that a keylogger was installed on the office computer (laptop) that only I use (Quick Keylogger - not very sophisticated from what I have read). I then installed Zone alarm (free) and soon found that various co-workers (not talking about IT personnel) tried to access my computer on various occasions during a period less than 2 days. I counted 31 attempts in just a 2 hour period today. They were blocked by the firewall.
 
Zone Alarm log does show blocked attempts coming from internal ip addresses and various ports (although port 1900 appears more frequently than others).
 
Program is svchost.exe and I do have the user names of various co-workers in the source dns column.
 
It seems unlikely that so many people would be involved, but I can't imagine why else I would be getting inbound requests from so many people (or anybody for that matter other than IT on occasion).
 
Can anybody shed light on svchost.exe appearing in my logs as incoming?
 
Thanks
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: Keylogger found on my office computer
« Reply #1 on: Jan 14th, 2009, 11:42pm »		 Quote Quote  Modify Modify
These may be coming from your corporate server as "computer discovery" probes as your co-workers sign into or out of the corporate network or as refreshes to display who is on your network.  
 
Below is a link showing the description of svchost.exe
 
http://www.processlibrary.com/directory/files/svchost/
IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
ams007
Newbie
*





   


Posts: 2
Re: Keylogger found on my office computer
« Reply #2 on: Jan 14th, 2009, 11:57pm »		 Quote Quote  Modify Modify
Thanks for the response.  
 
If they are "computer discovery" probes, would they be coming from multiple ports?
 
Any way for me to confirm whether they are "computer discovery" probes?
« Last Edit: Jan 14th, 2009, 11:58pm by ams007 » IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: Keylogger found on my office computer
« Reply #3 on: Jan 15th, 2009, 12:07am »		 Quote Quote  Modify Modify
Here's a couple of other links that may be of assistance. You will see that port 1900 is used by Universal Plug and Play and also SSDP Discovery Service
 
http://www.tomshardware.com/forum/98114-45-svchost-port-1900
 
http://www.blackviper.com/WinXP/service411.htm#Universal_Plug_and_Play_D evice_Host
 
http://www.blackviper.com/WinXP/service411.htm#SSDP_Discovery_Service
 
You could try disabling Universal Plug and Play and putting the SSDP Discovery Service on Manual and see if this stops them.
IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Achatina
Newbie
*





   


Posts: 1
Re: Keylogger found on my office computer
« Reply #4 on: Jan 10th, 2010, 5:57am »		 Quote Quote  Modify Modify
Don't you think your employee could have install the keylogger to monitor how you work? Of course, you should have been made aware of this, but some companies don't let their employees know about them being monitored.
I have 8 employees and we have Protemac Keybag and Actymac Dutywatch (both are kind of a keylogger) run on all office computers.
IP Logged
tristar
Newbie
*





   


Posts: 2
Re: Keylogger found on my office computer
« Reply #5 on: Jun 16th, 2011, 8:32pm »		 Quote Quote  Modify Modify
It’s possible that you are monitored by your boss since you are somebody in your company! Cheesy. My boss also installed an employee monitoring keylogger to monitor us (10 colleagues in the office).
 
Welcome to the forum tristar  Wink
 
Spam link removed from this post by siliconman01
« Last Edit: Jun 17th, 2011, 12:08am by siliconman01 » IP Logged
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »