dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
28141
margaf
join:2000-12-22
Las Vegas, NV

1 edit

margaf to jaceg

Member

to jaceg

Re: Does Totally Undetectable Keylogger Software Exist?

said by jaceg:

WOW ! OK !

One last time:

How does someone detect and remove commercial keylogger software from their computer???

Anyone?

This works for many, many commercial keyloggers, like spector.

»www.emsisoft.com/en/

edit: of course a hardware logger would most likely be undetectable to this software.

tempnexus
Premium Member
join:1999-08-11
Boston, MA

tempnexus to jaceg

Premium Member

to jaceg
LOOK AT MY POST ON FIRST PAGE!

jaceg
Keep'In An Eye Out For Ya
Premium Member
join:2000-08-12
Revere, MA

jaceg

Premium Member

Many thanks to all who responded.
Bobcat79
Premium Member
join:2001-02-04

Bobcat79 to jaceg

Premium Member

to jaceg
said by jaceg:

How does someone detect and remove commercial keylogger software from their computer???
You can't detect it. If you don't know the hotkey sequence and password to configure (and remove) it, you need to reinstall Windows.
scross
join:2002-09-13
USA

scross to jaceg

Member

to jaceg
I don't know about key-loggers specifically (I haven't checked their web site lately), but I do know that Avast has a "scan at boot" function that works with 32-bit Windows (not 64-bit, unfortunately) and which can and will find and clean things that others won't. You might even be able to go a step further and boot this from CD or USB, if there is something to be gained by that. Avast has saved my bacon a couple of times now. It's free, too!

Currently I run five (yes, five!) separate anti-malware packages on our PCs at home - because I found out the hard way that just having three wasn't enough! I surf anywhere and everywhere quite recklessly (I try to avoid doing really stupid stuff, though), and on a regular basis one or another of these packages will kick in and zap something in mid-flight. For best protection you have to keep all these packages updated, though, which can be a pain. Maybe one day I will get around to automating all of that, as some of them still don't handle this themselves.
Bobcat79
Premium Member
join:2001-02-04

Bobcat79 to tempnexus

Premium Member

to tempnexus
said by tempnexus:

It's supposed to detect all SOFTWARE keyloggers including all the whitelisted commercial ones.
»www.spyreveal.com/welcome
If it does that, I take back my comment about not being able to detect commercial keyloggers.
PX Eliezer704
Premium Member
join:2008-08-09
Hutt River

1 recommendation

PX Eliezer704 to jaceg

Premium Member

to jaceg
said by jaceg:

How does someone detect and remove commercial keylogger software from their computer???
You can also use psychological warfare relative to the person whom you suspect of installing it.

If they are worried you are doing porn, visit lots of religious websites instead, with some Tea Party stuff thrown in.

If they are trying to steal confidential company information, throw some red herrings their way.

If they are trying to steal credit card info, punch in some random fake cards. Let them have fun trying to use it.

If your wife thinks you are cheating, send some e-mails to your mom about how much you love your wife....
margaf
join:2000-12-22
Las Vegas, NV

margaf to Bobcat79

Member

to Bobcat79
Emsisoft AntiMalware also detects most commercial keyloggers.
Bobcat79
Premium Member
join:2001-02-04

Bobcat79

Premium Member

said by margaf:

Emsisoft AntiMalware also detects most commercial keyloggers.
Didn't see that on their web site (but I didn't look very hard).
margaf
join:2000-12-22
Las Vegas, NV

2 edits

margaf

Member

said by Bobcat79:

said by margaf:

Emsisoft AntiMalware also detects most commercial keyloggers.
Didn't see that on their web site (but I didn't look very hard).
I know it detects spector which is one that is whitelisted by many other antimalware programs, I think there is a list on the site soemwhere. They also detect alot of stuff others like malwarebytes do not, like cracks and such.

Here is the list of stuff it detects
»www.emsisoft.com/en/supp ··· malware/

jvmorris
I Am The Man Who Was Not There.
MVM
join:2001-04-03
Reston, VA

jvmorris to PX Eliezer704

MVM

to PX Eliezer704
Okay, I have a question for all (or at least many) of the respondents in this thread.

Is it really all that difficult to understand that the first part of the OP's initial query is:
How does someone detect commercial keylogger software ...

Is there some problem in comprehending the meaning of the word detect?

The OP doesn't know that a keylogger is present, he's just trying to first ascertain if one is present.
If found, I presume he'd like to know how to identify it.
If identified he'd likely appreciate knowing if there's some way to remove it without nuking his drive.

It's a perfectly reasonable question, could we have a few (more) reasonable answers?

jaceg
Keep'In An Eye Out For Ya
Premium Member
join:2000-08-12
Revere, MA

jaceg

Premium Member

Finally! !

Thank You Joseph.

jvmorris
I Am The Man Who Was Not There.
MVM
join:2001-04-03
Reston, VA

jvmorris

MVM

Natch.
PX Eliezer704
Premium Member
join:2008-08-09
Hutt River

PX Eliezer704 to jvmorris

Premium Member

to jvmorris
said by jvmorris:

Is it really all that difficult to understand that the first part of the OP's initial query is:
How does someone detect commercial keylogger software ...

Is there some problem in comprehending the meaning of the word detect?
Speaking for myself, I can only say that all of my responses in this thread have been serious and sincere.

The thing is, the situation as portrayed has some ambiguous elements.

Also, respectfully, what the OP actually said in his first post was as follows:
said by jaceg:

I have a friend who thinks Keylogging software might have been installed on his computer.

His claim is that some advanced keylogging software is totally undetectable and cannot be removed with conventional antimalware/antivirus software programs.

If this is true, I find it very disturbing that there is no effective means to protect yourself from this dangerous security threat.

Any comments would be greatly appreciated.

jaceg
Keep'In An Eye Out For Ya
Premium Member
join:2000-08-12
Revere, MA

jaceg

Premium Member

Three threads from my initial post I clarified my question:

"I'm looking for an effective detect and remove solution."

Bobcat79
Premium Member
join:2001-02-04

Bobcat79

Premium Member

And it appears you got at least two responses with programs that would detect and remove said software. Have you tried them yet? If not, why are you still complaining?

jaceg
Keep'In An Eye Out For Ya
Premium Member
join:2000-08-12
Revere, MA

jaceg

Premium Member

Calm down Bobcat

PS: Christie was telling the truth.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy to PX Eliezer704

Premium Member

to PX Eliezer704
said by PX Eliezer704:

Speaking for myself, I can only say that all of my responses in this thread have been serious and sincere.
ditto
If it's a failure (whether perceived or real) with installed protection software, drilling down into registry is the next step.

»msdn.microsoft.com/en-us ··· %29.aspx

I don't recommend this step for anyone that isn't familiar with the possible failure of the OS to boot due to willy nilly register editing.

tempnexus
Premium Member
join:1999-08-11
Boston, MA

tempnexus

Premium Member

said by tempnexus:

I used to use SPYCOP but now the dude who made spycop got into a fight with the co-owner (Marketing not the coder) so the original program that used to be spycop is called SpyReveal (Original Coder).

GIve it a try, I got the lifetime license, the SPyCOp designer (coder) was nice enough to give everyone who used to own SPyCOP a free lifetime lic to SpyReveal. It's supposed to detect all SOFTWARE keyloggers including all the whitelisted commercial ones.
»www.spyreveal.com/welcome
HAve you TRIED THIS ONE???

This should suffice all of your initial questions.
Try it out and let us know if it found anything.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy

Premium Member

said by tempnexus:

HAve you TRIED THIS ONE???
If it's a software solution the OP is looking for I'd include all the currently updated Anti_Trojans listed here
»Security Software Updates - 06 Sep 2010

jaceg
Keep'In An Eye Out For Ya
Premium Member
join:2000-08-12
Revere, MA

jaceg

Premium Member

I'm actually not going to run anything.

I'll pass this information on to my friend and see if he would be willing to run some of the suggested software.

I'll report back with his results.

Thank You again everyone. I really do appreciate your honest and sincere responses.
Jrb2
Premium Member
join:2001-08-31

Jrb2 to jaceg

Premium Member

to jaceg
A side note, if I'm allowed, about SpyReveal:
There are limitations on the trial version:
»www.spyreveal.com/faqs#Trial

I would also advise TrojanHunter (but, if I remember me well, the trial version only detects but does not clean).

And definitely: go to »Security Cleanup and follow the steps there.

VR Laura
Queen Of Cyberspace
Premium Member
join:2002-02-10
NYC

VR Laura to jaceg

Premium Member

to jaceg
said by jaceg:

I have a friend who thinks Keylogging software might have been installed on his computer.
Ah, the mysterious "friend".

I always wonder why these people never post themselves, even anonymously. Anyone care to guess?

pnjunction
Teksavvy Extreme
Premium Member
join:2008-01-24
Toronto, ON

pnjunction to DownTheShore

Premium Member

to DownTheShore
said by DownTheShore:

What on earth is he doing with that computer that he's so worried about a virtually undetectable keylogger?
I'd be concerned about that on any computer I use. E-mail, financial and other accounts you log into would be compromised. Apparently someone was putting keyloggers on the windows boxes in the lab at my school (these were unmanaged boxes sitting in the lab for driving testing), as a result we were wary of logging into any online accounts on them.

Anyways, I think it's almost arbitrarily hard to detect and arbitrarily hidden keylogger. On the extreme end someone could whip up a simple one themselves that wouldn't be detected by any software and hide it very well.

Properly adminstrating the computer might be a solution. I'm no expert on this stuff, but if the users had limited access, wouldn't they then not be able to get anything to run while other accounts are logged in or mess with system files? This goes back to what some other people were talking about having accounts with passwords. Yes at this point it would require formatting the computer to start over properly.

joako
Premium Member
join:2000-09-07
/dev/null

joako to jvmorris

Premium Member

to jvmorris
said by jvmorris:

Okay, I have a question for all (or at least many) of the respondents in this thread.

Is it really all that difficult to understand that the first part of the OP's initial query is:
How does someone detect commercial keylogger software ...
No, the OP asked about any keylogger and an anon poster came in and changed that to commercial keylogger. That terms specifically excludes a keylogger installed by e.g. a government agency which some antivirus vendors have stated they will not detect.

DownTheShore
Pray for Ukraine
Premium Member
join:2003-12-02
Beautiful NJ

DownTheShore to VR Laura

Premium Member

to VR Laura
said by VR Laura:
said by jaceg:

I have a friend who thinks Keylogging software might have been installed on his computer.
Ah, the mysterious "friend".

I always wonder why these people never post themselves, even anonymously. Anyone care to guess?
Actually, I've posted questions for friends /family who basically don't know which end of a computer is up (not to mention other mechanical devices - this particular friend has been driving a certain car for 11 years and didn't know about using the fresh air recycle on/off button). Those kind of folks will never search out this forum.
DownTheShore

DownTheShore to pnjunction

Premium Member

to pnjunction
said by pnjunction:

I'd be concerned about that on any computer I use.
Yes, but the scenario we've been given didn't mention logging in on hotspots or using non-personal computers to access private accounts.

It appears to be in reference to his own computer, which is why I was wondering why he would think that he would be targeted in the first place. Just basing upon my own experience, none of my family or friends who could possibly have acccess to my computer probably even know what a key logger is, much less install one.

I guess my basic question is, is the possibility of a keylogger on that computer real, or are we just dealing with paranoia?

If it's real, then a lot of people have already given some good advice here. If it isn't, then nothing we say is going to be believed anyway.

secured655
@rr.com

secured655 to jaceg

Anon

to jaceg
Here's a bit of info on keyloggers in general:

»en.wikipedia.org/wiki/Ke ··· _logging

I used the term 'commercial' to identify a class of KL which is different from malware KL. Keyloggers delivered as payload in a malware scenario would likely be detected and dealt with using quality AV, anti-spyware, and antimalware available in the mainstream. As the OP indicated advance and undetectable, I used the term to exclude less sophisticated SW KL from my remarks.So gov't and law enforcement grade would be included in the commercial class, even though they would not be available to the general public (by my terminology).
The free pass still applies to most KL which are developed by 'commercial' vendors independent of who is using them. Not just LE and gov't.
Spyreveal may be a real contender in detecting commercial KL but, they never recovered (IMHO) from the controversy surrounding the split with spycop. Not to re-engage that discussion, but they could improve sales with the following:
1. Develop a new trial model. Perhaps to include 100% detection with cleanup only provided by the paid version.
2. Enhance the testimonials (which don't impress me anyway) with a readily available detection list and maybe some test results which demonstrate that the investment will pay off.

I did a little checking at emsisoft, and was mildly impressed. I would have to see much more to know how much user decision is required to effectively block the KL's. I looked into one particular nasty, and found it to be categorized as adware.
That is a very poor choice for a tag which the user sees.

Now, I have firsthand experience with a commercial KL being delivered to my computer across the wires (in a real world experience not poc or palying with samples). It was at least kernel level and I believe it had a hypervisor component.
That incident brought me to this forum. I spent 2 months with the KL resident trying an arsenal of software in an effort to identify the traces and signatures. Most importantly, I didn't suspect that I had a keylogger, I knew it. By incredible fortune, I stumbled across an absolutely unambiguous bit of data at the only moment that it existed. No alarms from security SW, just an informational entry in a log. The only symptom I ever experienced was system shutdown during certain user initiated application activity) after a plethera of settings were tightened extremely.
Eventually, I ran out of time to investigate and rebuilt the system including destruction by dban and recovering the bios from a known clean floppy with the write protect lock enabled.
Aurgathor, you are right about bios concerns and although I had the advantage of knowing some information, when trust in a system's integrity has eroded enough, you want to take no chances. Recovering the bios with an empty hard drive is a small step worth adding to ensure a clean system.
My earlier advice regarding dban was based on actual experience, not simply a rational logical approach. If any security SW vendor had laid claim to detecting the KL resident on my system, I would have paid in a heartbeat. Emsisoft has that KL in its malware database today, but calling it adware undermines the severity of a program which logs keystrokes, mouseclicks, clipboard contents, webcam/mic streams, and beyond. Not adware by my choice of terms.
The OP asked for advice in detecting very sophisticated SW which includes evading detection as part of its primary objective, and the good advice given throughout the thread has related to that question.

ptrowski
Got Helix?
Premium Member
join:2005-03-14
Woodstock, CT

1 edit

ptrowski to jaceg

Premium Member

to jaceg
Did your "friend" ever mention WHY they thought the keylogger was potentially there? Also are they they "tin foil hat" type to think if a scanner doesn't pick one up it may be a super secret type of logger?

EDIT-and not to be a stickler but your initial post wasn't asking for detection and removal methods, just in theory does one exist.

AVD
Respice, Adspice, Prospice
Premium Member
join:2003-02-06
Onion, NJ

AVD to jaceg

Premium Member

to jaceg
said by jaceg:

Three threads from my initial post I clarified my question:

"I'm looking for an effective detect and remove solution."


The reality is that there aren't any that are 100% foolproof.