Keyloggers.

[Northerner]

I'm interested in getting some information, and advice, about keyloggers.

I have tried, recently, to get information from different sources, but feel I have been given contradictory advice.

I understand that one method of putting a software keylogger on another computer is by sending an email with an attachment. Then, of course, the attachment needs to be opened for the keylogger to operate. The process would not appear to be a difficult task for an individual with some knowledge.

I think I may have a software keylogger on my PC. I could be wrong but I would like to get a definite answer. My questions are;-

1) How easy is it to find a software keylogger once it is on a PC?

2) Does it make sense to go to some kind of forensic computer specialist rather than someone whose abitity, with computers, is of a more general nature?

3)If one decides to go to a specialist, and none are close at hand, is it possible to simply send the hard drive after having extracted it from the PC?

4) Has anyone further information, of any kind, such as other Internet forums or sources where I might get useful information? I live in the UK.

[hazelnut]

What makes you think you may have a keylogger installed?

 

Don't forget that sometimes an anti-virus program with a behaviour blocker or HIPS capability, can give you a popup saying they have detected keylogger type behaviour and name the 'suspect'

 

Sometimes the program they flag has keylogger type features (such as a screen capture program) and is a legitimate program which, if you got from a trusted source, you can stop worrying about.

 

If however you are really getting worried about this go to a Malware Removal forum, tell them your circumstances, and take it from there

 

See here for list...

 

http://forum.pirifor...showtopic=34786

[login123]

Scooped by Hazelnut.

 

Just my opinion, but I think that issue is pretty complicated, no generic answers are dependable, it needs a specific analysis of that computer.

[Northerner]

What makes you think you may have a keylogger installed?

 

Don't forget that sometimes an anti-virus program with a behaviour blocker or HIPS capability, can give you a popup saying they have detected keylogger type behaviour and name the 'suspect'

 

Sometimes the program they flag has keylogger type features (such as a screen capture program) and is a legitimate program which, if you got from a trusted source, you can stop worrying about.

 

If however you are really getting worried about this go to a Malware Removal forum, tell them your circumstances, and take it from there

 

See here for list...

 

http://forum.pirifor...showtopic=34786

What makes me think i may have a keylogger on my PC?

I would type the name of a person,or subject, into Google and then I would receive an email that came from someone with the same name. At other times the same name would appear, as a new member, on a couple of Internet forums I sometimes post on. This did not happen every day but, in my view, happened far too often to be simply put down as chance!

I have Avast anti-virus and have not had any kind of false positive warnings mentioning keyloggers.

[Northerner]

Scooped by Hazelnut.

 

Just my opinion, but I think that issue is pretty complicated, no generic answers are dependable, it needs a specific analysis of that computer.

Thanks to you and Hazelnut for the replies.

But this is what I mean by contradictory information. You seem to be saying that the process of finding a keylogger, once inslalled, is a much more complicated process than Hazelnut is suggesting. That is why I asked questions 1 and 2 in my opening post.

As far as question 3 is concerned I heard somewhere (probably wrongly) that a computer hard drive deteriorates, over time, if removed from the machine. Obviously if I wanted to go to a specialist it would be much easier to send the hard drive only

I am aware that it is possible to imagine problems, but given the fact it does not appear to be.unduly difficult to install a keylogger I find it difficult to understand why some regard this as a remote possibility.

Lastly, I have opened email attachments, despite having doubts, on more than one occasion, and I realise if a keylogger is installed then my posts, to the CCleaner Forum, will show.

[hazelnut]

My advice would still be to get your machine checked by one of the malware removal forums. That is all they deal with on a day to day basis and therefore are quite skilled in it.

 

A computer repair shop, although good, does not specialise in this sort of thing.

 

Also how do you connect to the internet? Hardware router? What sort of security setting does it have? Is it locked with a password of YOUR choice or just the default admin and password settings?

 

Have you changed all email passwords ? (do this from a clean machine)

 

What operating system do you run?

[login123]

Thanks to you and Hazelnut for the replies.

But this is what I mean by contradictory information. You seem to be saying that the process of finding a keylogger, once inslalled, is a much more complicated process than Hazelnut is suggesting. That is why I asked questions 1 and 2 in my opening post.

As far as question 3 is concerned I heard somewhere (probably wrongly) that a computer hard drive deteriorates, over time, if removed from the machine. Obviously if I wanted to go to a specialist it would be much easier to send the hard drive only

I am aware that it is possible to imagine problems, but given the fact it does not apear to be.unduly difficult to install a keylogger I find it difficult to understand why some regard this as a remote possibility.

Lastly, I have opened email attachments, despite having doubts, on more than one occasion, and I realise if a keylogger is installed then my posts, to the CCleaner Forum, will show.

 

I must not keep posting after Hazelnut, she's the expert, I just sort of hang around here.

But I will say a couple of things, just to clarify and maybe help a bit.

 

I don't think anyone is suggesting that a keylogger is uncomplicated. Hazelnut knows that if you go to any of the forums recommended in that linked topic, they can diagnose even complicated issues, and if it is necessary to take your machine to a shop they will suggest that.

 

Also, there are snooper type applications that do not reside on your hard drive. Those experts at those other forums would recognize the signs of them. Too involved to discuss here, and I'm no expert anyhow.

 

And, thanks for the information...I didn't know that a hard drive would deteriorate like that. Gotta google that and check out all the old HDs I have boxed up here.

[Northerner]

My advice would still be to get your machine checked by one of the malware removal forums. That is all they deal with on a day to day basis and therefore are quite skilled in it.

 

A computer repair shop, although good, does not specialise in this sort of thing.

 

Also how do you connect to the internet? Hardware router? What sort of security setting does it have? Is it locked with a password of YOUR choice or just the default admin and password settings?

 

Have you changed all email passwords ? (do this from a clean machine)

 

What operating system do you run?

I will take your advice and go to one of the forums you mention.

As far as the router is concerned it is a physical (hardware) object called the British Telecom (BT) Home Hub 2.0. I assume the security settings are "the default admin. and password settings".

The operating system is Windows XP.

I will change my email passwords from another machine. Of course, for me, the most important fact was that I received several emails from someone who was using a name I had recently typed into Google. If my machine does have a keylogger, on board, I am fairly certain it has been installed by someone I know, and that bothers me.

Last, if a keylogger is found is it possible to establish the identity of the installer?

[dvdbane]

Last, if a keylogger is found is it possible to establish the identity of the installer?

probably not possible

usually the installer will be downloaded into temp directory which will be deleted after executing the install to cover their traces

[Alan_B]

What makes me think i may have a keylogger on my PC?

I would type the name of a person,or subject, into Google and then I would receive an email that came from someone with the same name.

That is weak evidence for a keylogger.

Whatever you type into Google is sent along with your IP address and comprehensive browser and computer information to whatever link you click on,

and all this information travels, possibly via unsecured http protocol through your ISP,

and may also be broadcast to your neighbours via the Wireless capability of your B.T. Router.

 

I have also read that a router can be hacked via the Internet, but I do not remember the capabilities.

[Northerner]

That is weak evidence for a keylogger.

Perhaps I should have emphasised that these "odd" events happened much more often on Internet forums/message boards.

I would type something into Google and the same name/word would appear, as a new member, on forums I visited.

This happened with quite a number of names, or words, over a considerable period of time.

I do not believe my evidence is weak but, even if that is the case, I said in my OP I said that all I wanted was a definite answer. I don't see what the problem is with that unless the process of finding a keylogger is very difficult, time-consuming, and can lead to a result that does not give a clear, and unambigous, answer.

I suspect that may sometimes be the case.

.

[Northerner]

I don't think anyone is suggesting that a keylogger is uncomplicated. Hazelnut knows that if you go to any of the forums recommended in that linked topic, they can diagnose even complicated issues, and if it is necessary to take your machine to a shop they will suggest that.

 

Also, there are snooper type applications that do not reside on your hard drive. Those experts at those other forums would recognize the signs of them. Too involved to discuss here, and I'm no expert anyhow.

 

And, thanks for the information...I didn't know that a hard drive would deteriorate like that. Gotta google that and check out all the old HDs I have boxed up here.

Altho' I was told that I am far from certain a hard drive will deteriorate. I was asking a question, not making a statement of fact.

Perhaps someone here does know the answer.

[Alan_B]

Altho' I was told that I am far from certain a hard drive will deteriorate. I was asking a question, not making a statement of fact.

Perhaps someone here does know the answer.

Files may well be corrupted if you put the HDD into your pocket and forget to remove it before going through a M.R.I. exam at the hospital.

Otherwise I think the only problem with removing the HDD from the computer is that it is more likely to be knocked off a desk and damaged.

[Derek891]

Hello Northerner. I think Alan_B touched on a possibility other than a keylogger. Do you use a Wi-Fi router or a hard wired router? I ask because there is software called a "packet sniffer" that can collect all the data packets that are sent and received by a Wi-Fi router. Then another piece of software can be used to "crack" the encryption that is used. From what I understand, WEP encryption is easily cracked and can be done quickly. WPA encryption requires more expertise on the part of the hacker, more sophisticated software, and more time, but can be done. Because Wi-Fi signals travel a very limited distance, only someone living very close to you can do this.

 

It might be a good idea to change or upgrade your router's encryption settings, especially if you are using WEP. It would also be a good idea to change your router's PIN code, since this is used as a key in some forms of encryption. This is only a temporary solution, because a determined hacker would crack the new encryption after collecting a new batch of packets to analyze. Of course, using a hardwired connection would eliminate the security problems of Wi-Fi entirely.

Good luck. And remember, just because you're paranoid doesn't mean that people aren't watching you.

 

edited out some keylogger advice as under forum rules malware removal advice is not allowed on forum~hazelnut

[Andavari]

How I set up and restricted my Wi-Fi was by me having to manually input all of the MAC addresses of any device that can use my connection, such as my PS3, Amazon Kindle, etc., and it doesn't broadcast its availability, and no device is automatically given access which is how most ISPs have Wi-Fi set up to make them "easier to use/connect with". Of course doing this makes it more of a pain to use new devices on it, but also at the same time I never have people or random devices using my connection without my knowledge.

[nikki605]

How I set up and restricted my Wi-Fi was by me having to manually input all of the MAC addresses of any device that can use my connection, such as my PS3, Amazon Kindle, etc., and it doesn't broadcast its availability, and no device is automatically given access which is how most ISPs have Wi-Fi set up to make them "easier to use/connect with". Of course doing this makes it more of a pain to use new devices on it, but also at the same time I never have people or random devices using my connection without my knowledge.

I have much the same router setup as you, but with one difference. When I was setting up my wife's new Kindle Paper White, it would not connect unless I changed the option to broadcast the SSID, which I had turned off. It was a while ago, but if I remember correctly, when I tried to setup the Wi-Fi connection in the Paper White, there was no place to manually enter the SSID. It relied only on the networks it detected on it's own. Maybe there is a difference between the Kindle Tablet and the Paper White.

[Andavari]

The old/original Kindle had in it's settings dialog a way to view the MAC address, in newer models that doesn't exist and not even Amazon.com can assist with that.

 

So what I did was temporarily lower my WiFi security so it could automatically connect and only then could I see the MAC address and luckily it said in my modem settings dialog that it was a Kindle Fire to make life easier. After I had the MAC address I reinitialized my preferred security settings, and then manually inputted the Kindle Fire HD's MAC address as a trusted device.

[nikki605]

I can view the mac address on the Paper White. No problem there. That's how I got it in the first place to enter it in the router as an allowed device.

 

But this is what happens after establishing a successful Wi-Fi connection:

 

Put the Paper White in Airplane mode (turns off Wi-Fi)

Turn off SSID broadcast in the router

Take the Paper White out of Airplane mode (turns on Wi-Fi)

The Paper white no longer sees my network and finds nothing to connect to

Put the Paper White back in Airplane mode (turns off Wi-Fi)

Turn on SSID broadcast in the router

Take the Paper White out of Airplane mode (turns on Wi-Fi)

The Paper White sees my Wi-Fi network and connects

 

Because of the way the Paper White operates, I have to leave SSID broadcast enabled in my router.

[Andavari]

Because of the way the Paper White operates, I have to leave SSID broadcast enabled in my router.

 

Something to play around with I suppose, I hate configuring networks especially when something isn't working. The Kindle Fire HD with my modem works fine without broadcasting the SSID.

[hazelnut]

Northerner if you are still interested in looking at anti-keyloggers then you could always take a look at spyshelter

 

http://www.spyshelter.com/description

 

The free version only supports 32bit.

 

http://www.spyshelter.com/download-spyshelter

 

I did give it a run a while back.

[Andavari]

I thought antivirus software could detect the presence of keyloggers (Avira AntiVir comes to mind).

[Northerner]

I got my knuckles rapped for introducing a second thread on keyloggers.

I did so because I felt the first thread was, to a certain extent, drifting away from the original questions I asked. Having said that, I think it is natural,and inevitable, that some threads develop, in this way, and I have no complaints about the process.

I will take hazelnut's advice and have a look at SpyShelter. I'm also interested in hearing opinions about any other anti-keylogger programmes such as KeyScrambler.

As far as antivirus software detecting the presence of keyloggers the impression I have always had is that some keyloggers can be found whilst others are too sophisticated for basic antivirus software. Is that an accurate assessment of the situation?

[Andavari]

I got my knuckles rapped for introducing a second thread on keyloggers.

I did so because I felt the first thread was, to a certain extent, drifting away from the original questions I asked. Having said that, I think it is natural,and inevitable, that some threads develop, in this way, and I have no complaints about the process.

 

Should you ever feel that happening to one of your threads you need only add in a post saying:

Can we please stay on topic!

 

_________________________

 

I know very little about keylogger detection, but then again I'm also not downloading any questionable software I'm unfamiliar with. I use a combo of antivirus along with Malwarebytes Anti-Malware.

Edited September 13, 2013 by Andavari

[hesterl123]

When you feel you attacked by a keylogger, is your computer aways running? If so, you may check if there is " /var/log/kernel.log", if there is, you may sneak attacked by keyloggers.

 

You also can install an anti-keylogger softwarel to check if there is a keylogger on your PC.

Before you sure the problem, recommend you change your important password with virtual keyboad which can not be recorded by keylogger.