Setting on LittleSnitch 2 stop keylogger info from being sen

General discussions about Little Snitch
shorthairdooo
Posts: 1
Joined: Sun Nov 28, 2010 10:25 pm

Setting on LittleSnitch 2 stop keylogger info from being sen

Postby shorthairdooo » Sun Nov 28, 2010 10:39 pm

say someone has installed a keylogger onto my computer, which we suspect is possible, and have it set to send the info to a remote computer. what setting do i need disable on little snitch to stop that info from being sent to a remote computer?/or email address, however it's done.

like when i go to a website on firefox, it says if i want to allow on different proxy networks etc. to be safe, do i need to say no on all of these? or yes? or? will i not be able to browse the net if i say no?

if it's sending info, screenshots, keylogs etc to an email, will it say it's going to a gmail account of something?
if it's sending screenshots, keylogs etc to another computer, will it say it's going to a certain ip address?

i'm a complete computer novice so any help in layman's terms is very helpful.

basically i don't want this person to have set up a keylogger on the computer and be able to have screen shots, email transcripts, etc sent to their computer. they are very far away, but it's my understanding that with having stuff sent to a remote computer, it doesn't matter how far away that computer is, since it's sent to their email account, or to (i think..) their end of the keylogger if they've installed it onto of their computer and off of there, onto my computer.

this person is known to hack my computer in the past, and likely has the administrator password to my computer. it's a very real possibility that they put a keylogger/spy software on here.

i've run macscan and claxvm and iantivirus, they are up to date and both didn't even detect the keylogging software I put on my computer to test them out (keybagger and aobo). little snitch is my last resort to stop data from being sent out to a remote computer being that the scanners don't work to detect stuff.

i would just reinstall my whole system, but i have TONS of data on my computer and it would take forever to back all of that up, and a HUGE harddrive to move it. i also worry i'd lose my snowleopard that was installed onto my computer as an update from someone's family pack. they were kind enough to do it for me and now live far away.

nyfrenchie
Posts: 2
Joined: Thu Oct 28, 2010 10:36 pm

Re: Setting on LittleSnitch 2 stop keylogger info from being sen

Postby nyfrenchie » Mon Nov 29, 2010 10:50 pm

Independent of your keylogger suspicions, if you "have TONS of data" on your computer and don't have a back up, you're being a little bit foolish. Hard disks are mechanical, and after a while, will just wear out. Or the disk could just develop some kind of mechanical problem at some point. Recovering your "tons of data" at that point (assuming it's possible, and that you have the right recovery software) will still require another hard disk. But it will be a lot more difficult, and much more time consuming.

You can buy relatively inexpensive USB 2 hard disks that are in the 750gb-1tb range. If you do a back up (highly recommended in any case), you can then reinstall a fresh system. With a fresh system, you won't have any keyloggers to worry about.

LSfan
Posts: 14
Joined: Tue Jun 24, 2008 10:57 pm
Contact:

Re: Setting on LittleSnitch 2 stop keylogger info from being sen

Postby LSfan » Fri Dec 03, 2010 5:49 pm

I hope this is a legit post and not from a stolen mac since an owner might be the one who has installed a keylogger, etc.

If it is legit -- no freekin way to know so I'll trust that it is -- this might be too late but,
advice above to buy new drive and back up: INVALUABLE -- I can tell you from experience (sadly).
I know for sure that Super Duper http://www.shirt-pocket.com/ will back up only your Users files & data
if you choose to do it that way. But it sounds like you need to back up everything then run at least two of the following:

are you running ClamXAV? (beta 2 has most updated engine and is easy to install and use;
but review & read the forum too before tweaking & modifying the default settings)
http://clamxav.com/index.php?page=v2beta

Another option is to find a rootkit hunter for mac os x. Only two that I know of:
OS X Rootkit Hunter for Mac by http://christian-hornung.de
there's an article at http://gigaom.com/apple/why-mac-securit ... it-hunter/

another is chkrootkit_macosx http://www.macupdate.com/app/mac/24011/ ... kit_macosx
but it seems now undownloadable/a dead link on my end may still be downloadable from mirror sites ?

don't go tinkering w/ that stuff tho before you back up your data.

finally there is now a mac anti-virus/anti-malware freeware (mainly to prevent windoze virusus being inadvertently spread via macs) by sophos.com but it is slower than molasses in winter and not very customizable, (and everyone I know including me removed it after an initial attempt to try it out -- I would be loathe to ever try a windoze-inspired / winduhs based app again) but in your situation, I think I might try it as a scan to see what it can find and since you can tell it to just scan and not remove anything to start with, which you can also do w/ Clamxav, but they are likely to find some different things since clamxav is not the most updated clamav engine, it lags on the engine, not the virus defs from my understanding.

you could read about the keystroke loggers that can be embedded / run on mac os x and try to determine where its files are installed, then search specifically for those files. It might help to have a utility like iShow Invisible script by TOM X. Again, don't be removing a bunch of now visible files just because you don't understand what they are or you will be doomed and have to reinstall and definitely could lose data!

good luck if you are legit, bad luck if you are not :lol:


oh yeah, don't forget to have a basic daily user account that is NON-admin for your everyday use for email, browsing, everything you do on a daily basis and a separate Admin-authorized account as a barrier to inadvertently installing everything at root level w/out admin permission. AND Always use Little Snitch of course!

Karrahahu1
Posts: 2
Joined: Fri Feb 12, 2016 9:35 am

Re: Setting on LittleSnitch 2 stop keylogger info from being sen

Postby Karrahahu1 » Fri Feb 12, 2016 9:41 am

I think I might try it as a scan to see what it can find and since you can tell it to just scan and not remove anything to start with, which you can also do w/ Clamxav, but they are likely to find some different things since clamxav is not the most updated clamav engine, it lags on the engine,???



Ali

Estrella
Posts: 2
Joined: Fri Jul 14, 2017 1:29 pm

Re: Setting on LittleSnitch 2 stop keylogger info from being sen

Postby Estrella » Mon Jul 17, 2017 2:08 pm

It can be used in stealth mode, will record all keystrokes and will take screenshots, but doesn't offer too many advanced options. This program https://www.elitekeyloggers.com/elite-keylogger-mac has not been detected by our antivirus program and will run completely hidden on a computer.


Return to “Little Snitch General”

Who is online

Users browsing this forum: No registered users and 5 guests