|
|
|
|
#1
07/31/2007, 12:53 PM
|
|||
|
|||
|
Keyloggers - how to know if one is installed
Hello Gang,
Someone I know believes her work may have unlawfully installed a keylogger on her system. One message recently popping up is: "The device driver for the 'Compaq Easy Access PS2 Internet Keyboard' device is preventing the machine from entering standby. Please close all applications and try again" Now, that driver is for the keyboard, but could a keylogger interfere with it? How can you check if a keylogger or other sort of program of the like, is installed on a system? Thanks Lounge... |
|
#2
07/31/2007, 12:59 PM
|
|||
|
|||
|
Unlawfully??? She might want to check her company's policies concerning use of company equipment. ALL of the ones I've seen have basically said "you have no right to privacy when using a company computer or internet connection and the company owns anything you do when using company computers/internet."
That said, SpyBot S&D will detect most key stroke recording software but I'm pretty certain that company policy will require prior approval before installation of any software on a company machine. This is especially true of SpyBot since I think it's only free to individual users and not companies.
__________________
"In all seriousness the SEC is the strongest conference" GrimReefer |
|
#3
07/31/2007, 01:05 PM
|
|||
|
|||
|
Thanks Mutt; technically yes, but technically not (as of course I'm sure those company policies exist), but doctor/client privileges in this case the whole "company" does not have access to. So it is a fuzzy area...
Thanks again. |
|
#4
07/31/2007, 01:07 PM
|
|||
|
|||
|
Have her type a REALLY funny joke. If people in the IT department are heard attempting to stifle laughter, then she may have a case.
|
|
#6
07/31/2007, 01:11 PM
|
|||
|
|||
|
Quote:
Is this between her and her doctor or something that is directly related to her work? On the subject of a key stroke recorder, there are two issues. If you do SpyBot it, the recorder will document you doing it. If you find it, deleting it will tip off the boss as to what you're doing. I'd suggest SpyBot and then plan to play innocent saying you figured it was something malicious that came over the internet.
__________________
"In all seriousness the SEC is the strongest conference" GrimReefer |
|
#7
07/31/2007, 01:17 PM
|
|||
|
|||
|
Well, she's the doctor; yes related to her work as a doctor, but still deals with information that can only be obtained by subpoena or the sort I believe. Not concerned about the legality of it, just trying to find out if it is there.
Good idea on the delete...thanks. 
|
|
#8
07/31/2007, 01:21 PM
|
|||
|
|||
|
Ok, now I understand and that would be quite inappropriate for someone to be sniffing on that computer. There's some other packages that should pop it up as well, but I've always been happy with Spybot and it's free to download. I just wouldn't leave it installed on the machine for fear of a licensing issue.
__________________
"In all seriousness the SEC is the strongest conference" GrimReefer |
|
#10
07/31/2007, 01:22 PM
|
|||
|
|||
|
Quote:
 Thanks Mutt.
|
|
#11
08/01/2007, 06:03 PM
|
|||
|
|||
|
Some loggers are also physical devices which plug in serially with the keyboard cable and specifically state that they are undetectable by the typical scanning software. Have her look and make sure there is nothing plugged in that shouldn't be.
|
|
#12
08/01/2007, 07:16 PM
|
|||
|
|||
|
Have her go to trendmicro.com and use their free scan. It works pretty well and does a decent job of scanning for viruses, spyware and the like. For the most part, though, it is a company computer and chances are she won't be able to do much without company approval.
Now... the whole thing with that message could be that a program was uninstalled from her computer which may have altered the driver for the keyboard slightly rendering the standby button useless. I HIGHLY doubt that the message has anything to do with keylogging. If someone had installed a keylogger onto her computer, she would know it by now. The message that she is getting is more or less a system message, and in order to dupe it, there would have to be someone on the other end forcing it to pop up with that specific message. That type of program is otherwise known as a backdoor (old name is trojan although it has been widely skewed over the years). Some backdoor programs do have keylogging programs built into them, but they usually have to be viewed in real time as she is typing something on the computer. Do a good virus scan, if nothing comes up, and she can't find anything plugged in externally, then have someone come in and/or download the drivers and reinstall them.
__________________
"I and the public know What all schoolchildren learn, Those to whom evil is done Do evil in return." “Those things that nature denied to human sight, she revealed to the eyes of the soul.” |
|
#13
08/01/2007, 07:49 PM
|
|||
|
|||
|
the physical key loggers iv seen are in-line devices, that plug into the keyboard at the end of the plug, then that plugs into the computer , you disconnect the keyboard and check the end of it, if there is an extra do hickey... that could be a problem...
that error , to me, just looks like the standard sorta thing windows does.... standby is for laptops... its always gotten in my way on desktops... and even tho the hardware / software standards are nearly universal for keyboards its not unheard of for a bad driver / windows complication to exist... |
|
|
Linear Mode
