-
August 23rd, 2006, 03:07 AM
#1
Junior Member
Detecting A Keylogger?
Greetings all,
I have reason to suspect that I have a keylogger sitting somewhere on my PC. Just wondering if anyone can shed light on any possible way to detect one.
I have googled the topic and come up with mostly "they are impossible to detect, but you can try this....". All of which were pretty unhelpful.
Anyone able to help or point me in the direction of what activity I should be looking for.
Thanks
-
August 23rd, 2006, 04:13 AM
#2
Junior Member
Re: Detecting A Keylogger?
Originally posted here by Obliviously
Greetings all,
I have reason to suspect that I have a keylogger sitting somewhere on my PC.
I'm curious to know *Why* you suspect the presence of the Keylogger? *What* did you notice to suspect the presence of the Keylogger?
On a scale of 1 to 10, I stand at 0 when it comes to inner workings of the computers, sorry I can't help you much, but if you can answer my questions that would be great.
Thanks
-We May Need To Solve Problems Not By Removing The Cause, But By Designing The Way Forward Even If The Cause Remains In Place-
Edward de Bono
-
August 23rd, 2006, 05:20 AM
#3
Welcome to AO!
depending on the type of keylogger, it might be detected by some of the common anti-spyware programs [ie adaware, spybot search and destroy, prevex1, etc] .. try searching for keylogger detection ... also try running 'netstat -a -b' from a command prompt ... ( start > run > cmd ) [sorry if it seems I am talking down to you, but I have no idea of your technical knowledge] this should show you your active connections, and the executable responsible for the connections... hope this helps
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
August 23rd, 2006, 06:58 AM
#4
Junior Member
Thanks for the replies
I'm curious to know *Why* you suspect the presence of the Keylogger? *What* did you notice to suspect the presence of the Keylogger?
Unfortunately, I am paranoid by nature, not to the extent that I think my phones are being tapped or that a satellite is dedicated solely to watching my every movement, but my job requires I look at people from a different point of view. Some of it becomes habit i guess. It is quite simple really, people I am affiliated with are aware or dropping bits of information during conversations that I only mentioned during personal emails and chats. Email accounts have been tampered with and changing passwords doesnt seem to do much.
Sounds a bit nutty I know, but hey, if there isnt a key logger at least i'll know how to detect one in the future....ahem...
sorry if it seems I am talking down to you, but I have no idea of your technical knowledge
Not at all, as i said earlier, any advice is much appreciated. It seems to be quite a grey area when trying to discern if keyloggers are actually installed on your system. I am using Win XP and am curious if there is actually a program or command line that I can use to check if there is a program sending emails/files or whatever running in the background. I have checked the 'msconfig' and am still working my through determining what everything is in there. (Although, I doubt any keylogger worth its weight in salt would register there, no?)
Thanks again guys and gals, the voices in my head are telling me to stop writing now
-
August 23rd, 2006, 07:03 AM
#5
Just do scans with your AntiVirus, and antispyware applications in safe mode, and also check your firewall settings to see if any unusual programs etc are trying to access the internet.
just a few ideas.
-
August 23rd, 2006, 09:01 AM
#6
Hi Obliviously , and welcome to AO, home of the paranormal.............. or do I mean abnormally paranoid?
I think that we need a bit more information?
1. Is this machine at home, or at work?
2. Is it part of a local area network?
3. Does anyone else have unsupervised physical access to the machine?
4. Do these "events" only happen when you use a particular machine, or any machine?
5. Do you have a firewall on your machine (not the network)?
I am not a great believer in keyloggers as a first attack vector. They do tend to generate an information overload, and are not the easiest tool to use properly. I usually suspect some sort of trojan/spyware as being more likely.
As for software, I would try EWIDO and A-Squared, as they tend to be quite good at detecting this sort of thing. Remember to run them in safe mode.
people I am affiliated with are aware or dropping bits of information during conversations that I only mentioned during personal emails and chats
Remember that people talk and they are almost certainly talking behind your back!
-
August 23rd, 2006, 05:57 PM
#7
Hi Obliviously,
Did you the identifying all the processes via Ctrl+Alt+Delete (windows task manager) option. In case all the above methods don't work (and i've no doubt why they should'nt) try google for info about each and every process listed in the windows task manager.
Sometimes foolish keyloggers tend to show up in the task manager...
You may find services and processes which you really don't need running in the back ground. Before You do scans (of any type)..do two things in this order.
A. Disable System Restore-Right Click My Computer>Properties>System Restore
B. Restart in safe mode
C. Finally, run any scan.
Do not enable system restore, after you find anything and clean/delete or quarantine it. You'll bring it back into your system..
Try an online scan at:
trend micro and at symantec
Shabba Khair..
-
August 24th, 2006, 01:28 AM
#8
ummm......well I am a junior member...of course seniors will help you but here is a small suggestion from myself...netstat is an amazing command but do you use a firewall??? If no then start using one now! If yes then which firewall do you use??? If your firewall shows active connections, then do this:
Open the live monitoring section of your firewall...and now block all the programs at once...now you will start getting notices that some applications are trying to connect to the internet...you look at the path and the description which firewall will provide and go on allowing them (and creating rules on the fly too). Now if there is any keylogger ( as you suspect), it should try to connect to its remote system once within 24 hours. Just keep looking at the path of the programs that try to make connections... and when you see a program which you think is a possible keylogger, disallow it and forst try to find out if that file is really a keylogger or if it is a system service...(it can be found easily using the Microsoft knowledge base...and from google....I prefer to search microsoft knowledge base using google!)...You may also post the name and path of the file here in AO.
If you get sure that the suspected file is a trojan / keylogger then you can remove it easily.
Thanks.
"Everything should be made as simple as possible, but not simpler."
- Albert Einstein
-
August 24th, 2006, 09:30 AM
#9
Originally posted here by chizra
Sometimes foolish keyloggers tend to show up in the task manager...
A little bit like some AO members..................
Get some good religion from Bad Religion.
-
August 24th, 2006, 09:57 AM
#10
Very true
Why is it everyone seems to squeal "keylogger" these days, when there are much more sophisticated solutions around?
This is an example:
http://www.symantec.com/security_res...100113-5137-99
Assuming that you can eliminate physical access and activities by your systems administrators, this is what you would look for:
1. Collection of information.
2. Storage of information.
3. Transmission of information.
People who write security compromise software that is worth its salt are well aware of Task Manager and how to avoid it.
At the very least you should use more sophisticated tools such as Process Explorer 9.02 and Startup CPL 2.8 (or later versions if available).
brokencrow has just posted this free software:
http://www.sophos.com/products/free-...i-rootkit.html
It might prove helpful in detecting anything that has been stealthed?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|