[SERIOUS]Detection of Keyloggers

[BillGeek]

[I've decided to post this thread in the CC area, as it does not really fall into any specific category on the forums]

I suspect that my PC at home might be infected with a keylogger. I do online banking quite regularly, so I need to find out whether I'm being watched.

Symptoms

• When I type something in any application, it seems like the keyboard input is delayed. (I can type without looking at my hands, so I can see the characters only appear about half-a-second later when I hit a button) The Windows Task manager shows CPU sitting at around 2%, so it can't be that the machine is too busy to process input.
  I've checked the keyboard repeat rate in control panel, and it seems normal.
  When booting into Linux, (I have dual-boot enabled) the problem ceases, and typing is instant.
• When connecting to the internet, there's an abnormal amount of data being "Sent", implying that something is happening somewhere. I don't have any auto-updating software, so that elimates possible updating that might occur.

So here's the actual question: How do I detect keyloggers on my machine? Is there a specific API that I can use? (Similar to FindWindow, perhaps someting like "FindCallback" or "FindProc"?)

I reckon that if I can find a callback routine, I should be able to intercept this routine as well, "shorting" it out in the interim while I find a way to remove the keylogger.

I do have SpyBot S&D installed, though it picks nothing up. It might be that the keylogger has not yet been identified by SBS&D, so I don't have a clue as to what to do.

Any help would be appreciated!

[Andrew G]

I'd look through the running processes and see if anything looks strange. Also check for running services and startup programs using msconfig. If you want to see what the data that is being sent, you can try something like wireshark to see all the packets being sent and recieved.

[BillGeek]

Thanks. I will install Wireshark on my PC tonight and have a look at what is being sent.

I just downloaded Process Explorer as well. I looked at the running processes last night using Task Manager, though it didn't show anything "out of the ordinary", so I suspect that it might be a DLL that attached itself onto a Windows process. This is where Process Explorer will come in quite handily. (I read a few articles where some Spyware attach themselves to processes as DLL's, making them near impossible to remove...)