Re: Suspected Keylogger... Need Advice

From: Wheaty (
Date: 07/24/05

Date: Sun, 24 Jul 2005 18:07:38 -0000

J.F <> babbled on about this news:4k44e15qgjq4ecrhbarm364gl14v7b6vod@

> Hi,
> I have a PC which I suspect has a hardware key logger. There is no
> physically evidence of such, but none the less, I have to presume a
> key logger is on my system and need to take temporary measurers to
> avoid it
> I've thought on ways I could avoid it and came up with this following
> idea.
> I type the first word of my passphrase in the bestcrypt dialog box. I
> then switch to notepad and typed in some other random words not
> connected to my passphrase. I then switch back to bestcrypt dialog box
> and type in the next word of my passphrase, and again, switch back to
> notepad and type in more random words. I do this repeatedly until I
> complete my passphrase.
> Now, with the method I just described, would this thwart a key logger
> attack? would the key logger know which words were being typed into
> which window?
> If it can then obviously this method is useless, but can anyone
> confirm this for me?
> I would be grateful for any ones expert advice on this matter as It is
> extremely important.
> Regards.
> JJ

My first question is who owns the system? If it is yours tear it down. If
it isn't, then find out why they are logging your key strokes. Depending
on where you live, it is mandatory that they inform you they are
recording/monitoring your activities. Some places do not need to do this
though, so check the local laws.
My next question is, what makes you suspect a keylogger? Most over the
counter hardware keyloggers have physical evidence (usually a small
attachment between the keyboard and main board) and are spotted quite
quickly by anyone with a little know-how, however their activities are
undetectable (for the most part). Other, more surreptitious units, can be
very difficult to trace, and the best solution is to simply replace the
keyboard (usually) or suspected offending piece of hardware. I would have
to ask, if they went to enough trouble to install a custom made keyboard
with a logging device in it, did you do something to warrant it?
Also, if somebody is going to all the trouble to record your activities,
there is a fairly good chance that they are capturing any network traffic
generated by your workstation as well. Any Sysadmin worth his salt would
cover his ass as much as possible. This is assuming this situation is at
work, and not at home.

I would much rather have a bottle in front of me than a frontal