Disclaimer, I have not studied the software in question and there are many ways to implement it, so this isn’t a way to say a computer is clean, just a way to detect if it’s infected.
Typically, keylogging programs like these are installed as device driver filters. Open devmgmt.msc, locate your keyboard and right click -> properties -> details tab -> property drop down -> upper filters and lower filters.
These should be empty normally. If there are entries present then you have some program that is hooking into your keyboard driver and accessing your keystrokes.
Similarly, there should be a filter on your mouse.
If you are especially paranoid, you can jot down the GUID of the keyboard and mouse driver (it looks like a long hex number with dashes surrounded by {}s), then shut down the computer and boot to a rescue disk, open up regedit, mount the registry hive for SYSTEM it’s located in \windows\system32\config\system, (let’s say you mount it to SYSTEM.remote), then navigate to SYSTEM.remote\CurrentControlSet\Control\Class\
Then you scroll through this key’s values and look for UpperFilters and LowerFilters.
The reason why you do it this way is to avoid a rootkit situation, where a driver also hooks into requests to the OS for certain information, and uses that to hide its presence.
akim81@lemmy.world 1 year ago
As there are dozens of different ways to track different stuff, this can’t be answered easily. Try to open the task manager and examine the processes is a start.
But that’s only for tracking software. You could also examine the data you create Server-Side and just assume stuff. Like: you are away in teams and you haven’t touched files in Sharepoint for 60mins, so we assume you don’t work right now.