Security

SolutionBase: Discover hidden keyloggers on your system with KL-Detector

Keyloggers can record all keystrokes on your computer and then send that information to hackers. Here's how you can use KL-Detector to quickly determine if a keylogger is running on your system.

Among the plethora of spyware, adware, viruses, and worms, there hides a nasty little problem known as the keylogger. It's becoming and increasing threat for business. Here's how you can discover keyloggers on your workstations using KL-Detector.

What's a keylogger?

A keylogger is a program that tracks and records keystrokes on a workstation. It usually runs in the background, intercepting all keyboard calls to application software. As it captures the keystrokes, it records them to a file. At that point, the keylogger will transmit information to a hacker or wait for the hacker to hack back into your workstation and retrieve the recorded file.

Keyloggers don't capture screen outputs that result from entering data, but they will capture anything you enter into any application. As such they're useful ways for hackers to capture user IDs, passwords, and other important data. Because this information is so vital, you'll want to make sure you can detect and defeat something like a keylogger.

What's KL-Detector, and how do I get it?

KL-Detector is a piece of software that will help detect keyloggers on your system. It doesn't actually defeat or remove keylogging software, it only points out that a keylogger exists.

KL-Detector is freeware. You can download it directly from the author's Web site. The program you'll download, kldetetector13.zip is very small—only 13Kb, so it will download in a flash.

When you open the ZIP file, you'll find two files. The KL-Detector application and then a Readme file. There are no fancy setup files or anything you need to worry about. To run KL-Dectector, simply run KL-Detector.exe. KL-Detector is only designed to run with Windows 2000 and Windows XP. If you're still running Windows 9x or a different operating system, you're out of luck.

Running KL-Detector

When you run the executable, the first thing you'll see is a license agreement screen. When you click next, you'll see a brief introduction screen appear. It will tell you a little bit more about KL-Detector. You can just click Next to bypass it.

The next screen discusses the importance of closing all running programs before using KL-Detector. It even wants you to terminate all programs in the Taskbar, including any anti-virus software you may be running. This warning is a little bit disconcerting, but if you leave the anti-virus running you may get some false positives.

After you've closed all running programs and clicked Next, you'll see a screen that prompts you to do some common tasks on your computer. Each task is supposed to imitate what you'd do in real life. KL-Detector will use these processes to watch your computer to see if anything else is running that will capture data you enter.

When you click Next, KL-Detector will minimize to the task bar. Perform the steps one by one. Don't open or save any files while you do things because otherwise KL-Detector will register a false-positive. That happens because KL-Detector is looking for events that write to a file.

When you click next, you'll see a screen telling you how long to perform the tests. Three to ten minutes usually does it. Watch the taskbar as you work. You'll see the KL-Detector ? icon. If it changes to a ! then you may have a keylogger on your system. Stop and check it.

KL-Detector limitations

KL-Detector isn't perfect by any means. It's very prone to display false-positive results, indicating that there's keylogger on the system when there isn't. That's why you must carefully check the logs when you're done and not panic just because a ! appears. For example, when testing this program, KL-Detector indicated I had a keylogger on my system when using Firefox just because Firefox wrote to a cache file during testing.

KL-Detector also won't reveal exactly what the keylogger is that's on your system. It will only tell you what files were created when it ran. You'll have to do some additional research on your own to determine what keyloggers exist.

Finally, it won't actually remove a keylogger. As the name suggests, KL-Detector only detects keylogging activity. It's up to you to determine what the keylogger is and how to remove them.

Stopping keyloggers

Beyond those limitations, KL-Detector is a great way to determine if there are any keyloggers on your system. As these programs become an increasing threat, it's important to have a way to detect and defeat them. KL-Detector is a good place to start.

Editor's Picks