-3

Is there any way to manually detect if malware, specifically a keylogger is installed? Looking for answers on XP, 7 and 8.1.

For example, is there a combination of any of these options that can positively identify the malware:

* places to look in the registry
* processes running in Windows Task Manager
* writing an application myself (eg. in Visual Studio) to hook WM_XXX messages

I'm looking for technical details to investigate this manually ie. NOT using something like an AV that just reports it. 3rd party tools that technically help identify and track down the presence of the malware might be useful.

UPDATE: Have discovered this superuser article which more or less covers what I was looking for. Recommend readers who find this question re-direct to that one.

Community
  • 1
AlainD
  • 5,158

1 Answers1

1
  1. Press Windows+R keys, then type msconfig in the line and press Enter. Select Startup tab and disable all the unknown programs Then restart your computer.
  2. You should also look through the list of the installed programs. So, click Start menu, then All programs, try to find there the program that you did not install. Uninstall such programs.
  3. Press Ctrl+Alt+Del, then select Task Manager in the menu. Select Processes tab, scroll the list. Find the process that is called winlogon.exe. One process with such a name is a normal thing, but if you have two processes with the same name, then you have a keylogger. Highlight the second winlogon.exe and click End process (you should end only the second process with such a name). If the above steps don't work, then Malwarebytes anti-malware software will surely help you out.
karel
  • 13,706