Ustwo

I have reason to believe I have a keylogger installed on one of my computers. Unlike spyware detectors I'm having a hard time finding a good free removal/detection tool. Does anyone know of any good ones, or a good way to search your system for a keylogger?

__________________
Agents of the enemies who hold office in our own government, who attempt to eliminate our "freedoms" and our "right to know" are posting among us, I fear.....on this very forum. - host

Obama - Know a Man by the friends he keeps.

filtherton

Look at the interface between your keyboard keys and the inside of your computer. As far as i know, most keyloggers are physical objects that are placed somewhere on the data path between your keyboard and your cpu. Look for something that doesn't seem like it needs to be there attached to your keyboard cord, inside your keyboard or inside your computer.

cyrnel

Ditto on the hardware but definitely scan for soft loggers. The big suites find some but are often coded around.

Ewido finds a few and can be tried for free. grisoft.com
Anti-Keylogger finds many. The free download will run for a few hours. http://www.anti-keyloggers.com/download.html
Snoopfree is completely free. http://www.snoopfree.com/download.htm

There are others. Many of the commercial versions are written by the same guys who write the loggers.

__________________
There are a vast number of people who are uninformed and heavily propagandized, but fundamentally decent. The propaganda that inundates them is effective when unchallenged, but much of it goes only skin deep. If they can be brought to raise questions and apply their decent instincts and basic intelligence, many people quickly escape the confines of the doctrinal system and are willing to do something to help others who are really suffering and oppressed." -Manufacturing Consent: Noam Chomsky and the Media, p. 195

Plaid13

As far as the software keyloggers go you can always check your running processes. hit control alt delete and see what everything is thats running and look each one up on google. should be between 26-50 running processes depending on what all you have autostarting on your computer. Takes a little time but its worth while if your really worried about it.

Ustwo

This would be a software logger, and I know it would be hidden from running processes. I'll try the downloads in a bit.

__________________
Agents of the enemies who hold office in our own government, who attempt to eliminate our "freedoms" and our "right to know" are posting among us, I fear.....on this very forum. - host

Obama - Know a Man by the friends he keeps.

feelgood

Run -> msconfig

Check out Services and Startup, uncheck anything that doesn't seem to be a valid source.

__________________
Looking out the window, that's an act of war. Staring at my shoes, that's an act of war. Committing an act of war? Oh you better believe that's an act of war

keyshawn

For software loggers,
I'd definitely check out Hijackthis - http://www.spywareinfo.com/~merijn/programs.php

Then run it and see if there's anything suspicious looking. If you have software to fight adware on your computer, run that first, it might pick up the keylogger.

Good luck,
keyshawn

__________________
currently reading:

currently playing :

kurty[B]

I concur with this approach.

cyrnel

Some loggers are visible as processes, but those are the school project variety. The agressive loggers are either disguised as valid system services or patch into the kernel. They're essentially rootkits and tough to notice. Hopefully one or more scanners will either notice the fingerprint or provide some confidence the system is clean.

Best is to attach a suspect drive as a slave to a known clean box. Reduces chances of something getting under the radar. When someone is truly concerned (and it's sometimes warranted) I suggest reverting to a known safe image backup or reinstall. Depends on time vs. concern. If you reinstall that would be a great time to start making quickly restorable images for situations like this.

BTW, if you have trouble getting rid of any of the scanners boot in safe mode and try again. Some aren't the cleanest code you'll run into.

__________________
There are a vast number of people who are uninformed and heavily propagandized, but fundamentally decent. The propaganda that inundates them is effective when unchallenged, but much of it goes only skin deep. If they can be brought to raise questions and apply their decent instincts and basic intelligence, many people quickly escape the confines of the doctrinal system and are willing to do something to help others who are really suffering and oppressed." -Manufacturing Consent: Noam Chomsky and the Media, p. 195

feelgood

Just out of the curiousity, is this computer a work computer or home computer?

__________________
Looking out the window, that's an act of war. Staring at my shoes, that's an act of war. Committing an act of war? Oh you better believe that's an act of war

Dilbert1234567

I second cyrnel, slave and scan. If you’re truly paranoid, just backup and reinstall windows. When ever I work on a client system I have questions about, I yank the hard drive and slave it in mine for a full scan, if I find anything, I make an image of the drive, then remove the problems, if it boots after, great, if not, I boot the system and try to remove it under the real system, if that fails I reinstall and restore the files from the image.

__________________
Donate Blood!

"Love is not finding the perfect person, but learning to see an imperfect person perfectly." -Sam Keen