Hello. I did some searching on these forums about keyloggers and about how to tell if you have one. Supposedly, really "effective" ones are very difficult to detect. So, here's what I'd like to know if anybody has any info: Are these keyloggers considered a virus, and will antivirus protection pick it up? (I have NOD32 Antivirus System) Or, are these keyloggers considered spyware? The way these things get into your system: is it by just visiting a web site, or is it by running an executable? I also use Ad-Aware. Here's something I thought was weird: I have a folder that I created that I download all my files to WHENEVER I download something. And as soon as the download is complete, I go to that folder and right-mouse click on it, and from the pop-up menu, I choose a manual virus scan right away. Invariably, it comes up clean. And then recently, I did a whole system scan, and the results came back with Keyloggers discovered in 7 zip files. And, the thing is, all of these zip files were "trainers" for various computer games I have. Those of you that play games probably know what I'm talking about; they're sort of "cheaters" that enable you in a game to have, for instance, infinite health or weapons/ammo, etc. I said "weird" up above? That's because I've had these trainers for a while, have used them before, and downloaded them from supposedly "trustworthy" sites. And as I also stated, when I originally downloaded them, I did a manual virus scan on them which came up clean. How is it now that supposed Keyloggers are in them? Could I have downloaded something else that was "infected", executed this, and that THIS somehow infiltrated and infected these zip file trainers? On the search I mentioned on this site: software that's available to detect if your system has keyloggers...any really good freeware ones out there? I'm already using antivirus and spyware detection software, but is there something that's really good that's specifically geared towards this keylogger stuff? Anybody have some answers to the questions I've posed? I'd appreciate the input. Thanks, Pez

Could it be that when you downloaded and scanned the infected cheater files, that the anti-virus definitions didn't contain a definition for the supposed keyloggers? Anti-virus and anti-spyware programs don't just magically know if a file is malware or not. They rely on definition files as a type of database of known malware for which your local files are compared against. There's always a lag in definition file updates to newly discovered malware, when it surfaces. Maybe only your updated definition files were able to recognize them. Of course, as you mentioned, it's possible that the files became infected later from downloading some other infected file. Who knows? "The way these things get into your system: is it by just visiting a web site, or is it by running an executable?" If you are unwise enough to be surfing the 'Net with an unpatched version of IE, then yes! You can pick up nasties by merely visiting malicious Websites. I don't have any suggestions on the free software you're seeking however, it sounds to me like at least one of your anti-virus/anti-spyware programs already found and identified them! Is that not what you are looking for? I'm a little puzzled! k_Rob - kk7av

Hi Rob; thanks for the reply. You have a valid point with what you said about there being a lag in definition file updates. Although, with both my anti virus and spyware detectors, I frequently check for updates. I also keep IE updated and patched by going to the Windows Update site and getting all the latest security fixes. I use ZoneAlarm too as my firewall. You have another good point where you said, "...it sounds to me like at least one of your anti-virus/anti-spyware programs already found and identified them! Is that not what you are looking for? I'm a little puzzled!" Yes, I suppose it is good that they were found and "zapped", but it just bugs me that they got past me originally and got in there, into those zip file trainers. I just thought - maybe - that there was a piece of software that SPECIFICALLY targeted keyloggers. But if my anti-virus/anti-spyware programs are picking it up, I suppose I should be grateful. It's just that these little b---tard keyloggers are always changing and mutating, eh? Have to keep vigilant! Pez

Network security is a matter of "Zone" defense. I don't mean ZoneAlarm per se, though that can be part of the defense. I mean "zones" of defense. Keep your operating system, AntiVirus, and antispyware definitions up to date and run periodic scans on your machines, usually at least once a week. Use a router firewall solution for basic firewall protection but follow this up with a software firewall on each machine that blocks outgoing traffic from unauthorized programs. Never run anything on your system that you haven't scanned for malware first. Most importantly regularly backup your system files and all data files (saved games, documents, email, etc.) that you want to keep.

I have a general security lockdown measure for Windows XP computers. Since you're trying to prevent "nasties" from getting in, I think this might be of some relevance. By default, all user accounts on Windows XP are administrators. This is a Bad Thing. It means each user has unrestricted access to the entire system. If you accidentally ran a "dodgy" application, it has full access to the system. It can do anything, as a lot of malware clearly illustrates. The solution is to sort out this mess. Firstly, there should only be one administrator account. All other accounts should be a member of the Users group. For day-to-day activities, you should use one of these "limited" accounts. When you need to install an application or change a system setting, you can right-click and select "Run As". This then allows you to enter the Administrator password and that instance can run with elevated priveleges. To configure your user account settings fully, type control userpasswords2 in the Run box. If you configure your system in this way (and educate any other users), you have literally stopped 80-90% of malware in its tracks! I'm serious; since making this change a few years ago, I have never had malware. Free PC Help forums MiniApache

Absolutely true! I couldn't have said it better myself! Thanks for adding that great info, James! Too bad XP defaults to giving super-user privs. If this weren't the case, I agree, a majority of malware would be ineffective or cause minimal damage. Instead of rebuilding the machine after a user has opened an infected attachment, the IT guy would merely have to rebuild the user's account - much less of an undertaking! k_Rob - kk7av