Avoiding keystroke capture

Keyloggers are one of the most dangerous spyware parasites. Activity of these usually small malicious programs is really catastrophic. Although keyloggers do not destroy the operating system or installed software and don’t corrupt files, they steal the most valuable user information, including all the passwords, login names, everything written in priceless documents, every letter in a chat conversation or e-mail message. A typical keylogger not only records all keystrokes, but also captures screenshots of user activity, logs software usage, exact addresses of visited web sites, even mouse clicks and time when the user turns off his computer and sends all quietly sends gathered data to a predefined e-mail address. What can be worse? Keyloggers allow the attacker to be well informed about all your secrets, current works, contacts, interests, your entire life. However, you can prevent such an intervention. In most cases keystroke capture can be revealed and avoided. In this article I will give you several advices that you should always keep in mind. Although quite simple, they can really save your nerves.

Types of keyloggers

There are two types of keyloggers.

Hardware keyloggers are small physical devices that usually are placed between the keyboard’s plug and the computer’s keyboard port (PS/2, USB, etc.). They capture every keystroke under different environments. Such keyloggers don’t rely on a particular program or driver and can be instantly installed. However, they do not take screenshots and can be easily found during a thorough computer inspection.

Software keyloggers are invisible applications that secretly run in background and usually cannot be detected and terminated with the help of standard tools. These parasites are most dangerous. Although they depend on numerous files and operating system components, they have rich functionality and can be remotely installed. The attacker doesn’t need to have a physical access to a compromised computer.

Detection and removal

Whenever you have a physical access to a computer you can easily find and remove almost any hardware keylogger. All you have to do is to shutdown your PC, disconnect the keyboard, unplug a keylogging device and attach the keyboard to the computer. The only exceptions are specific hardware devices directly integrated into a keyboard. They are practically undetectable for most users, even security specialists.

Software keyloggers can be found by anti-spyware and antivirus programs. However, some of them are not classified as actual parasites and therefore may stay unrecognized. In such cases you still can disable them by deleting related registry entries, files and directories. The keylogger authors strive to make them virtually impossible to detect. However, there are several ways to notice a parasite. If you suspect that something or someone is monitoring you, follow these steps:

1. Try to notice something unusual. Quit all resource-hungry applications, launch a notepad or a web browser and type some text in it, browse the Internet or start creating account on certain web site. If typed characters appear with a slight latency or a computer freezes for a second, then you system may be infected with a keylogger.

2. Launch your anti-spyware program and perform full system scan, remove anything related with parasites. Then perform a scan using an antivirus.

3. If nothing suspicious was found, take a deep look on the Windows Startup list (Start > Programs > Startup) and investigate the registry, especially automatic startup keys (most keyloggers secretly run on every Windows startup):

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Analyse and remove keys and files associated with potential keyloggers.

4. Use the Windows Search utility (Start > Search > For Files or Folders…) to search your hard drives for recently created .jpg or .log files. These file types are often used by various keyloggers to store captured screenshots and recorded keystrokes.

Tricking a keylogger

If you were unable to detect and remove a spy and you still have to use an infected computer, you can trick a parasite by using a virtual keyboard. Most keyloggers, both hardware and software, are designed to record keystrokes, but not the mouse clicks. The virtual keyboard is a special program that acts as a regular keyboard and can be controlled by a pointing device. To enter a character you have to click on the corresponding button. No keystrokes are required. Windows already comes with a virtual keyboard. To launch it, press the Start button, select Programs, then Accessories menu and eventually in the Accessibility group click on the On-Screen Keyboard. This will launch the utility.


Windows On-Screen Keyboard

However, some keyloggers automatically take screenshots on every mouse click. Windows On-Screen Keyboard is perfectly visible for such parasites, so it is better to use different virtual keyboards that do not require clicks, but allow the user to enter a character by just holding the mouse cursor over a button for several seconds. These advanced virtual keyboards are made by several software companies and are often used in online financial sites.

Unfortunately, not all keyloggers can be easily tricked and therefore your privacy cannot be protected unless a parasite is completely removed from your system. Even if your PC seems to be clean, do not enter sensitive information and account details using a regular keyboard, especially if you use a public computer.



  • Vance Decker

    Thanks for the informative article, however you let off the other criminals in this equation, the antivirus companies.

    “Software keyloggers can be found by anti-spyware and antivirus programs. However, some of them are not classified as actual parasites and therefore may stay unrecognized.”

    …and why are they not classified as actual parasites? I’ll leave that up to you to decide. However, in choosing a paid antivirus solution, I would want a written guarantee that it will discover ALL commercially available keylogging software, as they are available to anyone, it should not be difficult to guarantee detection. Without this, software is worthless, you might as well throw that $50 down your toilet.

  • sabrina

    Keystroke logging (often called keylogging) is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. There are numerous keylogging methods, ranging from hardware and software-based approaches to electromagnetic and acoustic analysis.

Like us on Facebook
news
Ask us
Parasites
Files