Webaholics

Keylogger is a software program or hardware device that is used to monitor and log each of the keys a user types into a computer keyboard. The user who installed the program or hardware device can then view all keys typed in by that user. Because these programs and hardware devices monitor the keys typed in a user can easily find user passwords and other information a user may not wish others to know about.

Keyloggers, as a surveillance tool, are often used by employers to ensure employees use work computers for business purposes only. Unfortunately, keyloggers can also be embedded in spyware allowing your information to be transmitted to an unknown third party.

A keylogger is a program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack. For example, a keylogger will reveal the contents of all e-mail composed by the user. Keylogger is commonly included in rootkits.

A keylogger normally consists of two files: a DLL which does all the work and an EXE which loads the DLL and sets the hook. Therefore when you deploy the hooker on a system, two such files must be present in the same directory.

There are other approaches to capturing info about what you are doing.

Some keyloggers capture screens, rather than keystrokes.
Other keyloggers will secretly turn on video or audio recorders, and transmit what they capture over your internet connection.

A keyloggers might be as simple as an exe and a dll that are placed on a machine and invoked at boot via an entry in the registry. Or a keyloggers could be which boasts these features:

Stealth: invisible in process list
Includes kernel keylogger driver that captures keystrokes even when user is logged off (Windows 2000 / XP)
ProBot program files and registry entries are hidden (Windows 2000 / XP)
Includes Remote Deployment wizard
Active window titles and process names logging
Keystroke / password logging
Regional keyboard support
Keylogging in NT console windows
Launched applications list
Text snapshots of active applications.
Visited Internet URL logger
Capture HTTP POST data (including logins/passwords)
File and Folder creation/removal logging
Mouse activities
Workstation user and timestamp recording
Log file archiving, separate log files for each user
Log file secure encryption
Password authentication
Invisible operation
Native GUI session log presentation
Easy log file reports with Instant Viewer 2 Web interface
HTML and Text log file export
Automatic E-mail log file delivery
Easy setup & uninstall wizards
Support for Windows (R) 95/98/ME and Windows (R) NT/2000/XP

Because a keylogger can involve dozens of files, and has as a primary goal complete stealth from the user, removing one manually can be a terrifying challenge to any computer user. Incorrect removal efforts can result in damage to the operating system, instability, inability to use the mouse or keyboard, or worse. Further, some key loggers will survive manual efforts to remove them, re-installing themselves before the user even reboots.

Popularity: 18% [?]

It’s late in the evening and you’re at home, using your computer to update a document you need for work the next day. You make your final changes, save the document, and submit it to print. You turn to the printer, only to find nothing there. You print the document again, and again get nothing. Thinking that maybe there’s something wrong with the printer connection, you decide to reboot your computer.

But you’re getting error messages that you’ve never seen before. After clicking on two or three dozen “Okay” buttons, your computer finally starts booting up again, and you sigh in relief. Until you start getting error messages stating that certain files are out of date or can’t be located. Eventually your computer comes back up, but it seems that everything has gone wonky. Programs load with errors, or don’t load at all. Utilities that worked fine last night lock up when you try to launch them, including your virus-scanning software. In short, something’s very, very wrong.

Ordinarily this would mean taking your computer into a repair site and have a tech look at it to determine the problem. The fix could be as simple as running a few utilities on the computer, or as complex as rebuilding the hard drive from scratch. Even the simpler solution can be expensive. But if you are running Windows XP as your operating system, you may not need to go into a blind panic. A utility included with Windows XP called System Restore allows you to recover your hard drive from a previous point in time. In effect, you’re turning back the clock to a point in the past where your computer was working properly.

Give Me a Reason
Why would you restore your computer to, say, yesterday afternoon’s settings? There are plenty of reasons why you might want, or need, to do so. The incident described above could be caused by a virus that got through your computer’s firewall and installed itself on your computer. Remember the new game you installed on your computer late last night? It could have overwritten system files in the operating system, replacing them with older files, or deleting required files altogether. Maybe somebody got a little trigger-happy with the mouse when selecting files to erase from the system, deleting required system files. Then there’s always the possibility of an “act of God”, like a power outage or power surge, which may have corrupted system data on the computer.

Convinced? Good. So how does System Restore work? Let’s take a look.

Start at the Beginning
When Windows XP is installed on a computer system, the System Restore utility is turned on by default, so you don’t have to do anything to start the process. System Restore also automatically creates “restore points”, points in time you can select for restoring your computer. They’re usually created when a new program is installed, or updates to the existing system are implemented (generally through the Internet). Good news.

Unfortunately Windows XP isn’t consistent about the frequency of creating these restore points. You might go two or three days before an incident occurs where the operating system feels it’s necessary to create a restore point. Not-so-good news. However, you can go in yourself and manually create a restore point any time you want, say, just before you install a new program. If you’ll do this on a regular basis, even once a day, you’ll have a good number of points from which to restore if you ever need to.

A Good Recovery Place
You may want to create a restore point of your own, or need to find a restore point to recover your system. In either case, you start the same way. In the menu bar at the bottom of the desktop, click on Start, then Help and Support (the blue question mark icon). Under “Pick a Task” in the right column of the window that appears on your screen, select the option marked Undo changes to your computer with System Restore. This launches the System Restore utility, bringing it up in a new window.

If you want to create a new restore point, select the second option in the menu and click Next. You can enter an appropriate description for this restore point, and then click on Create. Windows XP automatically attaches your description and the date and time from your computer system to the restore point and adds it to the calendar list. Click on Close and that’s it – you’ve created a restore point. You can go on with your work (or play) now.

When You Need Some Restoration
If you need to restore your system to an earlier date and time, in the System Restore menu select the first option in the menu and click Next. You can use the calendar on the left side of the window and the restore points described on the right side of the window to pick the particular restore point you wish to use. Once you’ve selected the desired restore point, click on Next, and then Next again to start the restore process. Don’t power down your computer during this process, as you could end up with some serious issues if the restore process doesn’t complete properly. (Helpful hint: Don’t do a restore if there’s a possibility you might have a power outage, such as during a thunderstorm!) Once the restore is done, the computer reboots, you log in, and there you are – your system is the way it was at the date and time of the selected restore point.

Helpful Hints
You’ll avoid a lot of grief if you follow a few guidelines when using System Restore.

Regularly create manual restore points. It only takes a few minutes to create a restore point. Even if you only do this once or twice a week, it gives you that many more options to choose from when you need to select a restore point.

ALWAYS create a restore point before adding anything new to your computer! Whether you’re adding a new printer, installing a second hard drive, or upgrading your favorite software program, create a restore point before starting the process. If anything happens and problems develop, you can restore your computer to the way it was before the installation started.

Save important data before starting a restore. Remember that anything that has changed on your computer between the time of the restore point and the time you begin the restore will be reset to the way it was at the time of the restore point. If your restore point is from ten days ago, every program and data file you have added to your computer in that ten-day period will be gone. Files that were on the computer at the time of the restore point and that you have deleted since then will be back on the computer after the restore. So if you have files on the computer that you want to keep, copy them to diskette or RAM stick, or burn to a CD, before you start the restore process.

Popularity: 29% [?]

I observe all the time with my home pc customers. Their computer, for whatever reason, has been rendered unbootable and they are suddenly (and understandably) worried about the contents of the hard drive. Whether it’s hundreds (or thousands) of rupees/dollars worth of downloaded music and movies, software that was purchased and paid for online, countless hours of work on personal or business documents or the unthinkable loss of all their family photos, the sudden realization that you have never safeguarded these things can be a very unsettling prospect.

One of the first questions I ask when someone calls and tells me that their pc won’t start is if they have a recent backup of their data. It’s very rare for anyone to answer that question in the affirmative. Usually, after a moment of silence, the customer will sheepishly admit that they always intended to start backing up but never did because… [insert your favorite excuse here]. I always hate to hear this because backing up your data is vitally important and (here’s the BIG SECRET) it’s not at all difficult.

There are backup utilities and services available to consumers now that make the process so simple and automated that anyone can do it easily and quickly. And the best part is, there are so many competing products you will easily find one to fit your budget if you shop around. One word of caution, though. Don’t use the built-in backup utility in Windows. Yeah, I know, it’s already there and it’s “free”.

Trust me though, it’s cumbersome, featureless and not very dependable. You won’t like it so you won’t use it and then the next time your hard drive crashes (it will happen sooner or later), you won’t have a backup. I’ve seen it happen too many times! Third party software is definitely the way to go.

Anyway, whatever backup application you decide to use, It’s important to understand what needs to be backed up. Following is a list of things you should DEFINITELY include in your backups:

The ‘My Documents Folder’ - This is hands down the most critical folder for most people in terms of data backup. This is where all of your personal and sometimes irreplaceable data is stored. By default, it contains all of your photos, music, documents, videos, etc. In some cases, such as photos and home videos, if these items are lost or corrupted, they are gone forever and cannot be replaced. (Imagine telling your wife that all of the baby pictures are gone!)

Your Accounting Data - If you use personal or business accounting software on your pc, backing up the data file on a regular basis is an absolute MUST! Enough said.

Your Email Address Book - You have a lot of important contact information that you have gathered over the years. Backing up this data is especially critical if you are a business person and you utilize email in your daily business schedule.
 
A couple of things you may want to consider backing up even though they aren’t critical are:

Your Internet ‘Favorites’ Folder - Although it’s not the end of the world if the contents of this folder are lost, trying to remeber the url’s of your favorite websites can be a daunting task.
 
Your Windows User Settings – These are the setting that ‘personalize’ your user account. Desktop backgrounds, screensavers, etc.

Things you don’t need to bother with backing up include:

Windows – You should already have a copy of your OS on disk.

Any programs that you installed from disks – You need to back up the data files, but not the program itself. Reinstall that from the disk.

Popularity: 29% [?]