In the past decade, consumers have significantly expanded the frequency of shopping, online banking, and business-related tasks accomplished online. Unfortunately, with the rapid growth of commerce accomplished on the Internet has come an equivalent (or greater) increase in the amount of computer malware deployed to include keyloggers used to steal the private information of computer users. As a result, a common task that arises is determining how to remove keyloggers from personal or work computers.
How Do Keyloggers Work?
Keyloggers are designed to record information on an infected computer and send to a remote server to allow hackers to steal usernames, passwords, and other potentially sensitive information. Modern keyloggers are capable of recording not only key strokes, but also mouse clicks, website history, files or folders accessed, and in more advanced cases take screen shots on the infected computer. Unlike other computer malware, a keylogger is more dangerous to consumers due to the fact they can be leveraged to steal end-user financial information to include bank account information, social security numbers, pin codes, and other required data. In the worst case, a person?s identity can be stolen by the rogue actor. Advanced keyloggers are made to evade detection ?in order to steal as much information as possible from the infected computer.
What are the Keylogger Types?
There are two primary types of keyloggers that can be installed on a computer: Software-based, and Hardware-based. The software-based keyloggers can be installed by either network administrators or rogue hackers without physical access to the targeted computer. Installation of a hardware-based keylogger requires physical access to the computer and can perform more advanced recording of information than packet sniffers installed on a local computer network.
How Do Software Keyloggers Work?
A software keylogger is created to run in the background on a computer and records keystrokes and other computer behavior. This information is saved to a file stored locally on the hard drive of the computer. Depending on the design of the keylogger, the recorded data is transmitted at predesignated intervals to a remote computer, server, or email address. Software keyloggers that save a large number of screen shots or that appear visible in the Windows Task Manager are easier for computer firewalls or antivirus software to detect and remove. As a result, many of the advanced software keyloggers are designed to not appear visible as a running computer process and take care to minimize the amount of data stored locally on the computer. Many of this type of keylogger are also capable of renaming the support files to run the software in order to avoid detection by spyware applications.
How Do Hardware Keyloggers Work?
A hardware keylogger is normally inserted in between the computer and the servicing keyboard. They require little computer experience to install and are able to record all keystrokes made to the internal memory of the keylogger. Hardware-based keyloggers are able to stay undetected by spyware or antivirus scanners and are more used in industrial or government espionage circles. Of the commercially available hardware keyloggers, the more sophisticated devices encrypt the onboard memory to prevent potentially sensitive information from being recovered by those without the proper access to the computer or the keylogging device.
Commercially Available Keyloggers
There are a large number of commercially available keyloggers designed for industry use which can be deployed for legitimate or less-than-legitimate purposes. Common traits amongst many of these applications include the ability to hide from the end-user, remaining resident in the background on an active computer, and sending out logs via FTP, email, or alternative server connection. Depending on the nature of the relationship between the software manufacturer and the major antivirus companies, a commercial keylogger may not be detected or fully removed on a full system scan. Some of the Keylogger toolkits available for purchase include Ardamax Keylogger, All in One Keylogger by RelyTec, and SpyTech?s SpyAgent. Prior to deployment of any commercially purchased or free keylogging software; however, the application should be tested for computer malware that may run counter to an organization?s goals of deploying the software.
How to Get Around a Basic Keylogger
Sometimes a computer user may suspect that their computer is infected with a keylogger, but may not be able to spend the time or money to acquire the proper detection and removal software. If this is the case, a possible work-around for a basic keylogger is to make use of the Windows Accessibility features to still use the computer without typing on the computer. This is not as good as removing the keylogger; however, it can help work around one not capable of taking screenshots on the possibly infected computer.
Step 1 ? Select the Windows ?Start? menu button.
Step 2 ? Then, choose the ?All Programs? and ?Accessories? menu options.
Step 3 ? Click the ?Accessibility? program option and choose the ?On-Screen Keyboard? menu choice.
These actions will open an on-screen keyboard that you can use to click the desired keyboard keys to login to a website or conduct other tasks. Using the on-screen keyboard will take longer to do the same work for most people as a traditional keyboard; however, if the keylogger installed on the target computer does not capture mouse clicks or take screen shots it can allow the end-user to work around the computer malware.
What are Common Keylogger Countermeasures?
The effectiveness of keylogger countermeasures can vary significantly based on the sophistication of the deployed keylogger, presence of additional computer malware, and detection or suspicion of the presence of a keylogger on the targeted computer. The most common countermeasures include employing an anti-keylogger, booting from a live CD, running an updated anti-virus or anti-spyware program, computer firewalls, using automatic form-filler applications, smart cards/tokens to encrypt user sessions, on-screen keyboards, keystroke interference software, and speech recognition software.
How Do Anti-Keyloggers Work?
An anti-keylogger is designed to compare all files saved on a computer?s hard drive against a database of known keyloggers. If one or many files are detected, they will provide an alert to the end-user of the presence of the software. Since they are made specifically to seek out and detect only keyloggers, anti-keylogging software can be more effective than anti-virus software in locating the potential computer malware. KL-Detector is a freely available keylogger detection software package designed for the Windows operating system (OS) that can be used to scan your computer at no charge.
Advantage of Booting from a Live CD
Another countermeasure that can prove effective against some keylogging software is rebooting your computer from a Live USB or CD. The CD or USB has to be scanned to ensure it does not have computer malware (or the suspected keylogging program installed on it) and include the most recent operating system (OS) patches. Loading the OS will not have an impact of a BIOS or hardware-based keylogger.
Using Anti-Virus Software
Most of the major anti-virus software manufacturers now include the ability to find, and disable or remove keyloggers. There are a number of cases; however, where a keylogging application is considered to be a legitimate program and may not be labeled as spyware depending on the anti-virus software manufacturer?s relationship with the keylogger software company. Detection of the advanced keylogging software packages now include heuristics, detecting patterns in executable code, and looking for known keylogger behavior. Similar to other computer malware types, anti-virus software is not fully effective in detecting all keylogging software and has no capability to counter hardware-based keyloggers. Anti-virus software is most effective at defeating (either through prevention, or detection and removal of) API or hook-based keyloggers.
Effectiveness of Computer Firewalls
Many of the computer firewalls available for consumer use now incorporate a reverse-firewall capability. This capability can be used to let the end-user know when an application on the computer attempts to make a network connection via FTP, email, or other means. Many times, this will be the first indication to the computer user that there is a potential keylogger installed on the computer. This warning will allow the end-user to deny the connection and prevent the keylogger from sending the stolen information to the remote administrator or rogue individual.
Effectiveness of Form Filler Applications
Form filling applications can be an effective counter to basic keylogging programs. If installed or activated prior to the installation of a keylogger, a form filler will allow users to use previously entered data for personal accounts, financial information, and other form-related data without typing on the computer keyboard. The use of a form filler does create other potential security vulnerabilities on a computer to include the ability of an individual to access private information if they can gain physical access to the computer while it is logged-in or deploying other computer malware designed to steal form data.
Using Smart Cards or Security Tokens
A security token system or smart card have been proven to be reliable against keylogger-based replay attacks. When these systems are employed, the security token is required to access the system in addition to the stolen password. Depending on the sophistication of the system, the token-based protection can work as a hardware-assisted one-time password system or in a challenge-response authentication. When employing a smart card, the reader will ask the user to input a PIN number to gain initial access to the computer. There have been some successful attacks against smart-card-based systems that leverage a supply chain attack after using a fake reader to record the end-user?s PIN number for later use.
Advantages of Keystroke Interference Software
For the uber-paranoid, keystroke interference software is available for commercial purchase. The technology is used to enter random keystrokes in an attempt to trick keyloggers. The remote attacker will still obtain all of the information entered on the computer; however, it increases the task-load of sorting through significantly more information in order to obtain the desired personal information. For a determined attacker, they will still be able to locate the information desired, but may delay the inevitable until the keylogger is found and removed through the use of complimenting countermeasures.
Using Speech Recognition to Combat Keyloggers
An increasingly popular alternative to typing on a keyboard is to use speech recognition technology. When properly trained to the end-user?s speech pattern, speech-to-text software allows programs to be run on a computer without typing on the computer. If a keylogger is designed to record the incoming audio, the file size of the stored information is likely to be large enough to be detected by keylogging detection or anti-virus software.
Other Anti-Keylogging Countermeasures
Some additional keylogger countermeasures include handwriting recognition and mouse gestures and the use of macro expanders and recorders. The handwriting recognition software is made to recognize touch-screen or stylus movements to represent text. Similar technology is used to recognize mouse gestures and both result in the keyboard use being minimized in order to enter private information online. Macro expanders can be used to send and translate combinations of keystrokes or mouse clicks into login and password fields on websites. The web browser must be in focus for this method to work and it is open to other means of attack from rogue operators.
How to Remove Keyloggers
If keylogger countermeasures have not been taken or failed, it may become necessary to remove the software from the computer.
Step 1 ? Download and install keylogging detection software onto the possibly targeted or affected computer such as KL Detector. This and other related detection software work by scanning the computer?s hard drive for log files created during the keylogging detection process. The majority of detection applications will not remove the keylogger; however, only alert the user to the presence of the software. The detection instructions are specific to KL Detection; however, will be similar to other detection tools.
Step 2 ? Accept the EULA (End-user license agreement) and close all open applications on your computer.
Step 3 ? Turn off the computer?s anti-virus program and the click the ?Next? button.
Step 4 ? The detection program will provide a list of operations to conduct such as entering text in Notepad, writing an email, opening a chat with another person, etc. It will also advise that you do not save any files to disk while scanning the computer for keylogger operations. This is to trick the keylogger into saving information to the computer to allow the program to detect the activity.
Step 5 ? Ensure you do not click the ?Save? or ?Open? menu options in Notepad or World while running the Keylogger detection application. During this phase of the process, the program will remain hidden in the task bar of the computer.
Step 6 ? If a Keylogger is detected, download and install an anti-virus or anti-spyware program to remove the program.
Step 7 ? Restart the computer after the anti-virus program installation and conduct a full-system scan of the computer.
Step 8 ? If they keylogger is not found by the program, remove the software through the ?Add / Remove Programs? application located in the ?Windows Control Panel? and install an alternative anti-virus program.
Step 9 ? Once the keylogger is located and quarantined by the anti-virus software, select the menu option to remove the program from your computer.
Step 10 ? Restart the computer and the keylogger will now be removed.
Step 11 ? If you have accessed any websites that require a login and password to access, consider immediately changing the passwords to the accounts since their access may be compromised.
Step 12 ? If relying on a free anti-virus program to remove the Keylogger, consider purchasing a commercial version that provides real-time protection against computer malware. If the package does not come with an option to add firewall protection, consider running Windows Firewall or finding an alternative that provides reverse firewall notifications when applications attempt to send information to remote destinations off of your computer.
VN:F [1.9.17_1161]
Rating: 10.0/10 (1 vote cast)
How to Remove Keyloggers, 10.0 out of 10 based on 1 rating bcs national championship 2012 university of alabama national championship game bcs game lsu vs alabama college football college football
