?
Solved

How to know if my system has a key logger or screengrabber software

Posted on 2015-01-19
20
Medium Priority
?
263 Views
Last Modified: 2015-02-19
How can I know of my PC has malicious key logger or screengrabber software running?
0
Comment
Question by:rayluvs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 3
  • +3
20 Comments
 
LVL 4

Expert Comment

by:Tony Pitt
ID: 40558651
There no simple answer to this question.  A good virus scanner will detect most things.  There are a number of tools from MalwareBytes that you can download - anti-malware and anti-exploit would be a good start.
0
 
LVL 4

Expert Comment

by:Tony Pitt
ID: 40558666
Beyond that, try the utility HiJackThis which will list out everything that's running on the computer as a driver, startup program, etc.  The problem with this is simply that it'll list out so much, and it'll need an expert to determine what a lot of it is.

/T
0
 

Author Comment

by:rayluvs
ID: 40558711
we have antivirus but  it doesnt tell me if there is a key-logger or screengrabber in memory (and HiJackThis overwhelms with info too technical so we can now).
0
Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

 
LVL 4

Expert Comment

by:Tony Pitt
ID: 40558751
The MalwareBytes tools are probably more useful - use the Chameleon version if you think your system is already infected.

/T
0
 

Author Comment

by:rayluvs
ID: 40558761
besides cleaning, we really want to identify them.

How does MalwareBytes tells me this? (have Windows 8 Pro PC)
0
 
LVL 18

Assisted Solution

by:web_tracker
web_tracker earned 860 total points
ID: 40559046
Just let the malwarebytes scan and after the scan it will tell you what type of malware it finds. The same thing goes with other malware tools that you use. Malwarebytes, Roguekiller, adwcleaner, and JRT are my favourite tools that I use to remove malware on a regular basis. These tools are not too technical to run and when they find malware either it will give you a txt document of what it found and deleted or the software itself will tell you what it found and then you either quarantine the infection or delete it. Bleeping computer is a safe place to download the majority of these tools. http://www.bleepingcomputer.com/download/junkware-removal-tool/
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.bleepingcomputer.com/download/roguekiller/
0
 
LVL 4

Expert Comment

by:Tony Pitt
ID: 40559280
Do you have a particular reason for thinking that your PC is infected?  Are you seeing something that makes you think this?  Or is it just a general enquiry?

/T
0
 

Author Comment

by:rayluvs
ID: 40571547
sorry for the delay, had problems with the emails from EE alerting me of answers were not coming in (fixed).

Thanx for the info on Malwarebytes, Roguekiller, adwcleaner, and JRT, but what we would like to know is how to identify the actual apps or program loaded ion memory pertaining to a key logger or screengrabber software.

We are not looking for a cleaner, rather if EE can help us identify them in our PC memory or task-manager.
0
 
LVL 18

Assisted Solution

by:web_tracker
web_tracker earned 860 total points
ID: 40571882
not all malware may be shown in the task manager, as often malware can be installed as part of an application install. For example some applications such as Java or flashplayer install PUP, as part of the install. such as ask tool bars.  Malware writers or clever they don't want you to see their malware running so you can potentially shut it off. The tools I have suggested will find potential PUP or other malware, it may even give you information about the malware that is running on your system it may even tell you that it is a key logger. You can even do research on what it found to see if it is a dangerous keylogger. It will not tell you how you got infected, but just tell you an infection is present if there is an infection. These applications will also remove the infection. You can use applications such as Process explorer to see what apps are running in the pc memory. Process Explorer is part of the Sys Internals tools, now part of Microsoft.
0
 

Author Comment

by:rayluvs
ID: 40572331
So yo mean that there are no exact names or know key logger names recognize by just seeing the program running?
(I guess what we want is to know possible program names that are these malicious key-logger apps)
0
 
LVL 18

Assisted Solution

by:web_tracker
web_tracker earned 860 total points
ID: 40576572
there are no real names that are standard for the key loggers it could be random characters that are generated by the malicious code.
0
 

Author Comment

by:rayluvs
ID: 40577938
So the key-loggers are not a specific software but malicious code that our PC gets (or gets planted) when infected by visiting a site or using infected USB, etc? In other words, 'key-logger' or 'screengrabber' are not actual software you buy or download?
0
 
LVL 64

Assisted Solution

by:btan
btan earned 856 total points
ID: 40615924
I probably seeing it in another mean ..not to take chances as keylogger or screengrabber are common set in remote admin tool (aka RAT) - see wiki (http://en.wikipedia.org/wiki/Remote_administration_software) so a quick take is if there is RAT in the machine, chance of such set are possible, esp for those non legit type (reported alot in cyber attack and breach incident). E.g. include poisonivy, njRat, Back Orifice (B02K). Ref - http://resources.infosecinstitute.com/remote-access-tool/

Their existence will be alerted by AV and anti-malware due to their grabbing behaviour and hooking into the kernel and user space. Of course, i will not rely on only those to detect, likely you need to look at rootkit detector as well as since they touch the kernel side and one trait it is to make it invisible or seemingly as legit driver, process etc.

Some tools I will consider include Spyhunter (http://www.enigmasoftware.com/threat-database/remote-administration-tools/), run antispyware such as spybot detector and checks anomalous browser extension, and doing sysmon (https://technet.microsoft.com/en-us/sysinternals/dn798348) to detect file changes and network traffic surges since grabbing eventually has to be sent back to adversary  "mothership"
0
 
LVL 24

Expert Comment

by:Brian B
ID: 40616691
To answer you last question, keyloggers are normally considered "spyware" that will record thing like your passwords so they can be sent to a hacker. However, there are also legitimate key logging programs out there that a business may put on their computer for one reason or another.

If you are in an office, someone who is a network specialist might be able to look at the traffic coming from your computer and tell you if there is anything unusual.

Like everyone else, I highly recommend scanning with malware bytes if you think something is happening.
0
 
LVL 64

Assisted Solution

by:btan
btan earned 856 total points
ID: 40616769
Saw one KL detector though tested in old platform, works by scanning your local hard disk for any log file created during the monitoring process. Eventually it is checking for the log generated by the logger
http://dewasoft.com/privacy/kldetector.htm
0
 
LVL 29

Assisted Solution

by:Thomas Zucker-Scharff
Thomas Zucker-Scharff earned 284 total points
ID: 40616901
I realize from some of your comments that you are not looking for something specific to do the ID for you, but have you just considered using something like RUBotted by Trend Micro on your endpoints?
0
 

Author Comment

by:rayluvs
ID: 40617249
What we were looking for actual names or behaviors so we could identify when one of these culprit were in memory.   Nevertheless, based in the valuable EE info supplied us, we have concluded that this is not the case with key-logger or screengrabbers; these codes are note apps but appended or embedded malicious coding within an apps downloaded or a site visited.

Based on this, and the info/links provided, we have a lot of research to do.

We will proceed to close  question.
0
 
LVL 64

Accepted Solution

by:
btan earned 856 total points
ID: 40617918
noted just a quick thought, if you are just interested in keylog name (as example), maybe the easier is also to leverage AV listing of signature e.g. in McAfee, you can perform a search usingn"Keylog" like http://home.mcafee.com/VirusInfo/ThreatSearch.aspx?term=keylog
0
 

Author Comment

by:rayluvs
ID: 40620540
Thank you very much, this is in the direction of what we were looking for; possible names for keyloggers.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question