Jump to content

How to detect a keylogger

Number
By Number
in Troubleshooting
 Share
Posted

People say if you see two of the same processes its a keylogger. However, when I open task manager I see more than one of two tasks. So how do I detect and remove a keylogger?

kaspersky

malwarebytes

super antispyware

hitman pro

If you need remote help fixing something on your computer

I can help over Teamviewer if you wish

just msg me on my profile

Link to post
Share on other sites
Posted

Have you bought any plane tickets to Bulgaria but forgotten ever making the purchase? That's how I tell I have a key logger

                                                                                                                                                                            Professional Girl

Link to post
Share on other sites
Posted

thats wrong first off

chrome has like 10

schovast  has like 5 

not always

BUT

if you see two of the same SYSTEM processes, then it is a keylogger, no?

or that might infer to specific system processes

OFF TOPIC: I suggest every poll from now on to have "**CK EA" option instead of "Other"

Link to post
Share on other sites
Posted

I am not a security expert, however, keyloggers are along the same lines as malware. Because most malware now is focusing on phishing and extorting users by encypting their data, I don't think keyloggers are very sophisticated these days. You should be fine running a MalwareBytes scan on your system and seeing what it turns up.

 

FYI, whoever said two of the same processes running are a keylogger is both very silly and sort of on the right track.

 

Windows (and OSX/Unix-based systems) will often have multiple processes or daemons running under the same name, with different switches appended to the end. Common examples are svchost.exe on Windows. Open up task manager on any modern system as an Administrator, and you'll see over 10 svchost.exe processes running. They perform core Windows operating tasks. I dare you to end process on them. Kidding. Don't.

 

It definitely is possible that malware authors will disguise their malware to look like a legitimate svchost.exe process, making it more difficult to find the real culprit. Anti-malware software writers know this however, and thus can focus on detecting these kinds of threats much more easily than more nefarious things like rootkits or firmware based malware.

Desktop: KiRaShi-Intel-2022 (i5-12600K, 5060 Ti) Mobile: Moto Razr 50 Ultra (Razr+ 2024) | 30GB CAN+US+MEX $30/month
Laptop: Lenovo Yoga 7i (16") 82UF0015US (i7-12700H, 16GB/2TB RAM/SSD, A370M GPU) Tablet: Lenovo Tab Plus (256GB)
Camera: Canon M6 Mark II | Canon Rebel T1i (500D) | Canon SX280 Music: Spotify Premium (CIRCA '08)

Link to post
Share on other sites
Posted

not always

BUT

if you see two of the same SYSTEM processes, then it is a keylogger, no?

or that might infer to specific system processes

if the system process can only have 1 runnin yes, but i don't think the keylogger would be dum enough to do that, it probbyl would pick a task that has duplications already. 

 

 

 

Link to post
Share on other sites
Posted

I am not a security expert, however, keyloggers are along the same lines as malware. Because most malware now is focusing on phishing and extorting users by encypting their data, I don't think keyloggers are very sophisticated these days. You should be fine running a MalwareBytes scan on your system and seeing what it turns up.

 

FYI, whoever said two of the same processes running are a keylogger is both very silly and sort of on the right track.

 

Windows (and OSX/Unix-based systems) will often have multiple processes or daemons running under the same name, with different switches appended to the end. Common examples are svchost.exe on Windows. Open up task manager on any modern system as an Administrator, and you'll see over 10 svchost.exe processes running. They perform core Windows operating tasks. I dare you to end process on them. Kidding. Don't.

 

It definitely is possible that malware authors will disguise their malware to look like a legitimate svchost.exe process, making it more difficult to find the real culprit. Anti-malware software writers know this however, and thus can focus on detecting these kinds of threats much more easily than more nefarious things like rootkits or firmware based malware.

Although there is a new type of malware that you might have not heard of that is dormant hidden in the back of your computer and marked as negative by anti-virus programs... It is a dormant keylogger that stays dormant until there is a request from the user to collect passwords, and such. it is ALMOST undetectable and is used by people in the dark web a lot. They collect data when asked, and then remain on the machine until further notice (back into dormant mode). Black market dealers sell this information for a lot of money, so you should be safe unless someone really wants something from you.

OFF TOPIC: I suggest every poll from now on to have "**CK EA" option instead of "Other"

Link to post
Share on other sites
Posted

I am not a security expert, however, keyloggers are along the same lines as malware. Because most malware now is focusing on phishing and extorting users by encypting their data, I don't think keyloggers are very sophisticated these days. You should be fine running a MalwareBytes scan on your system and seeing what it turns up.

 

FYI, whoever said two of the same processes running are a keylogger is both very silly and sort of on the right track.

 

Windows (and OSX/Unix-based systems) will often have multiple processes or daemons running under the same name, with different switches appended to the end. Common examples are svchost.exe on Windows. Open up task manager on any modern system as an Administrator, and you'll see over 10 svchost.exe processes running. They perform core Windows operating tasks. I dare you to end process on them. Kidding. Don't.

 

It definitely is possible that malware authors will disguise their malware to look like a legitimate svchost.exe process, making it more difficult to find the real culprit. Anti-malware software writers know this however, and thus can focus on detecting these kinds of threats much more easily than more nefarious things like rootkits or firmware based malware.

that would be an example of a sophisticated one

OFF TOPIC: I suggest every poll from now on to have "**CK EA" option instead of "Other"

Link to post
Share on other sites
Posted

...... Why are you so paranoid? First rootkit and now keylogger ...
and no.. having more than one of the same process does not mean you have a logger on your system...
who ever is telling you about rootkit and loggers have their stuff wrong.. if he/she is tell you to give your computer to him/her then he/she is trying to scare you into giving you computer to them to install an actual logger/rat...

Can you please stop visiting and downloading piracy software..

One simple way to tell if you have a keylogger or rat is listening to your network.

If you see any unidentified outgoing address then it's highly likely it's a logger/rat/malware/adware

If death has no cost, life has no worth

The dead are gone, the living are hungry

Life is not about finding yourself, it's about creating yourself.

Link to post
Share on other sites
Posted

Although there is a new type of malware that you might have not heard of that is dormant hidden in the back of your computer and marked as negative by anti-virus programs... It is a dormant keylogger that stays dormant until there is a request from the user to collect passwords, and such. it is ALMOST undetectable and is used by people in the dark web a lot. They collect data when asked, and then remain on the machine until further notice (back into dormant mode). Black market dealers sell this information for a lot of money, so you should be safe unless someone really wants something from you.

.... That's not new at all.. that's just FUD.... nothing new about that.

If death has no cost, life has no worth

The dead are gone, the living are hungry

Life is not about finding yourself, it's about creating yourself.

Link to post
Share on other sites
Posted

this thread is to long already

all we needed to tell him was to run a av/maleware scan

The op is the same guy who posted about rootkit because his "friend" told him this and that..

But based off information that he had given about that post there was none... he's just paranoid because someone told him this and that...

If death has no cost, life has no worth

The dead are gone, the living are hungry

Life is not about finding yourself, it's about creating yourself.

Link to post
Share on other sites
Posted

--SNIP--

 

One simple way to tell if you have a keylogger or rat is listening to your network.

If you see any unidentified outgoing address then it's highly likely it's a logger/rat/malware/adware

 

Or it's Windows phoning home because you didn't disable Telemetry Services. Har Har Har.

But no, @Shiwoon has a point here. If you actually analyze what processes are using what ports and IP's, you can decipher legitimate traffic from illegitimate traffic.

Desktop: KiRaShi-Intel-2022 (i5-12600K, 5060 Ti) Mobile: Moto Razr 50 Ultra (Razr+ 2024) | 30GB CAN+US+MEX $30/month
Laptop: Lenovo Yoga 7i (16") 82UF0015US (i7-12700H, 16GB/2TB RAM/SSD, A370M GPU) Tablet: Lenovo Tab Plus (256GB)
Camera: Canon M6 Mark II | Canon Rebel T1i (500D) | Canon SX280 Music: Spotify Premium (CIRCA '08)

Link to post
Share on other sites
Posted
  • Author

Or it's Windows phoning home because you didn't disable Telemetry Services. Har Har Har.

But no, @Shiwoon has a point here. If you actually analyze what processes are using what ports and IP's, you can decipher legitimate traffic from illegitimate traffic.

What software do I use?

Numbre

Link to post
Share on other sites
Posted

What software do I use?

 

Wireshark. Yes, I've used it in the past. Sorry, I cannot answer your questions about it as it's well beyond my knowledge level, even as a technician. Best of luck.

Desktop: KiRaShi-Intel-2022 (i5-12600K, 5060 Ti) Mobile: Moto Razr 50 Ultra (Razr+ 2024) | 30GB CAN+US+MEX $30/month
Laptop: Lenovo Yoga 7i (16") 82UF0015US (i7-12700H, 16GB/2TB RAM/SSD, A370M GPU) Tablet: Lenovo Tab Plus (256GB)
Camera: Canon M6 Mark II | Canon Rebel T1i (500D) | Canon SX280 Music: Spotify Premium (CIRCA '08)

Link to post
Share on other sites
Posted

Or it's Windows phoning home because you didn't disable Telemetry Services. Har Har Har.

But no, @Shiwoon has a point here. If you actually analyze what processes are using what ports and IP's, you can decipher legitimate traffic from illegitimate traffic.

Unless the logger is using legitimate emails servers, google, yahoo etc...

xD I'd go crazy and sign the attacker up for so many shit and mark them as important *evil* bwahahahhahahaahahaha

If the attack is using the same email for his or her banking acc/credit card, I'd buy so many dildo with credit and ruin his or her life

it's only right to do so.

If death has no cost, life has no worth

The dead are gone, the living are hungry

Life is not about finding yourself, it's about creating yourself.

Link to post
Share on other sites
Posted

Unless the logger is using legitimate emails servers, google, yahoo etc...

xD I'd go crazy and sign the attacker up for so many shit and mark them as important *evil* bwahahahhahahaahahaha

If the attack is using the same email for his or her banking acc/credit card, I'd buy so many dildo with credit and ruin his or her life

it's only right to do so.

I am the one who was stating these things.

number is really paranoid for no reason. i was just informing him about viruses and he is over reacting about keyloggers, etc. I told him about these things, and viruses that he could have, because maybe he would want to know!

 

but no number just gets extremly paranoid and for no reason is saying that he has a keylogger

it bothers me, that he is this paranoid about such a little thing.

OFF TOPIC: I suggest every poll from now on to have "**CK EA" option instead of "Other"

Link to post
Share on other sites
Posted

Or it's Windows phoning home because you didn't disable Telemetry Services. Har Har Har.

But no, @Shiwoon has a point here. If you actually analyze what processes are using what ports and IP's, you can decipher legitimate traffic from illegitimate traffic.

Just a notification, smart viruses like these most likely infect the router aswell, so it encrypts its traffic to wireshark users.

OFF TOPIC: I suggest every poll from now on to have "**CK EA" option instead of "Other"

Link to post
Share on other sites
Posted

I'll just tiptoe out of here through the window..

https://www.youtube.com/watch?v=zYrapItmPZI

If death has no cost, life has no worth

The dead are gone, the living are hungry

Life is not about finding yourself, it's about creating yourself.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Troubleshooting

×