Jump to content

Keyloggers - how do you know?


Recommended Posts

What are some things to look for or to check to see if a keylogger is present?

I have performed some computer cleaning for a client of mine and she informed me that her ex-husband put a keylogger on her desktop. She was approached by someone with knowledge of this and given many copies of generated emails sent to her husband showing information that she had typed on her desktop (apparently it emailed the data to him). She approached the FBI about since it had been going on for over 4 years.

While I used the normal methods of finding and removing any spyware or viruses on her computer a year ago - I was unable to detect the keylogger. When I came back to clean her computer again (a yr later) and with the knowledge a keylogger was present - I ended up wiping her computer HD clean and re-installing her OS. The FBI computer expert she talked to had mentioned this was the best way to remove a keylogger.

While I am not disagreeing with the FBI agent, surely there is an easier way to detect and remove keyloggers without wiping a HD clean? The agent mentioned to her something along the lines of **blaster for the keylogger name. She couldn't remember.

Any ideas how to detect if a keylogger is present on future computers I come across? Also, is it normal for keyloggers to behidden from detection common programs such as Task Mgr or Hijackthis, or popular AV programs, etc?

Thanks.

Link to post
Share on other sites

Hi and welcome :P.

I both appreciate and applaud your enthusiasm to learn more about the subject matter of this topic. However the discussion of detection/removal methodology of specific malware is not for the general public, as this will be revealing to the purveyors of malware what is used.

If you have a genuine interest to learn more the best advice I can give is to sign up with one of the Malware Removal training schools listed here.

Link to post
Share on other sites

  • Root Admin

Well I won't go into detail on HOW to find them but for most general ones Malwarebytes should be able to detect it.

There are other types though that are not dependent on the OS and you can format the drive and they will still work fine.

I would do some searching on Google to find the answer as it's out there, they would rather not share that information here though.

Thanks for your understanding.

Link to post
Share on other sites

Keyloggers are used often by spouses to spy on the other and also by parents to see what the child is up to on the www. I find a just a tad hard to believe that you are in the business of removal and don't know about keyloggers or how to detect them. :P

Link to post
Share on other sites

Since I'm not actually helping do anything, instead, I had a couple of questions as I read replies. I'm not bashing, just curious. That said, Dakeyras, I am not picking on you, just asking as part of what you stated... :P

However the discussion of detection/removal methodology of specific malware is not for the general public, as this will be revealing to the purveyors of malware what is used.

I am trying to word this as not to sound bad, because I certainly don't mean it that way. I am questioning this answer though.

One, I don't understand how this could not be for the general public, I can send my 9 year old on Google and he can find means to use and remove keyloggers in 5 min. The detection methods are numerous, some questionable, but very easy to find, and legal. And once again, I mean no offense but those who distribute baddies, are typically one step ahead of anyone who has to do with security, they wait for US to catch up, then they have 3 new methods of distributing bad stuff by then. Anything we know, they do to.

So once again, I am not slamming your answer, but wondering if there is a reason for this specific question being dodged is all. Perhaps a Malwarebytes policy or something.

Thanks ;)

Paul

Link to post
Share on other sites

Both a fair comment and query Paul and one I will attempt a answer that explains my initial reply in this topic :(.

However the discussion of detection/removal methodology of specific malware is not for the general public, as this will be revealing to the purveyors of malware what is used.

I was hoping this was self explanatory enough without being evasive ;). Ok a example with a fictitious type of malware.

I will call it Woolly Mammoth 10 Robotic Access Before Dakeyras or WM10/Bot-BD for short. This has been recently created by nefarious types as a backdoor exploitation that among other things harvests personal information via keystrokes. End result being a individuals personal information if they use internet access for say a form of online banking is compromised.

The ramifications could get worse and even to identity fraud which can have obvious consequences. Plus for example without consent or knowledge a personal computer becomes part of a Zombie network and is used to pass along more malware and infect other computers online etc. By say means of a medium of communication such as Instant Messengering or Email. Also these types of malware infections often morph into to something else, have stealth characteristics and download/install more of their malware friends.

When first identified be it by a AV/AS vendor or by a helper in one of the various ASAP forums etc it proves to be quite pernicious and often appears to be eradicated but in-fact it isn't. A new method of detection is devised and a specific tool to both detect and remove is developed and often updated by the developer, with many man hours devoted to this. Now it would not be good practice to reveal how said detection/removal is implemented or what is used in the aforementioned removal application as this would defeat the object and end result the malware purveyors keep one step ahead with their criminal activities.

Also there are many Experts in this forum and others of this genre who have spent years of their free time helping to combat malware and trained to do so. I think personally it would be downright unfair and a insult to reveal specific methodology. I agree a lot of information can be found via using a browser search engine such as Google and also a lot of rubbish with the possible end result being the unwitting use of a rogue application that exploits a system and installs malware. I hope this explains Paul, any other questions feel free to ask and I will answer them if able :(. (And yes I do have Woolly Mammoth's on the brain :P).

Link to post
Share on other sites

Thanks for the reply :P I understand about malware detection methods and have no issue with such but with keyloggers specifically. The detection methods are quite open to the public and for the slightly more savvy perhaps some simple tools will tell you if there is a keylogger or not, then yes, there are others. The time I would think to not divulge information is if someone is at a work place and keylogging is considered to keep track of activities that shouldn't be going on, then again, if there was a good IT and such, they wouldn't have access to means to find a keylogger anyway. Not all keyloggers are malware or considered as such. Like with anything, keyloggers are not bad in themselves if used for the RIGHT reasons, but anything can be used for ill intent.

So as I read this, it seems that keyloggers are being classified as malware. Not all of them are, there are some keyloggers dropped with harmful intent, fine, but if your firewall is used against you say to conceal logs, is it malware?

As well, you said

Also there are many Experts in this forum and others of this genre who have spent years of their free time helping to combat malware and trained to do so. I think personally it would be downright unfair and a insult to reveal specific methodology

I don't recall that being asked, simply how you can tell if there is a keylogger on a system. That's not a dig at the underground, that's a question many ask and there are many methods that are not "revealing information" in order to do this.

Also

I agree a lot of information can be found via using a browser search engine such as Google and also a lot of rubbish with the possible end result being the unwitting use of a rogue application that exploits a system and installs malware

That wasn't my point though. The point was, it's not at all concealed as to how to find and remove or even use a keylogger. So using your above statement, wouldn't it be better to point out 5 known good tools for eg... than letting a user browse for something that may in fact lead to this?

After re-reading, I don't think the person was asking for the malware fighters to release some secret info, I think it was a simple question and could have been answered without revealing specific methods that are used by malware fighters.

But anyway, thanks for the feedback ;) The above said, I'll leave it there and understand where you are coming from too.

Thanks again Dakeyras,

Paul

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.