Jump to content


Photo

Keyloggers - how do you know?


  • Please log in to reply
1 reply to this topic

#1 Dreifort

Dreifort

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 12 September 2007 - 12:18 PM

What are some things to look for or to check to see if a keylogger is present?

I have performed some computer cleaning for a client of mine and she informed me that her ex-husband put a keylogger on her desktop. She was approached by someone with knowledge of this and given many copies of generated emails sent to her husband showing information that she had typed on her desktop (apparently it emailed the data to him). She approached the FBI about since it had been going on for over 4 years.

While I used the normal methods of finding and removing any spyware or viruses on her computer a year ago - I was unable to detect the keylogger. When I came back to clean her computer again (a yr later) and with the knowledge a keylogger was present - I ended up wiping her computer HD clean and re-installing her OS. The FBI computer expert she talked to had mentioned this was the best way to remove a keylogger.

While I am not disagreeing with the FBI agent, surely there is an easier way to detect and remove keyloggers without wiping a HD clean? The agent mentioned to her something along the lines of **blaster for the keylogger name. She couldn't remember.

Any ideas how to detect if a keylogger is present on future computers I come across? Also, is it normal for keyloggers to behidden from detection common programs such as Task Mgr or Hijackthis, or popular AV programs, etc?

Thanks.

#2 Rob in NH

Rob in NH

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 23 January 2008 - 10:59 PM

Aside from knowing all of the .exe names that "should" show up in the process window research what each one IS and find out where and what keylogger is installed.. once you find out what one is the logger try killing it.. then try removing it by installing your own (with a new password right over the old one) then un-installing it..

note that some programs like that do not show up in the MS version of the processor list so use HiJackThis to see whats hidden..

Rob

Edited by Rob in NH, 23 January 2008 - 11:00 PM.





Member of UNITE
Support SpywareInfo Forum - click the button