November 10th, 2004, 04:04 AM
What can I do when suspecting keylogger on computer?
I have a suspicion that a keylogger may be installed on the computer that I work on. However, I have heared that keyloggers don't show up in the Task Manager list under running processes.
Is there any way, or anywhere else where I can look, where I may find evidence of a keylogger currently running in the background?
November 10th, 2004, 04:15 AM
If you run XP or 98, try msconfig to see the program that run at start-up.
If you use 2000, check your registry key for suspect program that run at start-up.
November 10th, 2004, 04:21 AM
Download a tool called security task manager
this will find hidden processes, tell you what it is and what it is for, and allow you to kill it and delete the program.
November 10th, 2004, 05:54 AM
Oh sorry, I run XP Pro. And thanks, I'll try stm.
November 10th, 2004, 06:15 AM
Go to sysinternals.com...
Find the program called filemon, it will give you a realtime view of files being written to. Filter out the noise, you may be able to find a keylogger that is logging to a file. Also, sweep for Malware, try other process utilities that have been mentioned (maybe process explorer from sysinternals.com as well.) Don't forget to check the hardware / plug for anything physically on the wire. Regmon might help as well. Also a sniffer, tcpview, yadda yadda.
November 10th, 2004, 09:02 AM
Also to add to the possiblities here, you can download Anti Key-Logger from my site.
Sorry but you do have to register before getting access to the downloads. You could also search on the name and find it somewhere that don't require you to register if you don't want to. Even though it is spamming my site, it is in direct response to a post!
If this is frowned upon, then I want do it no more.
- FREE computer help and ALL tutorials are VIDEO TUTORIALS. No hand written tutorials here.
November 10th, 2004, 09:21 AM
Direct answer to direct question..............doesn't look like spam to me
WinSonar...............it is free and monitors for programs starting in the background. You need to watch it, as it will block all sorts of stuff until you tell it that it is a good guy (works a bit like firewall rules there)
Do you think that this is a remote attack or a local one?
November 12th, 2004, 08:14 AM
Thanks, I installed some of those programs like Filemon and Security Task Manager, and from what I could gather, there doesn't seem to be a key-logger running in the background.
Cyber, when I do search and type Anti key-logger I still get a message that I need to register first. Maybe I'll do that then, since there's no way round it I guess.
November 12th, 2004, 02:07 PM
November 12th, 2004, 09:22 PM
If you are at work or dealing with some one that knows about security they might be keeping close tabs on your network activity. If at my work place I had enough suspison about a person and needed to put a key logger on their computer then I would also keep tabs on their network activity to see if they go to download sites or fourm that would aid them on de-activating the key logger. If it were I and I had a suspicion I would use Knoppix or any other linux boot cd to get the registery or the config files then do an exaimination on another computer not the one that i suspected had a key logger installed.