[PLUG] Looking for a keylogger infection...

[plug_0 at robinson-west.com]

I'm trying to clean up a friend's XP system.  I found a file 
called twacker in the root directory that's looks like a log
from a keylogger.  Now this is silly of course, why would a
trojan ever leave a record of what it did?  I'm planning on
using an isolated Linux system to store a copy of what's on
the system if there's something that needs to be recovered 
later and then I want to zero format the drive.

Is there a program I should burn to a cd and install to my
friend's computer that will find any keylogger that might 
be there?  Does anyone know a specific file name to search
for or something that will be in the registry that will
indicate a keylogger is installed?

My plan after zero format, I'm thinking I can do that using
Linux and dd, is to install Windows XP first to the first
half of her hard drive and then put Fedora Core 3 on the 
other half.  My idea is to back up the Windows system using
the Fedora Core 3 system.  I want her to able to restore
Windows to a known clean state.  I'm planning on keeping a 
second copy of the backup myself.  Is it possible to read 
the NTFS filesystem so I can use tar etc. under Fedora Core 
3, to back the Windows system up?  My goal is to write a 
script so that teaching her a little about Linux, she can 
restore the Windows system by simply logging in to the Linux
side and running the script.  Do I need to be 
thinking image file instead of tarball so I don't have
to worry about the specifics of NTFS?  I want the 
restore procedure to reset every single bit on the
windows partition and the boot sector of the hard
drive as well, I figure that this will almost 
certainly clean off any malware.  I should probably
make a bootable cd with grub in case the boot sector
does get comprimised.

OT: Is there a program that will lock the windows registry?

     --  Michael C. Robinson

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/