margaf join:2000-12-22 Las Vegas, NV 1 edit |
to jaceg
Re: Does Totally Undetectable Keylogger Software Exist?said by jaceg:WOW ! OK ! One last time: How does someone detect and remove commercial keylogger software from their computer??? Anyone? This works for many, many commercial keyloggers, like spector. » www.emsisoft.com/en/edit: of course a hardware logger would most likely be undetectable to this software. |
|
tempnexus Premium Member join:1999-08-11 Boston, MA |
to jaceg
LOOK AT MY POST ON FIRST PAGE! |
|
jacegKeep'In An Eye Out For Ya Premium Member join:2000-08-12 Revere, MA |
jaceg
Premium Member
2010-Sep-6 4:24 pm
Many thanks to all who responded. |
|
|
to jaceg
said by jaceg:How does someone detect and remove commercial keylogger software from their computer??? You can't detect it. If you don't know the hotkey sequence and password to configure (and remove) it, you need to reinstall Windows. |
|
|
to jaceg
I don't know about key-loggers specifically (I haven't checked their web site lately), but I do know that Avast has a "scan at boot" function that works with 32-bit Windows (not 64-bit, unfortunately) and which can and will find and clean things that others won't. You might even be able to go a step further and boot this from CD or USB, if there is something to be gained by that. Avast has saved my bacon a couple of times now. It's free, too!
Currently I run five (yes, five!) separate anti-malware packages on our PCs at home - because I found out the hard way that just having three wasn't enough! I surf anywhere and everywhere quite recklessly (I try to avoid doing really stupid stuff, though), and on a regular basis one or another of these packages will kick in and zap something in mid-flight. For best protection you have to keep all these packages updated, though, which can be a pain. Maybe one day I will get around to automating all of that, as some of them still don't handle this themselves. |
|
|
to tempnexus
If it does that, I take back my comment about not being able to detect commercial keyloggers. |
|
1 recommendation |
to jaceg
said by jaceg:How does someone detect and remove commercial keylogger software from their computer??? You can also use psychological warfare relative to the person whom you suspect of installing it. If they are worried you are doing porn, visit lots of religious websites instead, with some Tea Party stuff thrown in. If they are trying to steal confidential company information, throw some red herrings their way. If they are trying to steal credit card info, punch in some random fake cards. Let them have fun trying to use it. If your wife thinks you are cheating, send some e-mails to your mom about how much you love your wife.... |
|
|
margaf join:2000-12-22 Las Vegas, NV |
to Bobcat79
Emsisoft AntiMalware also detects most commercial keyloggers. |
|
|
Bobcat79
Premium Member
2010-Sep-6 5:01 pm
said by margaf:Emsisoft AntiMalware also detects most commercial keyloggers. Didn't see that on their web site (but I didn't look very hard). |
|
margaf join:2000-12-22 Las Vegas, NV 2 edits |
margaf
Member
2010-Sep-6 5:02 pm
said by Bobcat79:said by margaf:Emsisoft AntiMalware also detects most commercial keyloggers. Didn't see that on their web site (but I didn't look very hard). I know it detects spector which is one that is whitelisted by many other antimalware programs, I think there is a list on the site soemwhere. They also detect alot of stuff others like malwarebytes do not, like cracks and such. Here is the list of stuff it detects » www.emsisoft.com/en/supp ··· malware/ |
|
jvmorrisI Am The Man Who Was Not There. MVM join:2001-04-03 Reston, VA |
to PX Eliezer704
Okay, I have a question for all (or at least many) of the respondents in this thread.
Is it really all that difficult to understand that the first part of the OP's initial query is: How does someone detect commercial keylogger software ...
Is there some problem in comprehending the meaning of the word detect?
The OP doesn't know that a keylogger is present, he's just trying to first ascertain if one is present. If found, I presume he'd like to know how to identify it. If identified he'd likely appreciate knowing if there's some way to remove it without nuking his drive.
It's a perfectly reasonable question, could we have a few (more) reasonable answers? |
|
jacegKeep'In An Eye Out For Ya Premium Member join:2000-08-12 Revere, MA |
jaceg
Premium Member
2010-Sep-6 5:16 pm
Finally! ! Thank You Joseph. |
|
jvmorrisI Am The Man Who Was Not There. MVM join:2001-04-03 Reston, VA |
Natch. |
|
|
to jvmorris
said by jvmorris:Is it really all that difficult to understand that the first part of the OP's initial query is: How does someone detect commercial keylogger software ...Is there some problem in comprehending the meaning of the word detect? Speaking for myself, I can only say that all of my responses in this thread have been serious and sincere. The thing is, the situation as portrayed has some ambiguous elements. Also, respectfully, what the OP actually said in his first post was as follows: said by jaceg:I have a friend who thinks Keylogging software might have been installed on his computer. His claim is that some advanced keylogging software is totally undetectable and cannot be removed with conventional antimalware/antivirus software programs. If this is true, I find it very disturbing that there is no effective means to protect yourself from this dangerous security threat. Any comments would be greatly appreciated. |
|
jacegKeep'In An Eye Out For Ya Premium Member join:2000-08-12 Revere, MA |
jaceg
Premium Member
2010-Sep-6 5:25 pm
Three threads from my initial post I clarified my question: "I'm looking for an effective detect and remove solution."
|
|
|
Bobcat79
Premium Member
2010-Sep-6 5:26 pm
And it appears you got at least two responses with programs that would detect and remove said software. Have you tried them yet? If not, why are you still complaining? |
|
jacegKeep'In An Eye Out For Ya Premium Member join:2000-08-12 Revere, MA |
jaceg
Premium Member
2010-Sep-6 5:30 pm
Calm down Bobcat PS: Christie was telling the truth. |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
to PX Eliezer704
said by PX Eliezer704:Speaking for myself, I can only say that all of my responses in this thread have been serious and sincere. ditto If it's a failure (whether perceived or real) with installed protection software, drilling down into registry is the next step. » msdn.microsoft.com/en-us ··· %29.aspxI don't recommend this step for anyone that isn't familiar with the possible failure of the OS to boot due to willy nilly register editing. |
|
tempnexus Premium Member join:1999-08-11 Boston, MA |
said by tempnexus:I used to use SPYCOP but now the dude who made spycop got into a fight with the co-owner (Marketing not the coder) so the original program that used to be spycop is called SpyReveal (Original Coder). GIve it a try, I got the lifetime license, the SPyCOp designer (coder) was nice enough to give everyone who used to own SPyCOP a free lifetime lic to SpyReveal. It's supposed to detect all SOFTWARE keyloggers including all the whitelisted commercial ones. » www.spyreveal.com/welcome HAve you TRIED THIS ONE??? This should suffice all of your initial questions. Try it out and let us know if it found anything. |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
Snowy
Premium Member
2010-Sep-6 5:53 pm
If it's a software solution the OP is looking for I'd include all the currently updated Anti_Trojans listed here » Security Software Updates - 06 Sep 2010 |
|
jacegKeep'In An Eye Out For Ya Premium Member join:2000-08-12 Revere, MA |
jaceg
Premium Member
2010-Sep-6 6:01 pm
I'm actually not going to run anything. I'll pass this information on to my friend and see if he would be willing to run some of the suggested software. I'll report back with his results. Thank You again everyone. I really do appreciate your honest and sincere responses. |
|
Jrb2 Premium Member join:2001-08-31 |
Jrb2 to jaceg
Premium Member
2010-Sep-6 7:20 pm
to jaceg
A side note, if I'm allowed, about SpyReveal: There are limitations on the trial version: » www.spyreveal.com/faqs#TrialI would also advise TrojanHunter (but, if I remember me well, the trial version only detects but does not clean). And definitely: go to » Security Cleanup and follow the steps there. |
|
VR LauraQueen Of Cyberspace Premium Member join:2002-02-10 NYC |
to jaceg
said by jaceg:I have a friend who thinks Keylogging software might have been installed on his computer. Ah, the mysterious "friend". I always wonder why these people never post themselves, even anonymously. Anyone care to guess? |
|
pnjunctionTeksavvy Extreme Premium Member join:2008-01-24 Toronto, ON |
to DownTheShore
said by DownTheShore:What on earth is he doing with that computer that he's so worried about a virtually undetectable keylogger? I'd be concerned about that on any computer I use. E-mail, financial and other accounts you log into would be compromised. Apparently someone was putting keyloggers on the windows boxes in the lab at my school (these were unmanaged boxes sitting in the lab for driving testing), as a result we were wary of logging into any online accounts on them. Anyways, I think it's almost arbitrarily hard to detect and arbitrarily hidden keylogger. On the extreme end someone could whip up a simple one themselves that wouldn't be detected by any software and hide it very well. Properly adminstrating the computer might be a solution. I'm no expert on this stuff, but if the users had limited access, wouldn't they then not be able to get anything to run while other accounts are logged in or mess with system files? This goes back to what some other people were talking about having accounts with passwords. Yes at this point it would require formatting the computer to start over properly. |
|
joako Premium Member join:2000-09-07 /dev/null |
to jvmorris
said by jvmorris:Okay, I have a question for all (or at least many) of the respondents in this thread. Is it really all that difficult to understand that the first part of the OP's initial query is: How does someone detect commercial keylogger software ... No, the OP asked about any keylogger and an anon poster came in and changed that to commercial keylogger. That terms specifically excludes a keylogger installed by e.g. a government agency which some antivirus vendors have stated they will not detect. |
|
DownTheShorePray for Ukraine Premium Member join:2003-12-02 Beautiful NJ |
to VR Laura
said by VR Laura:said by jaceg:I have a friend who thinks Keylogging software might have been installed on his computer. Ah, the mysterious "friend". I always wonder why these people never post themselves, even anonymously. Anyone care to guess? Actually, I've posted questions for friends /family who basically don't know which end of a computer is up (not to mention other mechanical devices - this particular friend has been driving a certain car for 11 years and didn't know about using the fresh air recycle on/off button). Those kind of folks will never search out this forum. |
|
DownTheShore |
to pnjunction
said by pnjunction:I'd be concerned about that on any computer I use. Yes, but the scenario we've been given didn't mention logging in on hotspots or using non-personal computers to access private accounts. It appears to be in reference to his own computer, which is why I was wondering why he would think that he would be targeted in the first place. Just basing upon my own experience, none of my family or friends who could possibly have acccess to my computer probably even know what a key logger is, much less install one. I guess my basic question is, is the possibility of a keylogger on that computer real, or are we just dealing with paranoia? If it's real, then a lot of people have already given some good advice here. If it isn't, then nothing we say is going to be believed anyway. |
|
|
secured655 to jaceg
Anon
2010-Sep-7 10:07 am
to jaceg
Here's a bit of info on keyloggers in general: » en.wikipedia.org/wiki/Ke ··· _loggingI used the term 'commercial' to identify a class of KL which is different from malware KL. Keyloggers delivered as payload in a malware scenario would likely be detected and dealt with using quality AV, anti-spyware, and antimalware available in the mainstream. As the OP indicated advance and undetectable, I used the term to exclude less sophisticated SW KL from my remarks.So gov't and law enforcement grade would be included in the commercial class, even though they would not be available to the general public (by my terminology). The free pass still applies to most KL which are developed by 'commercial' vendors independent of who is using them. Not just LE and gov't. Spyreveal may be a real contender in detecting commercial KL but, they never recovered (IMHO) from the controversy surrounding the split with spycop. Not to re-engage that discussion, but they could improve sales with the following: 1. Develop a new trial model. Perhaps to include 100% detection with cleanup only provided by the paid version. 2. Enhance the testimonials (which don't impress me anyway) with a readily available detection list and maybe some test results which demonstrate that the investment will pay off. I did a little checking at emsisoft, and was mildly impressed. I would have to see much more to know how much user decision is required to effectively block the KL's. I looked into one particular nasty, and found it to be categorized as adware. That is a very poor choice for a tag which the user sees. Now, I have firsthand experience with a commercial KL being delivered to my computer across the wires (in a real world experience not poc or palying with samples). It was at least kernel level and I believe it had a hypervisor component. That incident brought me to this forum. I spent 2 months with the KL resident trying an arsenal of software in an effort to identify the traces and signatures. Most importantly, I didn't suspect that I had a keylogger, I knew it. By incredible fortune, I stumbled across an absolutely unambiguous bit of data at the only moment that it existed. No alarms from security SW, just an informational entry in a log. The only symptom I ever experienced was system shutdown during certain user initiated application activity) after a plethera of settings were tightened extremely. Eventually, I ran out of time to investigate and rebuilt the system including destruction by dban and recovering the bios from a known clean floppy with the write protect lock enabled. Aurgathor, you are right about bios concerns and although I had the advantage of knowing some information, when trust in a system's integrity has eroded enough, you want to take no chances. Recovering the bios with an empty hard drive is a small step worth adding to ensure a clean system. My earlier advice regarding dban was based on actual experience, not simply a rational logical approach. If any security SW vendor had laid claim to detecting the KL resident on my system, I would have paid in a heartbeat. Emsisoft has that KL in its malware database today, but calling it adware undermines the severity of a program which logs keystrokes, mouseclicks, clipboard contents, webcam/mic streams, and beyond. Not adware by my choice of terms. The OP asked for advice in detecting very sophisticated SW which includes evading detection as part of its primary objective, and the good advice given throughout the thread has related to that question. |
|
ptrowskiGot Helix? Premium Member join:2005-03-14 Woodstock, CT 1 edit |
to jaceg
Did your "friend" ever mention WHY they thought the keylogger was potentially there? Also are they they "tin foil hat" type to think if a scanner doesn't pick one up it may be a super secret type of logger? EDIT-and not to be a stickler but your initial post wasn't asking for detection and removal methods, just in theory does one exist. |
|
AVDRespice, Adspice, Prospice Premium Member join:2003-02-06 Onion, NJ |
AVD to jaceg
Premium Member
2010-Sep-7 1:22 pm
to jaceg
said by jaceg:Three threads from my initial post I clarified my question: "I'm looking for an effective detect and remove solution."
The reality is that there aren't any that are 100% foolproof. |
|