wine users - Oct 2011 - Re: Keylogger question

micdhack wrote:
> My wow account was hacked and since i logged in more from ubuntu than
windows i wanted to ask if it is possible a keylogger to be installed through
wine and if it could start automatically to monitor the system each time linux
starts or each time i start some wine application.
> By the way i used antivirus to scan linux and wine directories and nothing
was found
In my experience, the keylogger is invisible, and it run with other
applicatioons. What's more, most keyloggers are undetectable. While, I know
a very simple way to detect it. Type CTRL + ALT + DELETE, it will open your Task
Manager, Processes tab look for BKP. exe or AKL. exe, if you find the BKP. AKL
exe or. exe's why you have keylogger.
* Remembering that if you can not always detect Keylogger by CTRL + ALT +
DELETE.
For those who have a little more technical knowledge, it also noted the hint of
how good the performance of the processor. If it is working continuously even if
the computer does not have many applications running is a sign that the machine
can produce something suspicious.

On Wed, 2011-10-26 at 02:38 -0500, isobella wrote:
> In my experience, the keylogger is invisible, and it run with other
> applicatioons. What's more, most keyloggers are undetectable. While, I
> know a very simple way to detect it. Type CTRL + ALT + DELETE, it will
> open your Task Manager, Processes tab look for BKP. exe or AKL. exe,
> if you find the BKP. AKL exe or. exe's why you have keylogger. 
> * Remembering that if you can not always detect Keylogger by CTRL +
> ALT + DELETE. 
>
A more general way to find unexpected processes is to run "ps -ef"
from
a terminal.  Either pipe it into less:

	ps -ef |less 

where you can search on keywords or simply scroll through the list, or,
if you already know the keyword, pipe it into grep: 

	ps -ef | grep '\.exe' 

will show you all the .exe programs that are currently running. If you
want to know more about a program, apropos and man are your friends:

	apropos wine
	man wine
  
apropos shows one line describing anything that has your search term in
the first line or its man page:

$ apropos wine
msiexec              (1)  - Wine MSI Installer
notepad              (1)  - Wine text editor
regedit              (1)  - Wine registry editor
regsvr32             (1)  - Wine DLL Registration Server
wine                 (1)  - run Windows programs on Unix
wineboot             (1)  - perform Wine initialization, startup, and
shutdown tasks
winecfg              (1)  - Wine Configuration Editor
wineconsole          (1)  - The Wine console
winefile             (1)  - Wine File Manager
winemine             (1)  - Wine Minesweeper game
winepath             (1)  - Tool to convert Unix paths to/from Win32
paths
wineserver           (1)  - the Wine server

while typing "man wine" shows the whole man page.


Martin