Explanation about detecting keylogger software ?
Detecting keylogger software isn’t exactly brain surgery. You just need to know where to look. Sometimes it’s difficult, but there are usually others online who’ve gone through the trouble of posting a thread on a forum somewhere. So help abounds. Here’s a few ways you can check for keylogger modules that may have wormed their way (with a little help from the Mrs.) into your system
Most keyloggers use a kind of DLL injection to get under the hood and stay there without you seeing it. That means that a DLL will show up mapped to a process’s address space, as seen below: The py (python extension) file sits at the top in the second section under ‘Name’. This one’s been loaded right into Windows Explorer’s address space, which means it’ll run every time Explorer is run. For anything, you need Explorer to do. That makes it hard to get rid of without dedicated anti-virus software that knows what to look for.(detecting keylogger software)
DLLs like this want to see everything you type, so they typically load themselves into every target address space available. For a smart cookie who knows his PC like the back of his hand, he’ll likely see odd DLLs here and there that look suspicious – files he can’t link to any products he’s bought or uses. He can bring these up in a list for every process. Geeks do this enough every day to
where they begin to see anomalies or ‘ghost files’ that shouldn’t be there. They don’t like to rely on anti-virus programs alone
That’s one thing that kids are lousy at noticing things like a tiny switch (or GPS device) hooked under the car ignition. Spyware companies depend on kids being uninformed.(detecting keylogger software)
Solutions for detecting keylogger software?
- 1.) You can study the ‘drivers’ folder for any strange files.
- 2.) Create a debug boot file with BcdEdit and hook up a firewire cable and
- hit a break point when the module loads and study ALL modules, every one,
- filtering details as you go along. Any DLL/driver can’t do squat about you
- looking at it before it’s loaded into Windows. This is, of course, the complicated
- way of doing things.
- 3.) Almost all keyloggers phone home somewhere else. So connect to a
- transparent proxy and note connections not familiar to you. You may see
- something along the lines of ‘myspy.ukraine.com’ rather than just your usual
- VPN address.
- 4.) Purchase an ‘anti-keylogger’ program. There as numerous as anti-virus
- vendors, but not all equal..
Obviously, if you’re using this spyware to monitor your kids, they won’t have half the brainpower to do any of the above unless they’ve got a few whiz kids in their circle of friends. Better safe than sorry, I’m with the parents on this one