.

Friday, September 20, 2013

How to find keylogger or any spyware in PC


How to find a keylogger or Trojan or spyware in your PC or Laptop. There are 

several ways to find them but using this method you will know the exact path 

of the keylogger and where its saving the log file. Also once you have the 

keylogger server now you can reverse engineer the server and hack the 

hackers account password which he used in keylogger server. Lets first start 

with keyloggers introduction..

What is Keylogger and How it actually works?

Keylogger as the name suggests somethings that logs keystrokes. Yup its 

right, keylogger is a password hacking tool which is used to steal victims 

passwords, logging the keystrokes pressed by victim and also some advanced 

keyloggers are even used to retrieve stored confidential data. Based on 

internet scope keyloggers are of two types:

1. Physical Keylogger: These keyloggers are installed if hacker has physical 

access to your system. User has to install this type of keylogger manually on 

your PC or system. These types of keyloggers are hard to find but i will show 

you today how to find that also.

2. Remote Keylogger: Remote keyloggers are new generation keyboard hook 

hacking software's which does not require a physical access to the system 

that means they can be installed remotely. These usually comes into your PC 

through torrents, porn websites, hacking tools(software's like Facebook hack 

tool, Gmail hack tool, Hotmail hacker) and cracks, keygens and patches. As 

most users usually ignore these files as antivirus usually shows virus in these 

files. So hackers exploit this loophole and attach their keyloggers and 

keyboard hook programs with such things like keygens, patches, cracks and 

torrents etc.

Remote keyloggers logs the data into a file and send these logs to hackers 

FTP or his email. So friends, always try to avoid above mentioned things as 

far as possible.

How to detect or find keylogger or any spyware in your system:

1. Download the Forensic investigation tool OPENFILESVIEW and Install it.


2. Now open openfilesview and you will see a complete list of all processes 

and temporary files currently being used by your system or PC along with 

their full path from which they have been running. Here is the snapshot:
3. Now in above snapshot you can clearly identify the keylogger and system 

files. Check the Program name and then check its corresponding location in 

full path. Also you can verify with time at which keylogger file has  been 

created.

4. Now we have find the location of Keylogger or spyware. Go to that location 

and open the File with bintext or any binary debugger and search for @ or ftp 

in that. This will help you to get the email ID or FTP address at which 

keylogger is sending logs. 


You can also use Wireshark and capture the packets for 20-30 minutes and 

filter ftp and smtp packets. By this methods you can will get email and 

password of hacker. I will explain this in my coming tutorials.

0 comments:

Post a Comment

 
Related Posts Plugin for WordPress, Blogger...> Blogger Widgets