• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Do I have a malicious key logger??

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
Theocnoob

Theocnoob

Member
Joined
Dec 1, 2007
Location
Near Toronto Canada
Once in a very blue moon, I'll be typing (I type about 60 something wpm) and 3 or 4 letters will take about 300-500ms to appear on screen. There is a notable delay. It happens maybe once every 24 hours. It's similar to using an extremely terrible virtual machine on a trash network with way less resources than it needs, but only for a split second. Antivirus (Kaspersky, licensed, up to date) says I am clean.
 
Not likely. Make sure you kill everything in the background. If the operating system is waiting on a process or resources (disk, etc), there can be delays like that.

If you have any new programs, hardware or updates, I would suspect that first.
 
Yes you do, I installed it. Proof:

At 10:28 PM you typed the following:

"Do I have a malicious key logger??
Once in a very blue moon, I'll be typing (I type about 60 something wpm) and 3 or 4 letters will take about 300-500ms to appear on screen. There is a notable delay. It happens maybe once every 24 hours. It's similar to using an extremely terrible virtual machine on a trash network with way less resources than it needs, but only for a split second. Antivirus (Kaspersky, licensed, up to date) says I am clean."
 
But really, the only time I've seen something like that it was shortly before the slow death of my Samsung F1 drive. Oddly enough it wasn't even the OS drive, just storage.
 
Sniff your outgoing packets. If it is at a specific time for the delay. Check all outgoing traffic during that time.
If it is random. Then keep the packet logger open and check it after it happens. Filtering it as the need is there.

Check ports outgoing. That would be the easiest.
IP addresses, but resolving all of them can be tedious.
Look for common connections and rule them out. So as you watch traffic, it is easy to discount them. Like opening your browser, the plugins connect.. Filter them out and such.

Once you locate an odd transaction. Then filter it and isolate. Narrowing it down, towards what is going on.... No odd traffic, no logger/virus/tojan.

Just rule out wireless interference first. / Or if 'normally' scheduled tasks are taking up time and lagging your HiD exchanges. Or hardware anomalies.
 
Enablingwolf said:
Sniff your outgoing packets. If it is at a specific time for the delay. Check all outgoing traffic during that time.
If it is random. Then keep the packet logger open and check it after it happens. Filtering it as the need is there.

Check ports outgoing. That would be the easiest.
IP addresses, but resolving all of them can be tedious.
Look for common connections and rule them out. So as you watch traffic, it is easy to discount them. Like opening your browser, the plugins connect.. Filter them out and such.

Once you locate an odd transaction. Then filter it and isolate. Narrowing it down, towards what is going on.... No odd traffic, no logger/virus/tojan.

Just rule out wireless interference first. / Or if 'normally' scheduled tasks are taking up time and lagging your HiD exchanges. Or hardware anomalies.
Click to expand...

While it might not be likely that you are infected with a key logger, it never hurt to CYA. EW's idea is great. I would try using wireshark and then start typing something on your computer in a document. Just make sure that it is something specific and then look through the wireshark logs while you were typing. Last time I used it, you could search through them so you ought to be able to search for keywords in what you typed to see if that information might be transmitted in plain text. If it is encrypted, you will have a little bit more difficulty trying to find them but it could be done.
 
mbentley said:
While it might not be likely that you are infected with a key logger, it never hurt to CYA. EW's idea is great. I would try using wireshark and then start typing something on your computer in a document. Just make sure that it is something specific and then look through the wireshark logs while you were typing. Last time I used it, you could search through them so you ought to be able to search for keywords in what you typed to see if that information might be transmitted in plain text. If it is encrypted, you will have a little bit more difficulty trying to find them but it could be done.
Click to expand...
Not to mention that they probably log them locally and send them at a specific time, after so many keystrokes or when the computer is idle.

If you truly think your computer is compromised, reinstall. Less obsessing over packets and more action on actually getting it fixed.
 
If I said I only understand hardware and that software and networking are exponentially more confusing, and followed that by saying that the 3 above posts sound interesting but went over my head, what would you guys say? I think I may need hand holding on this one.
 
If you don't know how to monitor packets, don't do it. It will just be frustrating and confusing.

As I said, if you think that your system is compromised, reinstall Windows or run a few scans. Whatever makes you feel safe.
 
You must log in or register to reply here.

Similar threads

c627627
How I modded my Windows 10 installation - How (not) to install Windows 10
Replies
2
Views
9K
c627627
c627627
c627627
How (not) to mess w/ Galaxy S5 - last model with a removable battery & SD Card
Replies
0
Views
6K
c627627
c627627
Theocnoob
What does it mean when you're typing and there is lag for a second
Replies
16
Views
7K
Neuromancer
Neuromancer
c627627
Notepad with Spell Checker already added in!
Replies
2
Views
4K
c627627
c627627
c627627
How I modded my Windows 8 installation - How (not) to install Windows 8
Replies
9
Views
7K
theELVISCERATOR
theELVISCERATOR
Back