Detecting spylogging programs?

[Matou]

I am a newbie on this forum, and I have spent some time surfing related topics--but I have a question I haven't seen answered anywhere. Is it possible to determine if someone has illegally loaded a software keylogger on your own machine? I am talking someone who has physical access to a personal laptop and loaded a SpyBuddy or Net Nanny on a personal machine.

Would something like a Spyware Eliminator catch this? Or are they geared more towards adware and net traffic?

[MrLinus]

Hi Matou,

Welcome to AO!

I took your post and put it in it's own thread as it didn't seem to fit in the old thread you had replied to. I've changed the title and put it in a forum where it would be most likely answered.

It is possible to determine if a keylogger has been installed on a system through a variety of methods. The first thing I would do personally is get something like ProcessExplorer from SysInternals to see what processes are running and which ones are suspicious.

[MemorY]

AO Supreme Being

sorry this isn irellevant to the thread, but how did you get that MsM....heheh looks cool..

and oh: I once worked with www.blazingtools.com perfect keylogger, there is an option that you hide from the taskmanager, control panel, systrey icon etc. would those softwware you recommened still catch it. ?

[DjM]

Originally posted here by MemorY
I once worked with www.blazingtools.com perfect keylogger

Adware 6 picks up my copy of perfect keylogger.

Cheers:

[djscribble]

what about when someone uses winspy -- they pride themselves in not being able to be detected at all... i still can't find it (if someone knows where the exe hides, please let me know)

[Matou]

Where I am confused is--is there a difference btwn programs that capture spyware you pick up out on the net vs. an application someone physically loads on your machine? Will something like Ad-aware 6.0 catch both kinds of keyloggers?

[SwordFish_13]

Hi

Yes AD-Aware Picks Most of the Key-Logger Program i know.......

And Anti-keylogger™ is also a good ..and since it does not work on the principle of Signature verification it can even catch unknown ones.....

it's more towards Spyware Eliminator's but some of the ADware removers too catch them......

--Good Luck--

Where I am confused is--is there a difference btwn programs that capture spyware you pick up out on the net vs. an application someone physically loads on your machine? Will something like Ad-aware 6.0 catch both kinds of keyloggers?

hmmm Whether someone physically loads a spyware/keylogger or you Get it from the net ....They will pick it up.........I mean a Keyloger is a keylogger ...........No matter what is the mode of installation.................or are you talking about something else..........What i am getting from your post is if say ax.exe is a spyware...........and someone physasilly installs it on your computer.................or if ax.exe gets installed by some malisious web Site( P0rn ) ........in both the cases it will be detected........

[DjM]

Originally posted here by Matou
Where I am confused is--is there a difference btwn programs that capture spyware you pick up out on the net vs. an application someone physically loads on your machine? Will something like Ad-aware 6.0 catch both kinds of keyloggers?

Well the short answer is, available software (Adware, Search & Destroy & even antivirus software) will detect some of these products. Now if I write my own keylogger, the answer is no. I believe if I use a hardware keylogger, the answer too would be no. There have been quite a few threads started about keyloggers, use the AO search function and have a read through some of them for more information.

Cheers:

[mathgirl32]

It has been my personal experience that with some keyloggers...especially those that capture screenshots and key strokes (like Starr Commander Pro), you can just do a search for files created on a particular day (I usually use the current day) and check for large HTML files. Those HTML files have both the keystrokes and screenshots wrapped up in them to be sent to the spyer's email address. It's worked for me everytime with that particular product.

Yes, you can and should DL a trojan / keylogger removal/detector, but this is also just another quick way to check.

[Matou]

Thanks! This is very helpful. I didn't know if there was a difference btwn the two or not. Your explanations have helped very much!