Security

SolutionBase: Discover hidden keyloggers on your system with KL-Detector

Keyloggers can record all keystrokes on your computer and then send that information to hackers. Here's how you can use KL-Detector to quickly determine if a keylogger is running on your system.

Among the plethora of spyware, adware, viruses, and worms, there hides a nasty little problem known as the keylogger. It's becoming and increasing threat for business. Here's how you can discover keyloggers on your workstations using KL-Detector.

What's a keylogger?

A keylogger is a program that tracks and records keystrokes on a workstation. It usually runs in the background, intercepting all keyboard calls to application software. As it captures the keystrokes, it records them to a file. At that point, the keylogger will transmit information to a hacker or wait for the hacker to hack back into your workstation and retrieve the recorded file.

Keyloggers don't capture screen outputs that result from entering data, but they will capture anything you enter into any application. As such they're useful ways for hackers to capture user IDs, passwords, and other important data. Because this information is so vital, you'll want to make sure you can detect and defeat something like a keylogger.

What's KL-Detector, and how do I get it?

KL-Detector is a piece of software that will help detect keyloggers on your system. It doesn't actually defeat or remove keylogging software, it only points out that a keylogger exists.

KL-Detector is freeware. You can download it directly from the author's Web site. The program you'll download, kldetetector13.zip is very small--only 13Kb, so it will download in a flash.

When you open the ZIP file, you'll find two files. The KL-Detector application and then a Readme file. There are no fancy setup files or anything you need to worry about. To run KL-Dectector, simply run KL-Detector.exe. KL-Detector is only designed to run with Windows 2000 and Windows XP. If you're still running Windows 9x or a different operating system, you're out of luck.

Running KL-Detector

When you run the executable, the first thing you'll see is a license agreement screen. When you click next, you'll see a brief introduction screen appear. It will tell you a little bit more about KL-Detector. You can just click Next to bypass it.

The next screen discusses the importance of closing all running programs before using KL-Detector. It even wants you to terminate all programs in the Taskbar, including any anti-virus software you may be running. This warning is a little bit disconcerting, but if you leave the anti-virus running you may get some false positives.

After you've closed all running programs and clicked Next, you'll see a screen that prompts you to do some common tasks on your computer. Each task is supposed to imitate what you'd do in real life. KL-Detector will use these processes to watch your computer to see if anything else is running that will capture data you enter.

When you click Next, KL-Detector will minimize to the task bar. Perform the steps one by one. Don't open or save any files while you do things because otherwise KL-Detector will register a false-positive. That happens because KL-Detector is looking for events that write to a file.

When you click next, you'll see a screen telling you how long to perform the tests. Three to ten minutes usually does it. Watch the taskbar as you work. You'll see the KL-Detector ? icon. If it changes to a ! then you may have a keylogger on your system. Stop and check it.

KL-Detector limitations

KL-Detector isn't perfect by any means. It's very prone to display false-positive results, indicating that there's keylogger on the system when there isn't. That's why you must carefully check the logs when you're done and not panic just because a ! appears. For example, when testing this program, KL-Detector indicated I had a keylogger on my system when using Firefox just because Firefox wrote to a cache file during testing.

KL-Detector also won't reveal exactly what the keylogger is that's on your system. It will only tell you what files were created when it ran. You'll have to do some additional research on your own to determine what keyloggers exist.

Finally, it won't actually remove a keylogger. As the name suggests, KL-Detector only detects keylogging activity. It's up to you to determine what the keylogger is and how to remove them.

Stopping keyloggers

Beyond those limitations, KL-Detector is a great way to determine if there are any keyloggers on your system. As these programs become an increasing threat, it's important to have a way to detect and defeat them. KL-Detector is a good place to start.

14 comments
rth777
rth777

Process Guard by Diamond CS Software gets my vote. This thing ROCKS!! Nothing goes on behind the scenes with this thing installed. Almost TOO secure- is that possible? Worth every penny of the...$30? I love it! http://www.diamondcs.com.au/

Jaqui
Jaqui

no way, I don't have to worry about hidden keyloggers on my system because I don't use microsoft products at all. nowhere. the fact that microsoft's expensive products require you to bog the system down with additional products to protect yourself is proof that microsoft products are not meant for professional use.

D.H. Cesare
D.H. Cesare

McAfee Site Advisor advises against downloading from this site.

D.H. Cesare
D.H. Cesare

a number of good ones if you have the $30 to spend. Due to a heart condition which prevents me from working, I have an income of $123 per week, so there isn't much difference between $30 and $1,000; don't have and can't get either one. So I like the FREE ones if they're any good. Thanx

mtn.brk
mtn.brk

Don't you just feel so superior.

rth777
rth777

Fantasyland. That is open source. The world of business still operates on Redmond products no matter what anything believes. There are days I'd love to nuke Redmond but they do keep me well paid for maintaining their (unprofessional) products. I love LINUX as much as the next guy. However, I'm not living in Fantasyland and receive real money for my work.

robindor
robindor

I have just checked this site using the Firefox SiteAdvisor add-on (extension): It has no objections to the site at all as far as I can see. However, I find SnoopFree to be pretty unobtrusive and effective. I've run it for about six months.

okn916
okn916

I can recommend the "Snooper" its free and totally blocks everything! You have to create rules for each application as it hooks your screen so bit of a pain to begin with but once you've logged on a few times and run your apps just forget it. As to Macafee and other progs giving security warnings its just not that well known even "HiJack This" doesn't recognise it (at least it didn't last time I checked.

jdclyde
jdclyde

A mixed environment, using the best tool for job. The gap is narrowing quickly on where Windows was and Linux is.

Jaqui
Jaqui

the gap will not ever really narrow since Ms insists on doing stupid things like have rpc go to an online server to get code that is on the local machine. why not have rpc use loopback and only go online location if the required code is not locally available? and, better yet, require user permission every time it has to go online to get code? that would go a long way to being more secure just in itself.

Editor's Picks