Go Premium for a chance to win a PS4. Enter to Win


Friend is being hacked, keylogs, breaks passwords, copies IM's and they have no ip to trace

Posted on 2003-10-22
Medium Priority
Last Modified: 2013-11-16
Hi. A friend is having real trouble with a hacker. They have stolen passwords, monitoring IM's etc. We believe it is a keylogging program. We were told there is no way to get rid of it because it is a spyder in the system. They also use AIM, and it seems when the hacker "takes over" the account, it knocks them offline.  Any suggestions to remove this, and to catch the person doing it? Thanks in advance.
Question by:Serendipity14
  • 3
  • 2
  • 2
  • +6
LVL 49

Expert Comment

ID: 9601602
Ask him to install and run these softwares


SpyBot-S&D is an adware and spyware detection and removal tool. This includes removal of certain advertising components, that may gather statistics as well as detection of various keylogging and other spy utilities. In addition, it also securely removes PC and Internet usage tracks, including browser history, temporary pages, cookies (with option to keep selected) and more. The program offers an attractive outlook-style interface that is easy to use and multi-lingual. SpyBot-S&D allows you to exclude selected cookies, programs or extensions from being reported, allowing you to prevent false positive messages for items that you dont want to be alerted of every time. It can even scan your download directory for files that have been downloaded, but not yet installed, allowing you to detect unwanted programs before you even install them. SpyBot produces a detailed and easy to understand report before it deletes any files and allows you to deselect any item that you do not want to be processed. In addition, a recovery feature allows you to restore your settings if needed. Very nice tool, that exceeds the capabilities of the popular Ad-Aware application.



AdAware is a privacy tool, that scans your memory, registry, hard, removable and optical drives for known data-mining, aggressive advertising, and tracking components. It then lists the results and offers to remove or quarantine the components. The program detects a wide range of adware/spyware related issues and can be updated with the latest signatures via the built-in update utility. Please be advised that removing certain components may impact the functionality of effected software applications. You should fully read the included Ad-aware documentation before removing any files!



HijackThis is a tool, that lists all installed browser add-on, buttons, starup items and allows you to inspect them, and optionally remove selected items. The program can create a backup of your original settings and also ignore selected items. Additional features include a simple list of all startup items, default start page, online updates and more. Intended for advanced users.


Keylogger Hunter

Keylogger Hunter is a program that attempts to detect any keyloggers that may be running on your computer. It performs a system analysis, which takes about 3-5 minutes and then produces a list of suspicious files (if any). It detected 2 out of 3 running keyloggers in our test. Future versions are planned to be shareware.



KL-Detector is designed to provide a way to find out whether your activity is being recorded with a keylogger application. It uses the fact that most keyloggers create a hidden log file on your hard drive and therefore scans for any suspicious activity during a test period that you have to initiate. Basically, it asks you to use the keyboard for several minutes, type some text or do similar activities, while it is monitoring your system to check if it can detect any suspicious logging activity. KL-Detector is intended for occasional use and not as a permanently running program, as normal PC activity may cause false positives. During our test, it did detect changes in a keylogger log file (that we installed), but it did not find the activity suspicious enough to warn us. Advanced users may get value by inspecting the logged items, however novice users should not rely on the results.


X-Cleaner Free

XCleaner is a privacy tool suite that detects and removes installed spyware and adware components and includes tools to securely delete files, edit the registry, disable startup programs and more. Additional features include IE home page protection, cookie, cache and history cleaning, built-in password generator and more. This free version also contains some additional feature options, however they are disabled and require upgrade to a full version. The spyware and adware scanning as well as many cleaning features however can be used freely.



SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It achieves this by disabling the CLSIDs of popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage. This allows you to run Internet Explorer with Active-X enabled, but it will never download or even prompt you for any of the known ActiveX controls. All other Active-X controls or plug-ins will work fine. The SpywareBlaster database contains information on these known spyware Active-X controls and can be updated with the click of a button. The application windows displays a list of all controls that it is able to detect (this is not a list of what was found on your computer). The program cannot detect if you have any of the known objects already installed, but if you do, they will be disabled. The program also allows you to take a snapshot of your computer (certain settings) in its clean state and later revert many changes made by spyware and browser hijackers.



SpywareGuard provides a real-time protection solution against so-called spyware. It works similar to an anti-virus program, by scanning EXE and CAB files on access and alerting you if known spyware is detected. If this is the case, it initially blocks access to the file and then allows the user to select an action. SpywareGuard provides a fast scanning engine, signature-based scanning, heuristic/generic scanning, a control panel, and an online-update utility for downloading of definition updates. It does not replace your anti-virus protection, but instead detects programs that may cause privacy concerns. The list of detected programs includes AdBreak, AdultLinks/LinkZZ, Brilliant Digital, CommonName, Cytron, FreeScratchAndWin, FriendGreetings, HighTraffic, HotBar, IEDisco, iGetNet, Lop.com, MoneyTree Dialer and others.



SpySites allows you to manage the Internet Explorer Restricted Zone settings and easily add entries from a database of 1500+ sites that are known to use advertising tracking methods or attempt to install third party software. You can select the sites from the list, or optionally add all of them, or only the "worst offenders". The program then adds the URLs to the IE Restricted Zone settings. Once configured, there is no need to run the program again, unless you want to add additional sites.


LVL 49

Accepted Solution

sunray_2003 earned 200 total points
ID: 9601614
Also have him install firewall for better protection like zonealarm

Ask him not to store passwords in his computer  ( disable remember password )

Ask him to download this software to check for trojan ( trojan remover)

Update the virus definitions and scan for viruses


Author Comment

ID: 9601733
He did all that and it comes up with nothing. This hacker comes onto IM and threatens him and says he is watching. It appears to be in the system and untraceable.
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.


Expert Comment

ID: 9602007
Here's an idea...

reformat the entire box and reinstall the OS. Use differnet usernames/passes for ALL internet related activity: email, IM, etc. That's the only way you'll be 100% that everything is removed.

LVL 49

Expert Comment

ID: 9602311
>>  This hacker comes onto IM and threatens him and says he is watching. It appears to be in the system and untraceable.

Test him . I donot agree to what he is saying. May be he is fooling your friend. Ignore and delete his contact in IM ..


Expert Comment

ID: 9603703

Sunray does it again! Yeah sounds to me like the guy threatening is just a moron - when I was moderating a chat server a few years back we'd see these kind of threats all the time. Usually came to nothing. Often turns out the instigator has a chip on their shoulder becaus ethey failed computing 101 in junior school.

The best thing I can recommend is if your friend is using XP, start with going into advanced TCP/IP options and switching on the built-in firewall, otherwise use zonealarm or something like that as Sunray suggested. I can't speak for zonealarm but some have built in IDS functionality which can give you the source address and type of attack.

Also get him to run netstat -a at the command prompt to see what open connections there are to the machine - look for something strange. Look for direct connections to broadband service providers - a typical one would be something like ip- (netvigator being a local ISP here) or something like that.

Your friend should only have direct outbound connections unless he is using something like Kazaa etc.

I can't suggest that you post the full output of netstat -a to this forum as someone may use it malignantly, however you can post it if you replace all mention of your friends machine name and IP with x's and y's etc...

If you find a suspect IP or a few suspect IPs check back with us here and we can tell you how to find out where they are and what you can do about it. This kind of behaviour is nothing more than online bullying and it annoys me intensely. Let's get 'em.


Author Comment

ID: 9604654
Thanks for all your comments. I will pass this all on.  Thanks for taking the time. I will keep you updated.

Expert Comment

ID: 9607303
My answer would be quite simple, use these software:

- ZoneAlarm Pro (firewall)
- BlackICE (firewall)
- SpySweeper (real-time protection)
- Ad-Aware Pro (real-time protection)
- Norton Antivirus (real-time protection)

BlackICE and ZoneAlarm can co-exist no problems, and the other programs can keep monitoring the system,
keep in mind that their virus / protection definitions must be up to date in order to keep the system safe.

Scan the system with the scanners, then make sure important files arent infected, back 'em up, and do a fresh
install, I would recommend using some disk wiping software, these will make sure no bad data is left on the
HDD, do a 7 write / delete cycle ( or more, but could take more time ), that option is available in the disk wiping / cleaning software.


Expert Comment

ID: 9607332
Another comment, install BlackICE, ZoneAlarm, NeoTrace (tracing program) / HackTracer.

1) Install BlackICE, ZoneAlarm
2) connect to the internet ,and use ZoneAlarm to shutdown all internet activities
3) go to blackIce, clear the evidence log and other logs
4) via ZoneAlarm, re-eanable the internet
5) watch BlackICE's main window for types of suspicious attacks.
6) note down the IP address / details
7) launch NeoTrace / hacktracer / tracert, punch in the IP address, trace the hacker using the software.

Maybe that would help?

Expert Comment

ID: 9620654
I downloaded Keylogger Hunter and when I went to do the scan, there's a flashlight scanning, then a window comes up and says:
"Parimeter is incorrect"

what happened and what do I do?


Expert Comment

ID: 9623447
The security set up I use is
1)ZoneAlarm firewall (the regular version is even free)
2) Pest patrol (detects over 15,000 "pests" such as keyloggers, adware, malware, hackers and other spies
3)Norton anti virus
4)Zone log analyser (reads the firewall logs and can report access attempt for you)

After you have everything set up test your firewall online and make sure it is working correctly.

Expert Comment

ID: 9631360
all of these suggestions are great and some cost alot of coin too...

this is what I use and it's essentially free

-ZoneAlarm (free version)
-Avast Anti-Virus (free, but has a nag every few months to re-register)
-Spybot S&D
I use them both because one will always find things that the other didn't

but I also think these guys are right...it sounds like this guy is just harassing your friend. Best thing to do is try to ignore him...he'll eventually find someone else to annoy.

Expert Comment

ID: 9633890
You may also what to try a product called sypcop:


It's a anti-keylogger and anti-spy product!

I've been years it for a while.   It's wroth a try!

Expert Comment

ID: 9757680
I cannot open my ADD/REMOVE programs....it says cannot open Rundll32.exe is missing.

where can i redownload this from??????

*running windows 95*

Thank you

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question