detect keyloggers?

codeSushi

macrumors newbie
Original poster
Oct 16, 2002
2
0
OK, I am beginning to feel kind of stupid and paranoid here but I have reason to be concerned about a keylogging program having been put on my iMac remotely. There were a couple of really nervy coincidences, one of which led to a site defacement. Anyway, whether or not that is the case, WHY can't I find any information on how to detect and remove this sort of thing from Mac OS X? (I'm running 10.1.5 here at work.) I have done Google searches for every possible keyword combination till my fingertips bleed, and I can't find ANYTHING. Is this only a concern with PCs? I hardly think so ... but why is there no info? Someone let me in on the joke fast cuz I feel like I'm being "had"! :D

Seriously, can anyone point me to reliable and accurate info on detecting and removing keylogging programs from Mac OS X? Are there certain processes to watch for when you do ps -ax or typical locations & names of these things I can search for on the hard drive?

Thanks in advance ...
~soosh~
 

edesignuk

Moderator emeritus
Mar 25, 2002
19,233
2
London, England
Could you not just backup your home directory then wipe your mac clean and start a fresh? This wuld be the best option IMO, the one way you can be sure.
 

codeSushi

macrumors newbie
Original poster
Oct 16, 2002
2
0
I'd prefer to gain the knowledge and the experience, actually, in hunting down things of this nature. And I'd hate to have to backup, wipe, and re-install every time I suspect someone has been maliciously sneaking and tinkering.

But I need the information with which to do it.

Why is this treated as some Majestic-level secret or something?? I don't get it. I'm pretty good at digging up info on just about anything on the internet, and I haven't come up with squat.
 

4409723

Suspended
Jun 22, 2001
2,222
0
What I did to detect one my brother had jokingly put on is: Set the time to 11:59 pm. Then wait until it goes past midnight (and changes the date) type a few words, mess around for a few minutes. Now go to sherlock, in your case, and look for files modified on that day. I don't know how often these apps update the logs. Just an idea... it worked for me.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.