[HOWTO] Detect and Remove Keyloggers - Comments Page 1

What if you have an autofill function that saves and puts in the password for you? Can keyloggers read that too?

One approach to protect against key loggers is to create a document on a machine not connected to the internet then transfer the document, updated as needed, to your internet capable computer. You then copy and paste passwords never having to type them on the internet vulnerable (capable) machine. A little clunky and it requires another, perhaps your previous, machine but it may be better than nothing. It won't protect against screenshot stealing software though.

Dumb question, I know but can an anti-keylogger be any help if your pc is held ransom from malwares like Wannacry or others?

Hmmm...A keylogger detector a keylogger in disguise it could be...advise to "ignore any false positive" very confusing it is...

Bob another great article!

I have used Key Scrambler for quite a few years now, not really sure exactly how many. I am using it per an earlier article of yours and it was one that you highlighted.

I have never had an issue with my Anti-Virus protection and Key Scrambler. They have both respected each other's programs. Now, mind you - My Key Scrambler has always been the FREE version. I know it only works on the Browsers but I think it is good enough for me.

There is a Premium and Pro Key Scramblers. I am not interested in purchasing either one. The price is too high, in my book and both of them are only an annual subscription. I prefer a Lifetime payment on my Premium and Pro purchases - Please, that is only my opinion on this issue.

I feel comfortable using the Key Scrambler Free version. It has served me well, all these years.

It says to use auto fill pw managers like roboform, but I need to enter a pw to access my autoform....?

Wouldn't the key logger capture that pw and have access to all my sites?

Thank you for another great coverage of an important topic.
I am wondering if your feeling(s) regarding in/out bound firewalls usage has changed since you wrote the linked article.
There should be an "honorable mention" for FireFox' PasswordManager (w/a strong Master Password). Especially since the keylogger-desired credentials are mainly those that most people use within their browsers. Chrome and IE/Edge browsers also do provide similar locally stored credential security with minimal worry about keyloggers.

"Kyelogger Detector"? I don't think I need protection against a "kyelogger" but you might need a spellchecker.

Thanks Bob, I have learned so much in keeping my PC safe from ask Bob Rankin, Lot of good information, Again Thanks.

I rather like GhostPress (http://www.softpedia.com/get/Security/Keylogger-Monitoring/Ghostpress.shtml) and ScreenWings (http://www.softpedia.com/get/Security/Security-Related/ScreenWings.shtml), which are free.
Their efficacy can be checked with the Anti-Keylogger Tester (http://www.snapfiles.com/get/antikeyloggertester.html) (also free).

Hi Bob,

Very useful article, as always.

Can you advise about Bluetooth-connected keyboards, please? Is the radio traffic between the keyboard and its receiver on the PC susceptible to sniffing in any way?

Chris

I have a pretty good password database called Keypass 2. I've been using it for a few years now and it will easily generate any random password (except what my Army retired pay wants). I do have to log in with a master password though. So my thought is that I stay disconnected from the internet to open it and then before connecting I could clear my temp files or cache or something? Never tried but maybe it would work.

EDITOR'S NOTE: A keylogger doesn't need an Internet connection to capture keystrokes. It might well save them in a file, then transmit when the connection is available.

This might be a stupid question, will using the on screen keyboard keep a key logger from recording the key strokes?

@Chuck; thank you for your service to keep my pass safe ;)
No need to disconnect from internet. Depending on your level of paranoia, I hope the following information helps with KeePass:
(Keepass >> Options >> Security Settings)
+Lock workspace after XX amount of inactivity (user set)
+Clipboard auto clear after XX amount of inactivity (user set)
+Clear clipboard upon KeePass close +Enter Master Key on "Secure Desktop" +Use the Keepass "KeyFile Authentication" instead of a single MasterPassword (checkbox)
+Use the KeePass "Two-Channel Auto-Type Obfuscation" (TCATO) feature (checkbox)
+Add/use "2-Factor Authentication" (2FA) KeePass plug-in instead of a single MasterPassword or a KeyFile
+Employ a YubiKey hardware authentication device for use with your KeePass
+Do not store you encrypted KeePass database (*.kdbx) in your 'regular' Windows user directory and make backups often.
IMHO >> Simplest trick is to create a few page lorem ipsum text document and insert your password somewhere inside. +Make it a password protected Office document.
+Highlight, Copy+C/Copy+V and then overwrite ClipBoard should be plenty.
Happy July 4th.

@Egbok

Q. "This might be a stupid question, will using the on screen keyboard keep a key logger from recording the key strokes?"

A. Yes and no: it depends.
Some on-screen keyboards are merely accessibility aids that simulate keystrokes and are absolutely useless against software keyloggers (although, presumably, they'd work against hardware keyloggers); others such as Neo's SafeKeys (http://www.aplin.com.au/) and Oxynger KeyShield (http://oxynger.com/) are specifically designed to thwart (software) keyloggers.
Neo's and Oxynger are free.

I had an unfortunate experience. Someone used a key logger on the lobby computer in the Holiday Inn I was staying in one weekend. A couple days after arriving home, a friend of mine sent me the email the hacker sent to all in my address book asking him to send money to me in England, that I had used a cab and accidentally left my wallet in the cab, not to be recovered. Thus, I'm very careful in using common computer networks, especially those that don't require a password and especially those in separate business center rooms where no employee monitors. And I never log into a sensitive account unless the account requires TFA and it's over my WindScribe VPN.

Thankyou Bob,

A very interesting article, about something to really watch our for. I'll try each of the suggested anti-keylogger detection free trial programs and see if I've been infected. Hopefully with my arsenal of anti virus/spyware programs (Avast Free, Super Anti Spyware, Malwarebytes, Adware Cleaner, CCleaner, all of which I use each time after logging-off the internet, unplugging my cable internet modem when doing the cleaning scans. Haven't picked up anything drastic all these times, mainly only detect Tracking Cookies galore, especially after having played 'Just Words' on the MSN Free Games website. Is the Microsoft free games site rife with Tracking Cookies??? Most other times, my regular daily cleaning scans hardly detect anything. I hope with my practice, I'm able to prevent any keyloggers from installing themselves onto either of my computers.

Look forward to more of your interesting articles. May you have a nice day.

Cheers, Rok.

Bob, I just came across this article and I compliment you on a job well done in explaining keyloggers and the associated risks and such. I would like to make you aware of another company that developed products for protecting against keyloggers on Mac and Windows computers as well as on Apple and Android mobile devices. The company is Strikeforce Technologies and their products are GuardedID and MobileTrust. www.strikeforcecpg.com. Mobile devices are more vulnerable today and MobileTrust is a great solution. Regarding password managers, if your device is infected, then your master password or keys to the kingdom are at risk. Strikeforce's products will protect your password manager! Keep the articles coming as it is important to educate people on keyloggers!

While these suggestions are good for a pure keylogger attack, very few incidents involve just a keylogger.

Modern malware is capable of doing screen grabs and leveraging Windows Step Recorder (or other screen recording methods). Everything entered, by no matter what means will show up on screen and can be captured by these modern Trojans.

Just something more to keep us up at night.

Oh, and as to the comment about the public computer -- DO NOT USE public computers. Period. Bring your won device and connect using your own paid VPN service. That's the best practice when traveling. Don't even use the hotel room TV as a monitor. And do not trust hotel Ethernet Plugs.

And one more thing. Just because you see asterisks, does not mean that the signal leaving your PC is asterisks. This can be intercepted and logged too. Even password managers can be tapped in this way, although these programs at least attempt to encrypt at a very early stage.