Keyloggers: Free Prevention Tools

[Alkhara Majere]

Guide is indended for the WoW forums, but the programs/info is good none the less.

-------------------------------------------------------------------------

There appears to be alot of keyloggers going around our forums these days.

So here's some tips on IDing a keylogger!

• Any URL that you cannot readily identify the address from a well known source, such as youtube, imageshack, photobucket, break, etc should be considered highly suspicious.
  
  - **** LATEST ATTEMPTS **** involve low level characters responding to various threads with statments such as "see here" or "latest" and a link to a PHP redirect, i.e. "goto.php?d=207&urlname=mfwow"
  
  - Any URL that claims to link to a picture but instead links to a page that is .aspx, .html, or .php, etc, should be considered suspect. Request a direct link to the image.
  
  - Any URL that has excessive uncommon characters, such as %AE%15%25 etc is a masked URL and should be avoided.
  
  - Any URL that you CANNOT IDENTIFY THE SOURCE OF SHOULD BE CONSIDERED A KEYLOGGER!
  
  - Any URL that contains a link having .php?=http and ANOTHER address is a keylogger redirect.
  
  - Be careful of links that advertise mods, and of what mod you download! Even when downloading from a trusted source, do some research on the mod you're downloading. Google it a bit, see if there is any indication that it's legit or hostile.
  
  - Never download mods from an untrusted site.
  
  - Any URL that contains .jpg.html or .scr should be considered a malicious site immediately. NEVER visit these sites, as they contain viruses and worms to destroy your account and computer system's ability to operate.

Example of (not working, completely fake) key logger URLs:

• http://tinyurl/eoginq32tq31
  http://21.15.16.162/image/asdgeage3
  http://hackersite.com/goto.php?d=261267&urlname=mfqwrew
  http://%ae%12%52%ar%61%21/randomidio...geromgzwtf.com
  http://youtube.biz.au
  http://www.randomlinkthing.com/zomg20kpyro.jpg.html
  http://omgimaninnocentlinkreally.com...ekeylogger.scr

Please be careful what links you click.

Further, how to identify posters linking to key loggers:

• - WALL OF TEXT THAT CRITS YOU FOR OVER NINE THOUSAAAAAAAAAAAND!
  
  - Poor english skills. (And no I don't mean the idiots that think they're cool by posting leetspeak, or being so lazy that they cannot type the full word and replace it with a letter like u or r.)
  
  - Characters that are low level.
  
  - Characters that are high level, but have been stripped of gear.

And finally, ways to clean your system up and maintain yourself!

Be safe and check your system for spyware and viruses: Free tools are here -

• http://www.safer-networking.org - Spybot Search And Destroy - A free spyware scanner and remover.
  
  http://free.grisoft.com/doc/1 - AVG Antivirus - A free antivirus that is superior to Norton, PC-Cillin, and other products in both utility and resource usage. You'll hardly notice it's working until the warnings pop up that you've got a virus.
  
  http://www.ewido.net/en/ AVG - Anti-Spyware - An antispyware/malware version from AVG. (Props to Dracast, of Stonemaul)
  
  http://www.avast.com/eng/download-avast-home.html - Avast Antivirus - Another free antivirus tool that may catch things that AVG does not. Your pick though!
  
  http://www.getfirefox.com - Firefox Web Browser - An alternate and free web-browser to the easily exploited internet explorer series.
  
  https://addons.mozilla.org/en-US/firefox/addon/722 - NoScript - This is an addon for firefox that actually stops scripts from running on your web browser, literally stopping any chance whatsoever of a script based viral attack or keylogger. Very awesome tool, and much like a popup blocker, it'll display a bar at the bottom of the screen letting you trust and allow scripts from sites YOU chose. I like it (props to Melvina, of Cenarius)

I hope that at least some people get saved by this info.

Also, if you get kicked off randomly with a disconnected from server error, and it happens more than once or twice a day, and is a continuous pattern, you've likely been hacked. Change your password as a precaution. Never hurts to be safe!

• - Always use a password that is alphanumeric and cannot be guessed easily. (duh)
  
  - Blizzard lets you use punctuation in your password. Use it.
  
  - Passwords are most secure when they are over 8 digits in length and alpha-numeric.

Never give your credit card, account, or other personal information to ANYONE over the internet. If you can, use a telephone or if you are forced to use an internet connection, make sure the page is secure and to the server you're intending to connect to. (There should be a small padlock in the lower left corner of your screen when you're on a secure page that has the name of the site you're connecting to.

THIS INCLUDES POWER LEVELING AND GOLD BUYING SERVICES!

Of several of the sites that I actually visited in a sandbox (software that lets you run programs without risking your computer to infection), three of the five had keylogger scripts on the page.

These sites not only contribute to the spam on the server, but undermine your accounts security. Stay away from them!

UPDATE YOUR COMPUTER SOFTWARE!

Be sure that you have the most secure operating system environment on your computer by running Windows Update (if you own a Windows-based PC) or Software Update (if you own a Mac) and installing all of the updates marked "High Priority". Note: you may have to run the updater more than once to ensure you have all the high priority updates; many of the patches require a system restart, and then additional patch installations to complete the process. (props to Instant, of Skullcrusher Realm.)

And due to popular demand, FIREWALLS. FOR ADVANCED USERS ONLY!!!!!!!!

Using a firewall is the best way to keep your computer safe, but improperly configuring it can also prevent your games or other applications from accessing the internet. That being said, please read all documentation and if in doubt, ask a computer nerd friend to set it up for you.

Free firewalls:

• http://www.personalfirewall.comodo.com/ - Comodo Firewall
  http://www.zonelabs.com/ - Zonealarm Firewall

These are very powerful security tools - too powerful for people that know relatively little about their computer. You've been warned.

Have a good evening folks.

[Flying Piggy]

This is officially voted as one of my favorite posts .
Thank you Alkhara Majere and great post +rep

Edit : done .

[Valmilu]

Yea thank's +rep

[Froogle]

I would like to add something, if you like it Majere, then add it to your original post.


When suspecting, or just wanting to know the address of a tinyurl, put preview. in front of it, you will be brought to a tinyurl page that will tell you the site address.

Old: http://tinyurl/eoginq32tq31
New: http://preview.tinyurl/eoginq32tq31

[acke]

Nice post i have no experience with keyloggers and such so this is great, +rep

[Flying Piggy]

Nice post i have no experience with keyloggers and such so this is great, +rep

If you want to know what keyloggers can do to your info (including RL and WoW) then read this : http://www.mmowned.com/forums/wow-gu...ess-again.html .

[Nugma]

This is officially voted as one of my favorite posts .
Thank you Alkhara Majere and great post +rep

"You have given out to much reputation in the lastest 24 hours. I will return in 4-6 hours once it's reset."

/approve

[Lord-kapser]

nice i did not know so much about key loggers Thanks

[piree]

Nice post, but a good hacker still gets all your information
Traces your IP, searches for an open port and he's inside your PC, then install a keylogger and you cant do anything about it
(Happened to me )

[foulwind]

WALL OF TEXT THAT CRITS YOU FOR OVER NINE THOUSAAAAAAAAAAAND!

a wow radio fan right there.:wave:

nice post and one to take note off.

[themaster]

wow this is very nice +rep but i got Mcafee AIO 2007 that got firewall etc is that good vs those keyloggers etc too ? ( yes sorry for asking question .. )

[facehump]

id say, NOD32 is awesome against RATs (Remote Administration Tool) thats far more worse that just a keylogger. but, also got a keylogger integrated into it.

[Soren93]

I got nod32 and a program called McAfee SiteAdivisor also very usefull. With block the sites that have been reported for keylogger, Spyware Etc....

[King_yoshi]

This might sound stupid, but I also wanted to add that there are some autoit based keyloggers floating around, that aren't as easily detected by anti-virus programs. If I find an example of one, I will tell you. They are rare, but nevertheless they do exist.

[Alkhara Majere]

Thank you for all the positive replies.
Rawr.