How to detect a keylogger?
 

I have reason to believe I have a keylogger installed on one of my computers. Unlike spyware detectors I'm having a hard time finding a good free removal/detection tool. Does anyone know of any good ones, or a good way to search your system for a keylogger?

Look at the interface between your keyboard keys and the inside of your computer. As far as i know, most keyloggers are physical objects that are placed somewhere on the data path between your keyboard and your cpu. Look for something that doesn't seem like it needs to be there attached to your keyboard cord, inside your keyboard or inside your computer.

Ditto on the hardware but definitely scan for soft loggers. The big suites find some but are often coded around.

Ewido finds a few and can be tried for free. grisoft.com
Anti-Keylogger finds many. The free download will run for a few hours. http://www.anti-keyloggers.com/download.html
Snoopfree is completely free. http://www.snoopfree.com/download.htm

There are others. Many of the commercial versions are written by the same guys who write the loggers. :rolleyes:

As far as the software keyloggers go you can always check your running processes. hit control alt delete and see what everything is thats running and look each one up on google. should be between 26-50 running processes depending on what all you have autostarting on your computer. Takes a little time but its worth while if your really worried about it.

This would be a software logger, and I know it would be hidden from running processes. I'll try the downloads in a bit.

Run -> msconfig

Check out Services and Startup, uncheck anything that doesn't seem to be a valid source.

For software loggers,
I'd definitely check out Hijackthis - http://www.spywareinfo.com/~merijn/programs.php

Then run it and see if there's anything suspicious looking. If you have software to fight adware on your computer, run that first, it might pick up the keylogger.

Good luck,
keyshawn

I concur with this approach.

Some loggers are visible as processes, but those are the school project variety. The agressive loggers are either disguised as valid system services or patch into the kernel. They're essentially rootkits and tough to notice. Hopefully one or more scanners will either notice the fingerprint or provide some confidence the system is clean.

Best is to attach a suspect drive as a slave to a known clean box. Reduces chances of something getting under the radar. When someone is truly concerned (and it's sometimes warranted) I suggest reverting to a known safe image backup or reinstall. Depends on time vs. concern. If you reinstall that would be a great time to start making quickly restorable images for situations like this.

BTW, if you have trouble getting rid of any of the scanners boot in safe mode and try again. Some aren't the cleanest code you'll run into.

Just out of the curiousity, is this computer a work computer or home computer?

I second cyrnel, slave and scan. If you’re truly paranoid, just backup and reinstall windows. When ever I work on a client system I have questions about, I yank the hard drive and slave it in mine for a full scan, if I find anything, I make an image of the drive, then remove the problems, if it boots after, great, if not, I boot the system and try to remove it under the real system, if that fails I reinstall and restore the files from the image.