detecting a key logger

Okay, that’s weird, no text, let’s try again…

This maybe isn’t the typical kind of question that gets asked here but this message board still has the highest concentration of smart people that I know of, so here goes. (BTW, I already tried a board Search for this using the words “key log,” in case this has already been answered, but the rather asinine search refuses to accept words shorter than 4 letters, and the words “logging” and “logger” have no hits, sooo…)

My father is in a union. He does have a laptop which he mainly uses for union business, but he’s worried about the possibility that there might be key logging software installed on his computers at work, which could compromise their lawsuit by allowing the people they are sueing access to private correspondence. He wants to know how he can determine whether such software is in place.

I’m at a loss. I know that these programs frequently can hide themselves from the Ctrl-Alt-Del task manager and from the Alt-Tab process list. I have considered telling him how to use the built-in windows utility msconfig to look at the programs the computer is loading up at startup, but…

A) He’s not computer literate generally, other than stuff that makes the news. I’m not sure he’d fully comprehend the list of what he was seeing and understand what could be safely disabled.
B) I’m not sure if this utility would be considered illicit hacking or the like, and so whether it would be a good idea to use it at all.

On the other hand, it’s preferable to going directly into the Registry.

Likewise, I am trying to avoid programs that would have to be downloaded and installed, especially those that have to be purchased. I just need to know if there is some simple way to detect the presence of these programs; or if not, if msconfig is okay to use to check for this stuff. (If it matters, it’s a government agency - a state Department of Corrections.)

If anyone can give any advice here, it’d definitely be appreciated.

If your father is concerned about the company he works for logging his keystrokes then he’s out of luck, since they have every right to. If he’s concerned about someone outside of the company looging keystrokes, he really ought to to let his company’s IT department handle it. In any case, I really need to know who owns the computers in question and a bit more about the stuation before I’ll attempt to answer.

I have no idea as to your question but I can help you with your search…use a wild card.

Thus key becomes key* and log becomes log*.

Do a search for various keylogger S/W packages on the net. Note how these products advertise their stealth. Best advice I can offer. This area of computing was never my expertise.

I know a software caled "iOpus Starr " which is used for key logging activities.
From use I can tell you this very very good and there is absolutely no way to detect its presence.It doesnt show in ctrl+alt+del or in msconfig, not even in DOS.IIRC the only way to see if it is installed is to go to Start>Run>starrcfg If the software is installed it shows up.
Bad news is that it can be installed over a lan by the admin and the users will never know about it.
So you could try this.

Difficult to detect and looking at msconfig is not going to help you as typical KL program loading occurs prior to and outside of MS config listnigs.


Detect Keystoke Logging Software and Removal Instructions

or Detect, delete / remove keylogger, trojan or other spy software on your PC - free download! Detect keystroke spy

or Keylogger Killer 1.0

Also see this thread

Why no good deed goes unpunished

The freeware program Spybot - Search and Destroy can detect and remove many keylogger programs. If the computer in question is company property, one might want to think twice before altering it’s programming.

Thanks for the information. Especially thanks for all the links, astro.

This will not work. Wildcards won’t work with three letter words using the SDMB search function.


It would appear that they do - I’ve used wildcards to search for threads where I’ve been mentioned.

No. It would work if there was something after the qts like a comma or a period. You won’t be able to find this post.


…but you will find this one, qts.