How to detect Keyloggers

[Osiris]

Hey guys,

Another post requesting keyloggers, prompted me to ask, is there any reliable software out there, that can detect keylogging software?

[lnmnky]

Taskmanager?

It's usually detected as spyware/adaware etc, or even a virus. and will be ran like one too. So try some free stuff like Ad-aware.

So just check your start up, and registry start up locations. And check to see also that it hasn't installed itself as a windows service (in computer management)

[ozgeek]

Yep: Ad-aware and Spybot can detect keyloggers and take the appropriate action to disable those keyloggers from running in future.

[NetGX]

mcafee antivirus does a good job at picking them up..

It would be very hard to locate them in task manager because they can be names as common proceses such as explorer.exe

EDIT: Most spyware programs can disable them but many such as SC-Keylog are pretty much impossible to remove without the password the creator assigned to their keylog executable.

I've accidentaly executed it on my own computer and belive me without that password it will be very hard to get rid of.. I mean it does get detected but after every restart sure enough it will be there again

[Osiris]

Dang thats some stuff software. Cant the popular ones hide themselves from taskmanager and startup?

Im trying spybot, apparently it can detect them. Cheers.

[ThunderRiver]

Task Manager is not invincible. There are API out there that allow you to hide your process from Task Manager. What you need to do is mannually go through all the start up places, such as StartUp Folder, Registry Run folders (two locations.. one at USER.. and one at LOCAL_MACHINE), and Services.msc (check out services that start automatically).

Many advanced keylogger actually start in services.. and they are very stealthy even if you try to spot them in Task Manager

Finally, do you have any dongle attached to your Keyboard connection to your machien? Check that.. because you never know when someone physicaly attach a keylogger to your machine. if you hare USB keyboard, you are fine for now.

[Gary_Player]

Alot of keyloggers are hardware based too...i've seen atachments that go on USB and PS/2 keyboards as well as old ISA cards as well :s

[ThunderRiver]

Dang thats some stuff software.?

It is like Adam's apple.. I would rather eat the apple, have sex.. than run aruond with invisible cltohes in paradize.

[ThunderRiver]

Alot of keyloggers are hardware based too...i've seen atachments that go on USB and PS/2 keyboards as well as old ISA cards as well :s

Yeah I know.. I just mentioned that earlier.

I remember there were some news about some guy got indicted for keylogging from his ex-boss at some insurance company. It turns out that he was stupid enough to ask his female friend to retrieve the dongle for him ;)

[Ultra Frosty]

SC-Keylog can be deleted quite easy. There is a way in the command prompt to view hidden services that cannot be ever seen by the task manager. Then I went into the registry and found the random program folder it was in. The folder has a 3rd party encryption, and cannot be deleted without a password. Run a special hash program (im not telling what kind) and reverse the hash digits. Enter that as a password and your able to delete it.

[Osiris]

Ah well im pretty cluey to whats going on, im not a complete newb, ive scanned registry, have upto date firewall+anti virus just ran and updated spybot, I think its all good. Im pretty secure with my laptop at least.

Still now I have some research to do of my own. I dont get how a hardware keylogger works. Time to do some googling.

[Maxious]

i used to ahve a detector for rather simplistic keyloggers.. basically it just asks you to press a key and checks which programs write that letter to the hard drive at that time. doesn't work if they encrypt or buffer up keystrokes for later writing :p

google, its probably still around.

[Pink Floyd Veteran]

antivirus

ad-aware

kerio personnal firewall 2.1.5 to block all thingy that try to connect to internet

with that, you cannot be wrong...

[chacho]

well, if you get the plus/pro version of ad-aware, you can enable ad-watch -- a program that runs in real-time, and can detect anything that ad-aware would normally detect using the reference file.