Keyloggers - how to detect?

Hiya,

due to some comments my boyfriend made recently i have started to wonder if he had been reading my posts on forums. That in itself isnt a problem but i have started to suspect that he is actually logging in under my uname as someone commented that i was still online when i was meant to be off doing something else. Then earlier today after i had logged out i was still showing as online next to all my posts for about half an hour. I cleared my cookies and temporary internet files and went back to the site where it still showed my uname as being logged in - although on my computer it showed that i wasnt if that makes sense. When i am on the forum in question there are certain times when i keep being logged out but it shows that i am still online - i believe i could be being logged out as someone else is logging in. Now i changed my password last night and deliberately spelled it wrong so as it couldnt be something he could guess but still this is happening and with certain things he says sometimes i am thinking he has put a keystroke logger onto my computer.

Is there anyway of finding out? i mean do they show up under the running processes? or would it show with a hijackthis logfile?

any help would be greatly appreciated as i dont know whether i can trust him anymore or if i am being paranoid, but i wouldnt put it past him!

thanks xx

 

Hi,

The usual advice is to confront the person and talk it through, so i've done that ! Is the PC owned by you, or someone else, or shared etc. If you don't then as it belongs to someone else you can't legally/morally etc tamper with it, so the first option etc beckons.

If you actually own it then start off by by doing some Free scans which will search for keyloggers/spyware as well as any viruses/trojans etc.

http://www.kaspersky.com/downloads/kws/kavwebscan.html will find but not remove, so save the log.

http://www.bitdefender.com/scan8/ie.html will remove but do NOT remove anything yet for safety, so just save the log.

Download a Free trial version of Eiwdo and update then scan. Windows 2000 and XP

http://www.ewido.net/en/ if you like it you can register later. Same advice with the remove/log.

What AV etc do you have right now, and what does that show after a manual scan ?

If you want to pay for a first class product that detects and kills KL's,trojans,rootkits etc etc, then i would recommend BOClean. They don't do a trial, but 30 day money back promise, which they keep. Don't know many who have asked though, and i use it too.

I wouldn't write anything private or log in or bank etc etc online until it's sorted !

After you reply we'll move on

StevieO

 

I would first try to eliminate as many logical explanations as possible. Contact the forum administrator/moderator and ask them if it is at all possible that your logon status can still be shown as online after the period of time that you have stated you have been logged off. You may also want to mention that you suspect someone else is logging under your name, as they may take the initiative and go on to the next step and check their logs for discrepancies. If their answer does not suffice, check again when this discrepancy of logon status occurs and then check your IP address at that moment. Contact the forum administrator/moderator again and ask them to check their event logs and the IP address of the person logged in at said time. If there is a discrepancy here, something fishy might be going on

I would then first check to see if there is any type of hardware keylogger. Check to make sure no devices are connected in between the keyboard port on your computer tower and the keyboard itself.

Software keyloggers maybe a little harder to detect. If someone were to keylog activities on your computer it can be done in quite a few ways. There are commercial keyloggers you can purchase, as well as remote access trojans, and the more advanced rootkits. Any number of these has the ability to keylog activities. And detecting them by signature methods can be successful or not, depending how advanced the keylogger is and if the keylogger is custom made. If a keylogger is custom made the chances an anti-spyware/malware/keylogging application in having the signature to detect it makes it much smaller (unless it detects it by some generic means). But scanning for a keylogger by signatures is probably the easiest to do, and would be the next thing I would try. Download free/trial versions of these programs, update their signatures and perform a scan. spybot , spy sweeper , microsoft windows defender , ewido (as mentioned) , unhackmeetc. If you are willing to put money on this investigation you may also want to look into spycop , as it specifically deals with detecting such programs by signature (though if you really do suspect you are keylogged at this time, you may want to consider purchasing spycop on a computer that is not keylogged, so you do not compromise your credit card information ) . Also if you do not already have one in place, you may want to download a software firewall with outbound filtering to monitor what types of programs are requesting internet access.

Of course there are also many other programs to protect you from being keylogged in the first place, but if your computer is already compromised the effectiveness of such programs may already be in jeopardy.

I will not go into the ethics of people who feel it necessary to monitor girlfriend/boyfriend activities, as I am sure that is a whole different topic.