Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Can I tell if a keylogger has been installed on the machine I share?

Question:

We are two people using the same computer. I used to trust this person until I found out that he had my Facebook password. I changed it, and a second time he was able to get it. I suspect keylogging software. I don’t want to open this computer again before knowing what to expect. I read that such software run invisibly and that I can temporary deactivate it when I log in by checking the processes running. I need your help to explain to me what I am about to do. If I stop the process, does it really deactivate the keylogger, and how I can find out which software is downloaded and what to do about it?

For obvious reasons keylogging software falls into the broader category of “spyware”, since its very point is to spy on you.

Ultimately, my news for you is not good.

I do have some advice. Unfortunately, you probably won’t like it.

Become a Patron of Ask Leo! and go ad-free!

My advice is this:

“Sharing a computer with someone you don’t trust simply cannot be done safely.”
  • Get your own computer.
  • Set it up securely so that only you can log in to it, and never leave it logged in when you’re not around.
  • Change every password and every security question to every account you accessed from the share computer.

I know, it’s super harsh, but it’s really the only solution. Sharing a computer with someone you don’t trust simply cannot be done safely.

The instructions that you read sound great in theory: identify the keylogger and disable it. What could be simpler?

The problem is that keyloggers, and spyware in general, have worked incredibly hard to not be found. Heck, an entire industry is built around identifying and removing spyware, and even that industry – as large and as sophisticated as it is – can’t remove everything with 100% reliability.

I couldn’t even begin to tell you what processes to look for – there are literally thousands of possibilities, and even that wouldn’t be an exhaustive list. It’s just not that simple.

Yes, you can try anti-spyware software if you like. It may or may not find something. Will it find what your friend has installed? Hard to say. What you probably can be sure of is that your friend will then notice, which I’m sure is also not something you want to have happen by the way you worded your question.

Nope, the only true solution is the most difficult one: don’t share a computer with someone you don’t trust.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

21 comments on “Can I tell if a keylogger has been installed on the machine I share?”

  1. One very easy way is to check if there are hardware loggers. You find them on the keyboard cable. Very simple to connect a small device between the pc and the cable connector.

    Also, look into Roboform to Go. Per their website:
    “Fights “phishing” and “keyloggers” by filling passwords only on matching websites, and not using a keyboard.”

    Reply
  2. I’m afraid I have to agree 100% with Leo. Most of the spyware & keyloggers that are caught by anti-spyware scanners are the kind that are either deposited by malicious web sites or not very well written freeware.

    I have a client that asked me to install monitoring software they purchased onto all of their employee’s (company owned) systems. To be sure it wouldn’t be detected, we tried scanning with their anti-virus software (Norton), AdAware, SuperAntiSpyware and Malwarebyte’s Anti-Malware. None of these well known products detected a trace of the monitoring software, which includes a keylogger.

    As you can see, this well-written commercial product was able to successfully defeat several reliable scanners, so, it can be done.

    The only way to secure your computing experience is to use your own system with a userid/password combination known only to you.

    Keep in mind, as Leo has mentioned countless times before, it’s best to also limit physical access to the system as there are many password crackers readily available that can be used to access your system without your knowledge.

    Reply
  3. A simple stop-gap solution would be to first check for the hardware keylogger, as AguilaFan suggests, and, if it’s not there, create a CD that contains the ubuntu operating system. Doing this, each time you use the computer you can boot into a pristine OS where you won’t have to worry about what he’s installed under Windows. Plus, since data can’t be saved to the CD, each time you run it it’ll be like it’s reset back to the factory standard settings (good for security, not so good for ease of use). Your friend also won’t be able to tell that you’re doing this (as far as I know).

    This method is secure, easy, and free, assuming you have a disc burner and a blank CD or DVD. The only technical know-how required is being able to download a file and burn it to a CD. If you’re not sure how to do that, well, there’s plenty of sites that can show you how to make an Ubuntu disc.

    Reply
  4. Hi,
    1) I will advise you to use portable browser (run from USB pen drive) and configure it with use auto fill option using another computer. Then plug it to your computer and when any website ask for login & password then use predefined dropdown login and password.
    2) Use keyPass software

    Reply
  5. Hello
    there is a programmer that writes in VB and she has a whole bunch of apps one of them is called proccess running — this might determine whats running in the back ground — do a google for “karens ware”
    cheers

    Reply
  6. Personally, I’d forget all the advivce here and get a new friend/housemate. If he’s messing with your digital privacy, you can bet he won’t/hasn’t stopped there.

    While I typically don’t do relationship advice (I’m a computer geek, after all), it’s hard to argue with your point.

    – Leo
    15-Jul-2009

    Reply
  7. I’m not sure if this has been suggested:
    First confront the person(assuming he/she is a person you trusted) and ask about this.
    Declare you are taking your computer back and rightfully do so. REMOVE all (Web, Net…)internet connections on this computer.
    Back up your documents onto media which you believe is not tainted(Optical disks have an advantage here over UFD’s, HD’s, or re-writable crap optical disks).
    Consider a fresh install of your OS and apps.
    Also consider how you have ‘kept track of’ your passwords/log-in credentials. Any patterns you have might need to be changed. Any paper (or digital document) trail can be traced. Try to avoid this unless ONLY you have access and knowledge – – and even deciphering ability ^^ — to.
    Depending upon the nature of this(suspected?) attack, perhaps software was used which is beyond the scope of conventional search methods.

    Check all your internet AND browser options to make sure no passwords/credentials – – or even history — are saved/remembered(logged).
    Restrict access to the Internet to applications which you use and which might save personal information about you(registration, credentials, familiar data/info), all of which may clue someone in to your possible access codes to, say, Facebook.
    Good luck.

    Reply
  8. Also, consider contacting any on-line associations you know have been made by/through your name/identity via phone or e-mail to ask for any strange activity, and if necessary restrict your account(s), monitor or investigate(they’re doing it anyway^^) or lock out your account or change your credentials and/or account numbers/names.

    Reply
  9. If your using Windows XP,try Kaspersky Internet Security,it has proactive defense,which detects running programs at startup,if you dont know the program,put it in blacklist,or dont allow this program…or you can also use the virtual keyboard from that Kaspersky software.

    Reply
  10. Why don’t you to use Windows On-screen keyboard to enter your username and password? Keyloggers do not recognize these virtual keyboard signals as it do with physical keyboard’s.

    Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard

    No. And I may need to write a full article on this. A keylogger can log much more than keys. It could, for example, take a screen shot each time you click the mouse. This would capture whatever you do with the on-screen keyboard as well. I’m not saying that all keyloggers do, but that they can, and relying on an on-screen keyboard my give you a false sense of security.

    – Leo
    15-Jul-2009
    Reply
  11. Some programs not only record keystrokes but also screen captures. For that matter, there could be a wireless video camera watching you right now that looks like a book or something else. [creepy music interlude :) ]

    Encryption is useful only in transportation/storage of data.

    I thought to address the relationship/trust issue, but that’s much more complicated than spyware. You must know what is most important to you and guard who has access to it: Thoughts, Feelings, People, Resources.

    Your past was in your control; your present is; your future can be.

    Reply
  12. can a key logger obtain paypal password?
    can it then be used to empty my bank account?
    and if so does this not make paypal unsafe?

    Yes. Yes. Not if you don’t have a keylogger. Keep your computer safe and up to date, don’t engage in risky on-line behaviour, don’t do things that would allow keyloggers to show up in the first place. I use paypal all the time.

    – Leo
    19-Jul-2009

    Reply
  13. First, to Leo Notenboom himself, who wrote:

    
              "...Will it find what your friend has installed? Hard to say.
                  What you probably can be sure of is that your friend will
                  then notice..."            --Emphasis added.
    

    I have a question, Leo: Why do you insist upon calling this Piece of Scum, his “friend”??? With a (quote) “friend” (endquote), so-called, like that, I sure the h*ll wouldn’t need any enemies! This person is clearly a criminal; your querant needs to go to the police, ASAP!

                                -=-=-=-=-=-=-=-

    Next, to Ian Rennie, who wrote:

    
                 "Can a keylogger obtain [my] PayPal password?
                  Can it then be used to empty my bank account?
                  And if so does this not make PayPal unsafe?"
    

    ANSWER: Well, “Yes”, “Yes”, and “Yes” — but, just to be clear, keyloggers make ANYTHING done on a computer “unsafe”, period — it really doesn’t much matter what. It has little or nothing to do with “bank accounts” or “PayPal”; if the security of your computer is compromised, then YOU AIN’T GOT NO SECURITY!, period!       :(

    Reply
  14. I agree with Paul. Get a new roommate. Trust has to be earned (or won back with a lot of “watching” the other person to see if he continues to act trustworthy). Leo has said time and time again, if your machine is not physically secure, it is NOT secure. On another tack, we were just informed by our insurance company that they now sell identity theft insurance. If a reputable insurance company is offering that kind of service, you can bet there is money to be made. The last statistic I read is that one in five people will suffer from ID theft.

    Reply
  15. There is a key logger that does not require any software to be installed on the computer so it is 100% undetectable. During the course of an investigation I was involved with I have used one. It was in a corporate setting where security software inventoried everything installed on the computer when it booted up and matched it against a database that showed what should be on the PC. Any deviation brought the IT guys and the unauthorized software was removed. The logger was never detected over the 8 months it was used. The detection program could NOT find it because there was nothing to find. There are models for both standard keyboard connectors and USB types. The logger plugs into the keyboard connector on the PC and the keyboard plugs into it. The logger’s plug duplicates the real keyboard plug exactly and it has an 8 inch lead on it so it can be concealed behind or under a desk or table. They are small, about the size of an AA battery. The device is passworded so if discovered can’t be opened without the password. Any word processor program, even Wordpad or notepad, can open the contents for viewing. Another common type of monitor/trap connects into the Ethernet cable in the same way. It plugs into the Ethernet port and the cable plugs into it. Both types come in various storage capacities. Although the latter will trap Ethernet traffic, it won’t get keyboard info. Both types are readily available and fairly inexpensive. For software based monitoring, one I recommend to parents, there is a program called Web Watcher which records EVERYTHING! The beauty of this is that the collected data is stored online so there is nothing the computer savvy person can find on the monitored PC. The results can be checked from any Internet capable PC which can be useful to check Little Timmy’s activity at home from the office. (I’m not affiliated with the manufacturer or distributor and mention it only because after looking a dozens of this type of program I think it’s the best.) If you feel turnabout is fair play and want to catch your spy, this is the tool to use. It can also take random screenshots if so configured. A warning though: spying can become an all consuming, mind numbing addiction! I have seen people, in the absence of any discovered wrong doing on the part of the person being spied on, become totally obsessed that the suspect is just being more clever and devious. This always leads to the belief that increasingly extreme measures are needed to prove the perceived wrongs. Please take that very seriously! Remember: this cuts both ways: whether it’s the person spying on you or you turning the tables on them. The best advice may well be to get away from that person and change every password you have used, redo email accounts, and everything you can think of. If you pay bill or bank online, that information may be compromised as well. Godspeed in you endeavor to free yourself!

    Reply
  16. I used software like that to spy on my EX-wife and was confronted by a law suit that states, if you monitor another persons computer, you must notify them…Take time to read the small print in the legal disclaimers of these programs…it cost me close to $70k to settle [edited]…just a word of warning

    Reply
  17. @Rob. Sorry about that costly experience. I think in this case it was a shared computer. If you OWN the machine being used I can’t see why you can’t monitor your own machine. Why would it be any different from say, pointing a video camera on your driveway if your car keeps getting broken into? If you installed such software on a computer owned by someone else I could see a potential problem. I also would guess the judgement amount you cited was the divorce settlement and not solely a punitive fine for installing the monitoring software. The problem with using this kind of information is the overwhelming temptation to use it as a cudgel when emotion over-rides the intellect. As I said, I recommend this program to parents if they have a reason to be concerned what their kids are doing online. I’m certainly not a lawyer, but I think that’s well withing the boundaries of parenting and I doubt 14 year old Johnny or 16 year old Susie is going to sue their parents over monitoring Internet usage. I don’t think there is a single case of a company successfully being sued for punishing an employee for using a company computer for unauthorized activity, said activity found through monitoring. See below.

    To respond to the comments about “professionally written software” I checked out a PC for a guy that he thought was being monitored. I opened up things with Windows Explorer and browsed through a few folders with odd names. When I opened one labeled “Junk” I saw three programs in it that turned out to be a keyboard logger, a web traffic trap, and another program that took random screen shots. This was at a corporation that also used monitoring software to insure nothing unapproved was loaded onto machines. Obviously, they had approved it. I had him get his union representative and showed him what I had found. The software was removed but not before he was given a 30 day suspension for inappropriate use of a company computer. Installing the software was allowed only under the narrowest of conditions, and this didn’t quite fit the guidelines. While technically he did misuse the PC, he wasn’t doing anything everybody with computer access was doing, and far less than some. He was an abrasive character who got in a position to create problems for people so there was an on-going effort to fire him. The monitoring software was just part of the ploy. The point is, I know at least some of this software leaves a folder somewhere. It could be hard to find with a full hard drive, but with a few simple tricks, view hidden folders enabled, an some poke and peek, it often can be found. The company later set things up so over a certain amount of time connected to the Internet had been exceeded, that employee’s account was monitored. That put an end to sharing user IDs and passwords since many people stayed online and just minimized the screen on the workstation they were using. It’s hard to explain to the systems administrator why your user ID was logged onto the internet for 60 hours in a 40 hour week! (2 shifts)

    Reply
  18. If you have to share a computer with someone, then get together with them and buy a removable rack system for the harddrive, tell them it’s to protect their privacy also. These units are basically a drawer that you mount your harddrive into, then you mount the other half into a CD/DVD bay in your case and plug the wires into the back of that, all you have to do when you leave is lift the handle and slide the whole harddrive out of the case, simple, then whoever else wants to use it can just slide their harddrive into the slot and use it. I purchased mine since I lived in a high crime area (broken into twice within a month) and didn’t want to lug my computer box with me everywhere, all I had to do was pull the 2 x harddrives out and carry those with me. The ones I got are fully sealed aluminium boxes (fully protects the harddrive in transit) and each case unit has a built in fan to keep them cool.

    Reply
  19. If you have to share a computer with someone, then get together with them and buy a removable rack system for the harddrive, tell them it’s to protect their privacy also. These units are basically a drawer that you mount your harddrive into, then you mount the other half into a CD/DVD bay in your case and plug the wires into the back of that, all you have to do when you leave is lift the handle and slide the whole harddrive out of the case, simple, then whoever else wants to use it can just slide their harddrive into the slot and use it. I purchased mine since I lived in a high crime area (broken into twice within a month) and didn’t want to lug my computer box with me everywhere, all I had to do was pull the 2 x harddrives out and carry those with me. The ones I got are fully sealed aluminium boxes (fully protects the harddrive in transit) and each case unit has a built in fan to keep them cool.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.