HOWTO: Detect and Defeat Keyloggers

Category: Security

It's a fact that many malware infections result in a vulnerability to keystroke logging, which can compromise your privacy and lead to identity theft. A recent news story tells how over TWO MILLION passwords were stolen by keyloggers. Learn more about keyloggers, how they work, and how to defend yourself from this growing threat...

Keyloggers: What they Are and How to Defend Yourself

A keylogger is a program that records everything that you type on a keyboard. All of your keystrokes are stored, in order, in a log file. Hence the name, "key logger." The log file is intended to be read by a third party that is typically unknown, remote and malicious. Keyloggers do have legitimate uses, such as troubleshooting, training, analyzing employee productivity, and law enforcement surveillance. But keyloggers are most often used illegally to spy on people.

A recent report by Trustwave security researchers revealed that malware known as "Pony" was responsible for the theft of over two million usernames and passwords, many of them for popular sites such as Facebook, Gmail, LinkedIn, Twitter and Yahoo.

Keyloggers are especially useful for stealing usernames and passwords, bank and credit card numbers, and other sorts of personal information that people type every day. Even data transmitted over an encrypted Internet connection is vulnerable to keylogging, because a keylogger records keystrokes before they are encrypted for transmission. See my related article Should I Install a Keylogger? if you're thinking about using one to spy on someone, as there are some serious ethical and legal concerns.
How to Defeat a Keylogger

Contrary to what you may have read elsewhere, keyloggers are not limited to spying on your web browsing activity. Anything you type, in any program, online or offline, can be captured by a keylogger. So if you've been told to type your password into Notepad, then copy & paste it to a web form, that's bad advice.

Software keyloggers are often distributed in Trojan, virus, and other malware packages. These keyloggers can operate at the kernel level, making them virtually invisible to the operating system. Others use "hooks" into the operating system's keyboard API to monitor and record keystrokes. Keyloggers generally attempt to transmit their log files secretly back to their masters, either via email or FTP.

Detect, Defeat and Defend Against Keyloggers

A number of techniques can be used to defeat keyloggers, but no one technique is effective against all types of keyloggers.

A keylogger can be housed in a hardware device that plugs into the keyboard port on your computer. Some hardware keyloggers are hidden inside of keyboards themselves. Hardware keyloggers cannot be detected by software, but they have the drawback of requiring physical access to a computer. If you suspect a hardware keylogger is present on your system, inspecting the keyboard's connection to the computer, or replacing the keyboard will solve the problem.

Form-filling software such as Roboform stores passwords, credit card info, and other information in a database, then enters it into Web forms as needed. This eliminates the user's need to type such data on the keyboard, and can prevent keyloggers from recording it. However, there are other forms of spyware which can intercept data posted to forms by form-fillers. (See Is Your Password Strong Enough? for links to password manager software, and tips on creating secure passwords.)

Speech-to-text software or virtual keyboards can eliminate the keyboard connection, too. However, the text has to get to its destination somehow, and that path may be vulnerable to clever keystroke loggers.

An antikeylogger program attempts to detect and/or disable keylogging programs. Antikeyloggers scan your hard drive for the digital signatures of known keyloggers, and look for low-level software "hooks" that indicate the presence of a keystroke grabber. Antikeyloggers and keylogger detectors are more effective against keyloggers than general antivirus programs because the latter often don't identify keyloggers as malware; keyloggers do have legitimate purposes, as noted above.

Anti-Keylogging Software Options

KeyScrambler is an anti-keylogger for Windows that works a bit differently. As the name implies, KeyScrambler scrambles your keystrokes with encryption at the driver level (the first layer between the keyboard and the operating system), then feeds them in decrypted form to the software application. The result is that keyloggers see only the scrambled keystrokes. Three versions are available, Premium ($45), Pro ($30) and Personal (Free). The free version only protects web browsers. The Pro and Premium versions add protection for other popular software programs.

Zemana AntiLogger Free is an anti-keylogger that claims to protect every application on your computer, not just your web browser. Like KeyScrambler, it uses keystroke-encryption to scramble every keystroke, and protect everything that you type. Zemana works on Windows XP, Vista, 7 and 8. A Premium version ($29) adds protection from keystroke-stealing malware that attempts to work by grabbing screenshots of what you're typing.

KL-Detector is one free program that will detect keyloggers, but it doesn't remove them. Although the KL-Detector web page says it's for Windows 2000 and Windows XP, I've seen reports that it also works on Vista and Windows 7.

Just be aware that your anti-virus program may flag these programs as malware, but you can safely ignore any such "false positive" alarm.

Some antispyware programs detect keyloggers by signature or by behavior; for example, programs which hook into keyboard APIs may be flagged as potential keyloggers. Ad-Aware, Malwarebytes Antimalware, SUPERAntiSpyware, Spybot-Search & Destroy and Windows Defender are examples of general purpose anti-malware apps that also have keylogger detection ability.

A final defense against keyloggers is a firewall that detects outbound traffic. A firewall can alert the user to unauthorized attempts to transmit data to the Internet, which could indicate a keylogger is trying to "phone home" with its log file. I have mixed feelings about the usefulness of outbound firewalls. See Do I Need an OUTbound Firewall?. If you decide it's for you, check out my list of Free Firewall Protection software.

Have you been bitten by a key logger? Do you have something to say about dealing with keyloggers? Post your comment or question.

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 19 Dec 2013

For Fun: Buy Bob a Snickers.

Prev Article:
Word Processing on Smartphone or Tablet

The Top Twenty
Next Article:
Get Free TV With Hulu?

Most recent comments on "HOWTO: Detect and Defeat Keyloggers"

(See all 28 comments for this article.)

Posted by:

bob price
20 Dec 2013

Would a two stage pw work? The second layer shows a picture of alphanumeric that you must repeat. It would change every time. [and NOT those annoying captcha things]

Posted by:

Charles Eldredge
21 Dec 2013

What about smartphones? It seems like there is not much protection available out there for them. I use Spybot on my pc for anti malware, and love it,, but it is not available for smartphones. A coupe months ago the keyboard on my android phone started having a long delay before popping up. I can't help but think this is caused by some sort of malware or keylogger.

Posted by:

Sharon H
01 Jan 2014

I know this is sort of late to respond to this threat but I had to share 2 items:

1. When I clicked on the KL-Detector link, McAfee Security Advisor flashed a big red Bad Site warning. It did scare me away.

2. I've picked up keyloggers twice. Each time what aroused my suspicion was that not only was the PC somewhat slow, but every time I typed something there was a discernible lag between the keystroke and the letter or number appearing on screen. The keyboard felt kind of "sticky" as a result. Sure enough, a scan caught them each time. It's been a while now. This just goes to show that, lacking as they are in some areas, it's still important to regularly scan your PC with whatever protective anti-malware programs you are using.

Posted by:

Mike Regan
11 Jan 2014

Been using LassPass, a form filler like Roboform, for a few years now and had no problems. On the occasional time when I need to type I will use Virtual keyboard.

Posted by:

12 Jan 2014

I downloaded Zemana's Keylogger Simulation Test Program and my Norton IS 2013 successfully blocked it. According to Zemana's FAQs, this means that Norton IS 2013 is already protecting my computer against keyloggers. So do I really need AntiKeylogger as well or wouldn't that just be over-kill?

EDITOR'S NOTE: Sounds like you should be OK with just Norton.

Posted by:

16 Jan 2014

I had it on my mac for 1,5 years, but thanks to little snitch all outgoing communications where denied. I learned about this spyware accidentally, while running Gfxcardstatus on my mac, when .BPK was preventing the program to switch to integrated graphic card…then I couldn't find any .BPK in finder ! Thanks god little snitch located the folder where the .BPK was nesting with it's dynasty.html pages. I was in chock when I opened this html with Safari and discovered all y passwords and logs data in there ! Thanks god I had this Little Snitch always on ! I do internet banking always from my mac, all emailings everything ! I suspect that maybe the Bastards got my password from one of my email because the password is always not correct !

Posted by:

lisa g
31 Jan 2014

i am not quite getting if there is a solution here. so, i get what the keylogger is, but i dont see how you are saying we can prevent it, find out if we have or other? Tx and look forward to a response.

EDITOR'S NOTE: I'm wondering if you read the entire article. I discussed prevention, detection and removal.

Posted by:

06 Feb 2014

Bob - Just an idea, but what if those of us who have a development platform on his machine could develop an application that sends a password or credit card number straight to the IE window by process to process data messaging or some other form of data exchange, thus bypassing the clipboard. The app could have the password/credit card number hard coded so it's never typed in and a button click would initiate the send. Do you think that would work to thwart a keylogger?

EDITOR'S NOTE: If you know how to develop an application that sends data to an IE window by process to process data messaging, by all means give it a try! :-)

Posted by:

07 Feb 2014

Yes, but if it could be done, would it bypass the keylogger?

Posted by:

22 Feb 2014

I have a seldom-used gmail acct that I've been hardening via Keepass generated Pwd, and only enter it via the random paste scrambler feature; a month ago, gmail alerted that it had blocked access from an unknown computer, using the password! I changed pwd, added 2-step auth via cellphone txt, so far no more alerts. Still, have no idea how the pwd to gmail was obtained, unless a keylogger has access to my machine. Very disconcerting.

Posted by:

28 Feb 2014

Just note that anti-keyloggers can be rendered useless if they run after the keylogger, which can then capture keystrokes and take control of the clipboard. I was surprised by this fact when running my own tests.

Posted by:

04 Mar 2014

NetSecurity, if you have something like Zemana set to launch at system start-up, it'll be fine, won't it?

Posted by:

05 Jun 2014

Can keyloggers detect past strokes or just ones done after it's installed? Assuming that if I reset my laptop back to factory settings, this would wipe out anything on my laptop and then any keylogger would only be able to detect current and future strokes, correct?

Posted by:

Abdul Jabbar
09 Feb 2015

Download hitman pro.It is the fastest antivirus,anti-keylogger etc.Scan time 3-4 minutes.

Posted by:

02 Apr 2015

One warning sign that I may have picked up a keylogger is that when I am typing I get what I call "sticky keys". To me that's when it feels like there is a slight lag between when I hit a key and the letter appears onscreen. It's an odd sensation that tells me to immediate start the scan(s). It's happened twice in the last 4 months.

I know there could be other causes but it is always a good idea to remain safe and stop everything and try to find the possible culprit.

Posted by:

Ed Andres
11 Apr 2015

Does PCMatic incorporate anti key logger detection, blocking, and removal in their antivirus?

Posted by:

Ed Andres
11 Apr 2015

Does PCMatic incorporate anti key logger detection, blocking, and removal in their antivirus?

Posted by:

16 Oct 2016

Hi. Is there any keyloger to install remotely from a Pc windows to Mac?


Posted by:

Reputable Hacker
29 Oct 2016

If you ever suspect your partner of cheating and you need the service of an ethical hacker, or you want to gain access to any facebook account, email, whatsapp or any social account or perhaps you want to change your grades, clear criminal records is all possible with Reputable Hacker. CONTACT: reputablehacker-at-gmail-dot-com or +17547026808

Posted by:

16 Mar 2017

Zemana AntiLogger Free is discontinued.

There's more reader feedback... See all 28 comments for this article.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.

Article information: AskBobRankin -- HOWTO: Detect and Defeat Keyloggers (Posted: 19 Dec 2013)
Copyright © 2005 - Bob Rankin - All Rights Reserved