detect keyloggers?

Discussion in 'Mac Help/Tips' started by codeSushi, Oct 16, 2002.

  1. codeSushi macrumors newbie

    Joined:
    Oct 16, 2002
    #1
    OK, I am beginning to feel kind of stupid and paranoid here but I have reason to be concerned about a keylogging program having been put on my iMac remotely. There were a couple of really nervy coincidences, one of which led to a site defacement. Anyway, whether or not that is the case, WHY can't I find any information on how to detect and remove this sort of thing from Mac OS X? (I'm running 10.1.5 here at work.) I have done Google searches for every possible keyword combination till my fingertips bleed, and I can't find ANYTHING. Is this only a concern with PCs? I hardly think so ... but why is there no info? Someone let me in on the joke fast cuz I feel like I'm being "had"! :D

    Seriously, can anyone point me to reliable and accurate info on detecting and removing keylogging programs from Mac OS X? Are there certain processes to watch for when you do ps -ax or typical locations & names of these things I can search for on the hard drive?

    Thanks in advance ...
    ~soosh~
     
  2. edesignuk Moderator emeritus

    edesignuk

    Joined:
    Mar 25, 2002
    Location:
    London, England
    #2
    Could you not just backup your home directory then wipe your mac clean and start a fresh? This wuld be the best option IMO, the one way you can be sure.
     
  3. codeSushi thread starter macrumors newbie

    Joined:
    Oct 16, 2002
    #3
    I'd prefer to gain the knowledge and the experience, actually, in hunting down things of this nature. And I'd hate to have to backup, wipe, and re-install every time I suspect someone has been maliciously sneaking and tinkering.

    But I need the information with which to do it.

    Why is this treated as some Majestic-level secret or something?? I don't get it. I'm pretty good at digging up info on just about anything on the internet, and I haven't come up with squat.
     
  4. edesignuk Moderator emeritus

    edesignuk

    Joined:
    Mar 25, 2002
    Location:
    London, England
    #4
    This is the result of a google.com/mac search for "keystroke logger", there's quite a alot of results, one of them maybe what you're after. :)
     
  5. Wes macrumors 68020

    Wes

    Joined:
    Jun 22, 2001
    Location:
    London
    #5
    What I did to detect one my brother had jokingly put on is: Set the time to 11:59 pm. Then wait until it goes past midnight (and changes the date) type a few words, mess around for a few minutes. Now go to sherlock, in your case, and look for files modified on that day. I don't know how often these apps update the logs. Just an idea... it worked for me.
     

Share This Page