About Keyloggers presence

How can I assure that my system has no keylogger installed hiddenly by anyone. Actually my system is on network in office and I am suspecting that someone might installed keylogger on my system. So how can I assure that my system is keylogger free?

 

Hardware keyloggers (example here) might be present and they can't be detected by software. Depending on the rights you have on your account, you can see Windows start-ups, use antivirus software that detect keyloggers (e.g. in ESET they are detected as potentially unsafe programs), see hidden files and so on. But when you use 3rd party computer and 3rd party network that is not yours, you can expect they do everything with the information there and no matter what, you should never use and enter too personal information about you, your life, family, etc.

 

Thanks for sharing your views, but I already know that. No hardware keylogger is installed, its Administrator Account in Windows, I also configure Eset to Strict Protection and also enable detection of potentially unsafe programs. And I don't have any personal information about me, family on that office PC.

But still I want to get assurance of my keylogger free system. How can I do that using Eset?

 

You have done the maximum ESET products can to help you about that. If they detect a software keylogger, they will notify you.

 

If we were to be paranoid, we could say that even if you scanned your system with all available security scanners, you would never be 100% sure that it's completely clean.

 

Yeah I know about no antivirus provides 100 % protection.

Any logs should I send for analysis to ensure keylogger free system?

 

Any body help me.

 

You can scan your disk with a bunch of online scanners. If no malware is found, you can be 99% sure your system is clean.

 

I don't know if your machine is private or not...if is it from your company it can be reason that you can have some key-logger installed...just to monitor your activity. It can be key-logger or screen-logger and probaly it will be not so simply to detect and remove such logger.
Your security app (ESET as I consider) perhaps trust that logger and only some other standalone app can detect it...so try Emsisoft Emergency Kit to scan on demand or in other way - try to install SpyShelter Free (if your system is not 64-bit) to observe how action it detect and then to allow it or deny...be careful of course

 

Hello,

Can you tell us more about the specific situation? Is this a purely hypothetical situation, or do you have reason to believe someone is actively monitoring your communications?

Regards,

Aryeh Goretsky

 

Most companies uses webproxy to filter and monitor the websites that you visit, some part you can see as parental control that you will find in customer security suites. A system administrator can always verify which programs you are running and even take over the screen. But only for troubleshooting or an investigation purposes. A web proxy isn't a keylogger. Normally when you signed your contract, you agreed that you will follow the ICT guidelines. A webproxy is a tool for a system administrator to monitor to which sites is surfed during the working hours. In your case the chance is very high that you are also behind a proxy.

 

Here is integrated Sysinspector log attached. The log file in.xml format is packed in RAR format and renamed it .txt for uploading here.

Actually my system hangs frequently for 5-10 secs and then it becomes OK. The situation is somewhat similar to hidden screen/key logger capturing, so suspect its presence. Kindly analyze the logs and tell me whether my system is keylogger free or not.

 

any help will be appreciated.

 

Hello,

I did not see anything that I recognize as a keylogger, per se, but there were a few drivers I did not recognize, (but were not running) as well as a scheduled task that showed up in the ESET SysInspector log file that I am not familiar with:

"Task" = "c:\windows\system32\tasks\AutoKMS" ( 5: Unknown ) ;
​

You might want to look into whatever created that task—it could be that has something to do with the problem you are experiencing with the system.

Regards,

Aryeh Goretsky

 

I think this page can be useful in connection to AutoKMS
-http://systemexplorer.net/file-database/file/autokms-exe