Solved

How to know if my system has a key logger or screengrabber software

Posted on 2015-01-19
20
214 Views
Last Modified: 2015-02-19
How can I know of my PC has malicious key logger or screengrabber software running?
0
Comment
Question by:rayluvs
  • 7
  • 4
  • 3
  • +3
20 Comments
 
LVL 4

Expert Comment

by:Tony Pitt
ID: 40558651
There no simple answer to this question.  A good virus scanner will detect most things.  There are a number of tools from MalwareBytes that you can download - anti-malware and anti-exploit would be a good start.
0
 
LVL 4

Expert Comment

by:Tony Pitt
ID: 40558666
Beyond that, try the utility HiJackThis which will list out everything that's running on the computer as a driver, startup program, etc.  The problem with this is simply that it'll list out so much, and it'll need an expert to determine what a lot of it is.

/T
0
 

Author Comment

by:rayluvs
ID: 40558711
we have antivirus but  it doesnt tell me if there is a key-logger or screengrabber in memory (and HiJackThis overwhelms with info too technical so we can now).
0
 
LVL 4

Expert Comment

by:Tony Pitt
ID: 40558751
The MalwareBytes tools are probably more useful - use the Chameleon version if you think your system is already infected.

/T
0
 

Author Comment

by:rayluvs
ID: 40558761
besides cleaning, we really want to identify them.

How does MalwareBytes tells me this? (have Windows 8 Pro PC)
0
 
LVL 18

Assisted Solution

by:web_tracker
web_tracker earned 215 total points
ID: 40559046
Just let the malwarebytes scan and after the scan it will tell you what type of malware it finds. The same thing goes with other malware tools that you use. Malwarebytes, Roguekiller, adwcleaner, and JRT are my favourite tools that I use to remove malware on a regular basis. These tools are not too technical to run and when they find malware either it will give you a txt document of what it found and deleted or the software itself will tell you what it found and then you either quarantine the infection or delete it. Bleeping computer is a safe place to download the majority of these tools. http://www.bleepingcomputer.com/download/junkware-removal-tool/
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.bleepingcomputer.com/download/roguekiller/
0
 
LVL 4

Expert Comment

by:Tony Pitt
ID: 40559280
Do you have a particular reason for thinking that your PC is infected?  Are you seeing something that makes you think this?  Or is it just a general enquiry?

/T
0
 

Author Comment

by:rayluvs
ID: 40571547
sorry for the delay, had problems with the emails from EE alerting me of answers were not coming in (fixed).

Thanx for the info on Malwarebytes, Roguekiller, adwcleaner, and JRT, but what we would like to know is how to identify the actual apps or program loaded ion memory pertaining to a key logger or screengrabber software.

We are not looking for a cleaner, rather if EE can help us identify them in our PC memory or task-manager.
0
 
LVL 18

Assisted Solution

by:web_tracker
web_tracker earned 215 total points
ID: 40571882
not all malware may be shown in the task manager, as often malware can be installed as part of an application install. For example some applications such as Java or flashplayer install PUP, as part of the install. such as ask tool bars.  Malware writers or clever they don't want you to see their malware running so you can potentially shut it off. The tools I have suggested will find potential PUP or other malware, it may even give you information about the malware that is running on your system it may even tell you that it is a key logger. You can even do research on what it found to see if it is a dangerous keylogger. It will not tell you how you got infected, but just tell you an infection is present if there is an infection. These applications will also remove the infection. You can use applications such as Process explorer to see what apps are running in the pc memory. Process Explorer is part of the Sys Internals tools, now part of Microsoft.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:rayluvs
ID: 40572331
So yo mean that there are no exact names or know key logger names recognize by just seeing the program running?
(I guess what we want is to know possible program names that are these malicious key-logger apps)
0
 
LVL 18

Assisted Solution

by:web_tracker
web_tracker earned 215 total points
ID: 40576572
there are no real names that are standard for the key loggers it could be random characters that are generated by the malicious code.
0
 

Author Comment

by:rayluvs
ID: 40577938
So the key-loggers are not a specific software but malicious code that our PC gets (or gets planted) when infected by visiting a site or using infected USB, etc? In other words, 'key-logger' or 'screengrabber' are not actual software you buy or download?
0
 
LVL 61

Assisted Solution

by:btan
btan earned 214 total points
ID: 40615924
I probably seeing it in another mean ..not to take chances as keylogger or screengrabber are common set in remote admin tool (aka RAT) - see wiki (http://en.wikipedia.org/wiki/Remote_administration_software) so a quick take is if there is RAT in the machine, chance of such set are possible, esp for those non legit type (reported alot in cyber attack and breach incident). E.g. include poisonivy, njRat, Back Orifice (B02K). Ref - http://resources.infosecinstitute.com/remote-access-tool/

Their existence will be alerted by AV and anti-malware due to their grabbing behaviour and hooking into the kernel and user space. Of course, i will not rely on only those to detect, likely you need to look at rootkit detector as well as since they touch the kernel side and one trait it is to make it invisible or seemingly as legit driver, process etc.

Some tools I will consider include Spyhunter (http://www.enigmasoftware.com/threat-database/remote-administration-tools/), run antispyware such as spybot detector and checks anomalous browser extension, and doing sysmon (https://technet.microsoft.com/en-us/sysinternals/dn798348) to detect file changes and network traffic surges since grabbing eventually has to be sent back to adversary  "mothership"
0
 
LVL 23

Expert Comment

by:Brian B
ID: 40616691
To answer you last question, keyloggers are normally considered "spyware" that will record thing like your passwords so they can be sent to a hacker. However, there are also legitimate key logging programs out there that a business may put on their computer for one reason or another.

If you are in an office, someone who is a network specialist might be able to look at the traffic coming from your computer and tell you if there is anything unusual.

Like everyone else, I highly recommend scanning with malware bytes if you think something is happening.
0
 
LVL 61

Assisted Solution

by:btan
btan earned 214 total points
ID: 40616769
Saw one KL detector though tested in old platform, works by scanning your local hard disk for any log file created during the monitoring process. Eventually it is checking for the log generated by the logger
http://dewasoft.com/privacy/kldetector.htm
0
 
LVL 26

Assisted Solution

by:Thomas Zucker-Scharff
Thomas Zucker-Scharff earned 71 total points
ID: 40616901
I realize from some of your comments that you are not looking for something specific to do the ID for you, but have you just considered using something like RUBotted by Trend Micro on your endpoints?
0
 

Author Comment

by:rayluvs
ID: 40617249
What we were looking for actual names or behaviors so we could identify when one of these culprit were in memory.   Nevertheless, based in the valuable EE info supplied us, we have concluded that this is not the case with key-logger or screengrabbers; these codes are note apps but appended or embedded malicious coding within an apps downloaded or a site visited.

Based on this, and the info/links provided, we have a lot of research to do.

We will proceed to close  question.
0
 
LVL 61

Accepted Solution

by:
btan earned 214 total points
ID: 40617918
noted just a quick thought, if you are just interested in keylog name (as example), maybe the easier is also to leverage AV listing of signature e.g. in McAfee, you can perform a search usingn"Keylog" like http://home.mcafee.com/VirusInfo/ThreatSearch.aspx?term=keylog
0
 

Author Comment

by:rayluvs
ID: 40620540
Thank you very much, this is in the direction of what we were looking for; possible names for keyloggers.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now