Info on Keyloggers...

Status
Not open for further replies.

racer_x_090

Posts: 24   +0
I have just recently got a keylogger and it forced me to reformat My computer. In that porocess i lost ALOT of important stuff including taxing information, resumes, and spread sheets for my work. I have a couple questions on keylogers...

One: How are they made
Two: How is the information sent back to the source
Three: What are they most commonly used for
Four: What is the best way to get rid of a keylogger other than reformatting

Thank in advance for the help. Any information would help greatly.

-X
 
One: They are just regular programs just like any other program that is installed on a PC. Nothing special. The trick is in how it GETS installed, and the techniques in which it conceals itself.
They use a special driver to be able to read every key pressed on the keyboard, BEFORE Windows responds to it. So when you press "B" on the keyboard, it goes over the wire, reaches the system, reaches the software keyboard driver, and is first passed through the key-logger driver, and then to whatever program is active.
These types of drivers are quite common, and have many good purposes, but like most things, they can also be used for evil.

Two: The second part of the program, if successfully installed, simply uses your Internet connection and sends the data to someplace that was programmed into it. They call this "phoning home", and is no different then, say, Winamp sending usage info back to them, or Windows checking validation every so many days. The program just becomes active, and uses your connection without you knowing it. Unless you are tightly watching a heavy firewall program, you won't know it's taking place.

Three: A "bad" key-logger would be used mainly to collect user names and passwords to things. And if they happen to catch a credit card number being typed, or any other such data. If the data is successfully collected, somebody could possible log in to your PC remotely, or your bank's website, or use your credentials for something without you knowing. Basically they could steal your identity.
A "good" key-logger might be used as a security feature. Or similar technology could be use to remap keyboard keys, or map "special" keys on the keyboard.

Four: Well, simply, removing it! If it's a bad key-logger, it will quite likely be labeled as spyware or a virus. And should then be picked up by a good "anti" tool. Such as Ad-Aware, Spybot, Ewido, TrendMicro, MS Defender, etc...
Even Hijackthis can detect them.
You also find them by looking for it's "startup" entry. The tricky place where it put itself into your startup. Which may be anywhere from right in the open, say, in your start menu startup. Or more hidden like a service, or notify key, or a shared DLL.
Once you identify the key-logger, you can find out what file it is, and then search for the file in the registry and so forth.

Obviously some program TOLD you you have a key-logger? If it gave info about the file itself or where it's located, or any other info you can research. You could have removed it.
A key-logger is not the worst of Internet enemies. They are usually not destructive to your PC like viruses can be. They don't chew up your resources and Internet bandwidth like some adware and spyware can. But like ANY malware, they can be tricky to find and remove.

Next time you have problems, post the issue here at Techspot, and the friendly GENIUSES here can help track it down :)
 
You know, you can always copy your important documents to a safe location before formatting :)

There is a difference between programs and data. Your spreadsheets are data, and usually they don't have any active content that could be harmful in any way.
 
Status
Not open for further replies.
Back