Tuesday, March 27, 2012

Detecting keyloggers and All malicious softwares

This tutorial mainly Focusing on how to detect if your Operating System is infected with any Virus, keylogger or RAT.

For this we should First understand the Functionality and meaning of all of them.

Virus : A malicious Software which Replicates itself and takes over the system and do anything for which it is programmed without user permission or will. These kind of programs are usually programmed by programmers/coders to infect a system.

Keylogger: This is a program which save all the keys pressed from the keyboard and send them to the attacker/programmer/coder/owner whom se ever it is built by. These programs focus on getting the users keylogs and to survive in the system they also includes some capablities like Virus so that they can also stealth and replicate themselve to get some more targets. A keylogger may have many capablities like a Virus. They can be of many type which includes FTP Keyloggers, Email Keyloggers, PHP keyloggers etc

RAT (Remote Admin Tool): This one is the most Advanced program in these malicious softwares because once it enters the system it will give complete control of that system to the attacker/programmer/coder/owner whom se ever it is built by. This kind of program mainly focus on waiting for the Masters Order and when ever he do any order they just have to do the same. But again in order to do such things it need to survive into the system without getting detected by the user or the admin. Such Programs include different capabilities like keylogging, Backdooring, Getting Remote Access, Web Cam Hack, Files Theft etc.

As by now we know the functionalities of all these we can move on how to detect them running in your system.

Following are some of the common symptoms if having your computer Infected:

1. Usually pc gets Slow/Hang while working.
2. Hang Up event takes place again and again after particular time gaps.
3. Getting Error message when running TaskManger/Registry/CMD/Msconfig.
4. TaskManger/Registry/CMD/Msconfig gets killed as they run.
5. List Processes in running under Current user using cmd - tasklist /fi "username eq %username%".
6. Use HTTP debugger and check your traffic to trace out its activity.
7. Use cport to track the applications that are connecting to a port and remote computer.
8. Use "Process Explorer" to track hidden processes.
9. Use "Reg From App" & "Process Activity View" to track Registry and files changes bieng made by any program.
10.Detecting By the Process name is also a easy task but it needs some experience to identify the malicious process from the taskmanager processes tab.

Source:- Bluff Master Hacker


  1. THanxx dude for posting the tutorial :D

    1. @bluffmaster hacker :D
      Bahut Badiya :D


    2. admin can u give me ur facebook ID plzz