Click here to Skip to main content
15,568,455 members
Please Sign up or sign in to vote.
1.00/5 (2 votes)
See more:
Hi All,

I am working on one application which C# windows application (System level).
How have to track, Is there any malware present in system or not?

If we can't track malware using c# then, Is there any way to track Malware software present on System?

Regards,
Sachin Panchal
Posted
Comments
ledtech3 15-Aug-12 9:24am    
Most anti- malware / antivirus programs us a signature based approach, they have some form of signature for the Bad files, that is what all of the updates are for. They also use a heuristics based approach where if something is acting a certain way then they alert you and /or hopefully block the code and shut it down.
Member 10598367 9-May-15 9:02am    
Hi, I saw your post. I am also trying to develop anti-keylogger in c# and not finding any useful information on an internet. If you have found some technique then please share you suggestion and code. Thanks.
ledtech3 9-May-15 18:25pm    
key loggers have a few ways to do the logging, once you understand how they work then you can look at what gets installed as a driver or a service or just a normal program running on the system.
It could be Kernel mode or User mode depending on how well they want to hide it. Even if it is dumped straight to memory and never touches the disk it can still be found.It would have to register some way with the system so that the keystrokes will be returned.
Again you would have to understand "How" the various types work in order to catch them on install. You can not rely on a file signiture
Member 10598367 9-May-15 23:11pm    
Thank you. I am trying to detect on basis of their behavior. But I am not good in low level system programming, can you help to monitor "writefile" API in c#. I wanted to know no. of times it is called by various process. I don't want the name of the processes using it but only no of times writefile API gets accessed in 15 seconds interval. Thanks again.
ledtech3 10-May-15 11:08am    
depending on what is hapening on the system that could be hundreds of times in different threads.
I've never tried that and don't have time to research how to do it right now.

There are a few articles on this site about creating key loggers in different ways, some in C# they should give some help.

off hand the only way I can think of is to get information from the file system driver.

You will have to do the Research for the type you want to catch.

You could also try using Sysinternals Process Monitor and filter on "Catagory is Write" and just show the file activity.

1 solution

From what I've heard c# is not good for the job, I would prefer using lower level programming language (e.g. c++ - c), I dont have experience on the subject but I think you havent as well, so I would search for a masters degree in computational security or something so you could learn from basics to advanzed techniques.
 
Share this answer
 
Comments
Sergey Alexandrovich Kryukov 4-Mar-14 22:25pm    
Gibberish. And not an answer. Generally, stop posting your fake answers. This is considered as abuse, and, in case of massive abuse, can lead to cancellation of your account.
—SA

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900