Is it possible to find a keylogger by using a keylogger.

locsphere

Distinguished
Oct 31, 2009
1
0
18,510
Sorry if this is in the wrong place guys, but things were out of place in my apartment today and the computer was shut down in an odd way. Might be my ex. By saying that I mean there is a certain battery back up that is usually put a certain way. I won't get into detail. My system is now acting funny. Again won't get into detail. If my system is hemorrhaging information. Can I purchase my own key logger to see what the other key logger is sending? Kinda like fighting fire with fire? I would be able to gather evidence and then hopefully press charges. Plus I am doing virus scans and they show nothing. I tried downloading trend micro but that keeps failing. Which is usually a virus. Need help any tips are appreciated.
 

eibgrad

Distinguished
Feb 16, 2010
5
0
18,510
Problem is, you can never know what you don't know. Let's say I told you you could use another keylogger to find a keylogger? Nothing's guaranteed once your system is compromised. Same is true of any malware. Once malware gets in, I don't care how many anti-malware utilities you use, how good they are, there's no guarantee except completely reinstalling. We just ASSUME if nothing’s detected, or if detected and removed, all is safe. But that’s just for practical reasons.

Short of starting over w/ a brand new OS installation, I would recommend scanning the hard drive from another system you fully trust (e.g., a laptop that’s always been under your control, or even a friend’s PC). Pull the hard drive from your PC, hook it up to the other PC (a SATA port on the motherboard or perhaps a SATA external port, or it might require an external enclosure), and scan it from there. Because your hard drive is now just data to the other (presumably) clean PC, nothing on that hard drive is ACTIVELY working to prevent you from seeing malware (keylogger, rootkit, etc.). It’s still not a foolproof solution since I don’t know how effective any given anti-malware tools you choose to use will be. You definitely want to use a malware product that detects files on the hard drive that are NOT in the directory (a common ploy of rootkits and keyloggers). But at least it’s a much more reliable analysis than running those same anti-malware utilities from your own system.

In the future, if you suspect someone could compromise your system, I would use TrueCrypt whole drive encryption and a strong password ( http://www.grc.com/password ). Some versions of Windows also support BitLocker, a similar built-in feature (I personally prefer TrueCrypt even if BitLocker is available). And keep your machine OFF when there’s even a chance someone could gain access w/o your knowledge. At that point, the only way your system could be compromised is w/ a hardware keylogger or similar device.



 

pooflinger1

Distinguished
Mar 9, 2006
46
0
18,580
I don't see how one keylogger could detect another. Ask yourself this question: What does a keylogger do? Answer: It logs KEYSTROKES. Basically, it just sits there and reads the keystrokes and logs it to a file and then send the file somewhere or lets it sit there until someone picks it up. So if a keylogger is just watching keystrokes and not actually performing any keystrokes of it's own, how would another key logger, that is also only watching keystrokes, be aware of the other?

Also, even if you have the latest definitions, there is no guarentee that those definitions can recognize what is on your computer. What if your Ex wrote their own keylogger? Then there is only one copy of the software in existance and unless it can match heuristics or behavior rules, there is no way that any AV is going to pick it up. Like eibgrad said, the best bet it to completely wipe your computer and start from scratch. If I am working on a virus infected computer for a client, I don't even connect it to any other machine due to the fact that some viruses can spread just simply by connecting the drive to another machine. I would download a copy of Dariks Boot and Nuke and erase the hard drive. A simple single pass 0 write is sufficient, and then re-install the OS.