How to know if my system has a key logger or screengrabber software

How can I know of my PC has malicious key logger or screengrabber software running?
rayluvsAsked:
Who is Participating?
 
btanConnect With a Mentor Exec ConsultantCommented:
noted just a quick thought, if you are just interested in keylog name (as example), maybe the easier is also to leverage AV listing of signature e.g. in McAfee, you can perform a search usingn"Keylog" like http://home.mcafee.com/VirusInfo/ThreatSearch.aspx?term=keylog
0
 
Tony PittCommented:
There no simple answer to this question.  A good virus scanner will detect most things.  There are a number of tools from MalwareBytes that you can download - anti-malware and anti-exploit would be a good start.
0
 
Tony PittCommented:
Beyond that, try the utility HiJackThis which will list out everything that's running on the computer as a driver, startup program, etc.  The problem with this is simply that it'll list out so much, and it'll need an expert to determine what a lot of it is.

/T
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
rayluvsAuthor Commented:
we have antivirus but  it doesnt tell me if there is a key-logger or screengrabber in memory (and HiJackThis overwhelms with info too technical so we can now).
0
 
Tony PittCommented:
The MalwareBytes tools are probably more useful - use the Chameleon version if you think your system is already infected.

/T
0
 
rayluvsAuthor Commented:
besides cleaning, we really want to identify them.

How does MalwareBytes tells me this? (have Windows 8 Pro PC)
0
 
web_trackerConnect With a Mentor Commented:
Just let the malwarebytes scan and after the scan it will tell you what type of malware it finds. The same thing goes with other malware tools that you use. Malwarebytes, Roguekiller, adwcleaner, and JRT are my favourite tools that I use to remove malware on a regular basis. These tools are not too technical to run and when they find malware either it will give you a txt document of what it found and deleted or the software itself will tell you what it found and then you either quarantine the infection or delete it. Bleeping computer is a safe place to download the majority of these tools. http://www.bleepingcomputer.com/download/junkware-removal-tool/
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.bleepingcomputer.com/download/roguekiller/
0
 
Tony PittCommented:
Do you have a particular reason for thinking that your PC is infected?  Are you seeing something that makes you think this?  Or is it just a general enquiry?

/T
0
 
rayluvsAuthor Commented:
sorry for the delay, had problems with the emails from EE alerting me of answers were not coming in (fixed).

Thanx for the info on Malwarebytes, Roguekiller, adwcleaner, and JRT, but what we would like to know is how to identify the actual apps or program loaded ion memory pertaining to a key logger or screengrabber software.

We are not looking for a cleaner, rather if EE can help us identify them in our PC memory or task-manager.
0
 
web_trackerConnect With a Mentor Commented:
not all malware may be shown in the task manager, as often malware can be installed as part of an application install. For example some applications such as Java or flashplayer install PUP, as part of the install. such as ask tool bars.  Malware writers or clever they don't want you to see their malware running so you can potentially shut it off. The tools I have suggested will find potential PUP or other malware, it may even give you information about the malware that is running on your system it may even tell you that it is a key logger. You can even do research on what it found to see if it is a dangerous keylogger. It will not tell you how you got infected, but just tell you an infection is present if there is an infection. These applications will also remove the infection. You can use applications such as Process explorer to see what apps are running in the pc memory. Process Explorer is part of the Sys Internals tools, now part of Microsoft.
0
 
rayluvsAuthor Commented:
So yo mean that there are no exact names or know key logger names recognize by just seeing the program running?
(I guess what we want is to know possible program names that are these malicious key-logger apps)
0
 
web_trackerConnect With a Mentor Commented:
there are no real names that are standard for the key loggers it could be random characters that are generated by the malicious code.
0
 
rayluvsAuthor Commented:
So the key-loggers are not a specific software but malicious code that our PC gets (or gets planted) when infected by visiting a site or using infected USB, etc? In other words, 'key-logger' or 'screengrabber' are not actual software you buy or download?
0
 
btanConnect With a Mentor Exec ConsultantCommented:
I probably seeing it in another mean ..not to take chances as keylogger or screengrabber are common set in remote admin tool (aka RAT) - see wiki (http://en.wikipedia.org/wiki/Remote_administration_software) so a quick take is if there is RAT in the machine, chance of such set are possible, esp for those non legit type (reported alot in cyber attack and breach incident). E.g. include poisonivy, njRat, Back Orifice (B02K). Ref - http://resources.infosecinstitute.com/remote-access-tool/

Their existence will be alerted by AV and anti-malware due to their grabbing behaviour and hooking into the kernel and user space. Of course, i will not rely on only those to detect, likely you need to look at rootkit detector as well as since they touch the kernel side and one trait it is to make it invisible or seemingly as legit driver, process etc.

Some tools I will consider include Spyhunter (http://www.enigmasoftware.com/threat-database/remote-administration-tools/), run antispyware such as spybot detector and checks anomalous browser extension, and doing sysmon (https://technet.microsoft.com/en-us/sysinternals/dn798348) to detect file changes and network traffic surges since grabbing eventually has to be sent back to adversary  "mothership"
0
 
Brian BEE Topic Advisor, Independant Technology ProfessionalCommented:
To answer you last question, keyloggers are normally considered "spyware" that will record thing like your passwords so they can be sent to a hacker. However, there are also legitimate key logging programs out there that a business may put on their computer for one reason or another.

If you are in an office, someone who is a network specialist might be able to look at the traffic coming from your computer and tell you if there is anything unusual.

Like everyone else, I highly recommend scanning with malware bytes if you think something is happening.
0
 
btanConnect With a Mentor Exec ConsultantCommented:
Saw one KL detector though tested in old platform, works by scanning your local hard disk for any log file created during the monitoring process. Eventually it is checking for the log generated by the logger
http://dewasoft.com/privacy/kldetector.htm
0
 
Thomas Zucker-ScharffConnect With a Mentor Systems AnalystCommented:
I realize from some of your comments that you are not looking for something specific to do the ID for you, but have you just considered using something like RUBotted by Trend Micro on your endpoints?
0
 
rayluvsAuthor Commented:
What we were looking for actual names or behaviors so we could identify when one of these culprit were in memory.   Nevertheless, based in the valuable EE info supplied us, we have concluded that this is not the case with key-logger or screengrabbers; these codes are note apps but appended or embedded malicious coding within an apps downloaded or a site visited.

Based on this, and the info/links provided, we have a lot of research to do.

We will proceed to close  question.
0
 
rayluvsAuthor Commented:
Thank you very much, this is in the direction of what we were looking for; possible names for keyloggers.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.