I have zero experience with key loggers, but I have had a couple of run-ins with a RAT-like program, the last one about 6 months ago. This program used a specific port to access an external server and check for instructions/commands from a master. It would then perform the commands, go to sleep for a predetermined time and check again. The first noticable symptom was that the PC was unstable and the performance was quite bad. In reviewing the firewall log I found the PC was accessing a Web site on a schedule using a specific port. I would assume that key loggers work similarly or may even use email to send the information back to a home site. This find led me to make a change in my security policy. Originally, the policy was to block all inbound ports and block known malicious ports going outbound. Now, the policy is to block all inbound ports and block all outbound ports except the ports I know I use (20,21,25,80,113,443, and a few others). Of course, these RAT-like programs can use any of the 'good' ports for external access, but at least it is a start in the right direction. Using a firewall that can block ports in both directions and a router that can also block is a good way to mitigate the risk, but of course not a 100% solution.
Another tidbit is to review your 'hosts' file for entries that might be redirecting you to a site you don't want to go to. You can make your 'hosts' file read-only preventing all but sophisticated malicious programs from modifying this file. As mentioned in another post, Spybot has an advanced mode that can help with this, but caution is advised if you are not comfortable with the terminology used in this mode.
Hope this helps.
Was this reply helpful? (0) (0)