Keylogger

[Godric]

Yes you could if you could find the process. A lot of keyloggers hide at the rootkit level, so finding the process is sometimes difficult, as it can either be hooked into something else like the acpi drivers, for example.

Any ideas on how to trace the process for the keylogger? Is there like a reference for the names of those programs or symptoms so that we know there is a keylogger on our computer?

[Acronix]

Yes you could if you could find the process. A lot of keyloggers hide at the rootkit level, so finding the process is sometimes difficult, as it can either be hooked into something else like the acpi drivers, for example.

I see. Yeah, finding it could be a lot of work. Thanks for the info.

[Godric]

I did a bit of digging and the person on this reference talks about booting from a known safe - CD image and then having to manually scan for anything suspicious. His recommended tools are chkrootkit and debsums.

Credits to source.

[jschuhr]

I did a bit of digging and the person on this reference talks about booting from a known safe - CD image and then having to manually scan for anything suspicious. His recommended tools are chkrootkit and debsums.

Credits to source.

The concept and philosophy of this is sound; happy hunting.

[scotty]

rootkit hunter is good as well. Basically if you think the keylogger is operating at a rootkit level, the best thing you can do is to boot outwith the operating system, then run a virus scan. The easiest way to do this is through a Live CD. It bypasses the controls set b the OS protecting the Keylogger /Rootkit, so you have a better chance of finding it.

If you wan to find it running, do not do this! To get it running, like I said look through all your processes. Commonly, in Windows at least, they will hid in svchost, or something that looks legitimate. Using somethign like process explorer by sys internals, which can help you varify processes would work. For linux, you would have to use...I don't know. Basically your own knowledge. Trial and error. Try shutting down certain threads, and see what happens in the run time.

Using a disk like Hirens Boot CD over a straight linux live CD in a windows Machine would also be advised. As you can go in and disable things running at start up, from the LiveCD. Meaning, if it is running at rootkit level, you can disable it, restart into windows and then re-mediate from there.

[Darwin]

Great and detailed post. I would do it as Scotty said. Another method you might want to consider assuming it is still in windows is to use safe mode. Just reboot your windows and switch to safe mode then manually delete/uninstall that keylogger. If anyone can teach us how to do it in Linux, it would be a great help.

The first thing I did when I smelled a RAT was to use my wireless keyboard then used this program http://www.blazingtools.com/antispy.html

[dogma68]

Best way to detect key loggers is with the task manager. I have used it before in my online gaming days >=) but that was like 8 years ago so i am not sure if the key logger programs have evolved or what.

[Famous]

I use Security Task Manger to find my virus and end task. Link - http://www.neuber.com/taskmanager/

[keylogger]

i have also used keylogger software because of computer security from outsiders

[GGGuardian]

Check your outgoing connections and see if any data is being sent to a unknown source. If so you can easily block the connection or you can try and find where the logger is hiding on your computer and attempt to remove yourself. If unable to find try and find some sort of anti-virus to run a system scan to help look more thoroughly.