http://www.anti-keylogger.net/advanced_anti_keylogger.html

Online Help pages: http://www.anti-keylogger.net/advanced_anti_keylogger_help/index.html

FAQ's page: http://www.anti-keylogger.net/advanced_anti_keylogger_faq.html

I like the approach (no database updates) and the concept (rules-based blocking).

The more I look at it, the more intersting it gets - the "Custom Security Mode" apparently runs resident if selected, giving you pop-up warnings if something's attempting to keylog anything real-time.

Has anyone tried this one yet? Pete

For a second there, I thought I had this but mine is from Anti-Keyloggers.com

They would give you a free lifetime LIC if you could send them a Key Logger they didn't detect yet Spy1 ;D

Have you taken it for a test drive yet?

con

<g> Not yet. Weekends are bad for me because I'm even more time-pressed than usual.

It's hard for me to submit any keyloggers to anyone since I don't have any on my computer. The one time I tried submitting a bleeding-new one that I'd just read about to the people you're referring to, I never heard back from them. Pete

Spy1

That is unusual but here is how I did it. I wrote them firt and said,
Hey? If I have a key logger you don't detect yet, will you send me a free LIC. They wrote back and said sure we will. I kept the e-mail for reference.
One thing I noticed about Anti-Keylogger is it monitors your registry for startup changes.

As a side note: I mentioned a few time allready about Antivirus e-mail detection. I know NOD and KAV monitor incomming and outgoing e-mail
But unless I have found found the setting yet, They do not warn when an e-mail is being sent via your default e-mail client.
From my testing of Good Stealth Keyloggers, In my case I found, even if you don't have your e-mail client open ( Outlook Express)
They keylogger will transmit your data via your e-mail client via a hook and you don't even see it unless you are running Norton and have it's splash screen checked to kick on when mail is sent. Unless the Keyloggers have even found a way around this, Norton will KIck i's splash screen when the Keylogger attempts to mail your info.
Your firewall does not catch it because you have allready giving permission for Outlook express to go out :(
The best Keyloggers give an option to add two startup locations to your registry. One is a default spot and the other is a spot of your choice.

con

To get back to the subject-at-hand:

Okay, installed it (there's not much happening anywhere, anyway).

Not too thrilled with the fact that it (upon re-start after installation) sent me a nice little message through IE congratulating me on installing it (chalk up one for the "phones-home" category).

Shows as a running process (aaksrv.exe) in WTM.

Guess I'll just let 'er run and see what happens! :o Pete

At least it's working. Picked up PGP and NVIDIA's Desktop and Windows Manager.

Oh my. ;D

*Not sure what that was indicating - when I checked Trillian I did find that (for some reason) I had logs kept in both AIM and ICQ - thought I had that turned off, but who knows?

Anyway, deleted all of them and turned logging off in both programs. I'll check back later and make sure it stays off.

**I also changed Trill's status to "Always Prohibited" - so if you never see me on Trillian again, let me know! (I'm on right now).

Warns on attempts to copy/paste (left that one alone, I kinda like it).

Warned on attempt to open new window (let that one slide).

-{ Quote: " quoting: spy1 link=board=9;threadid=10547;start=0#msg68584 date=1056210510]
Warns on attempts to copy/paste (left that one alone, I kinda like it).

Warned on attempt to open new window (let that one slide).

" }-

No offense, but haven´t you got that the wrong way around? Probably just me missing the point, that´s basically why I am asking.

Not sure what you mean - I'm basically talking to myself here, while at the same time letting people know what kind of behavior they can expect from the program if they try it.

I'm letting it warn me on c&p because other avenues of c&p can occur.

I'm letting opening a new window slide because it's too much of a PITA to okay all the time.

Now that you mention that, though, now that I've okayed it, it doesn't show up in the main screen anymore - you have to go to the rules screen to see it.

*And okaying that one also took away the warning for the c&p. Hmm.

Spy1

Icf you need a keylogger to try it on I can furnish one.
I have a few of the setup programs. actualy have a few the developers sent me free since I supplied them with some instances they didn't work in OE using special charcters before and after the sent mail.

hi pete

what, if anything, do you make of the fact that Spydex also is the author of EmailSpy?

http://www.emailspy.net/emailspy.html

also, fwiw, did you know that Magnus added detection for EmailSpyPro

TrojanHunter Ruleset update: 35x-2003-06-04

35x-2003-06-04
==============
- Added Delsha.100
- Added BeastDoor.209
- Added HttpRat.017
- Added Lerk.100
- Added EmailSpyPro.431

:)

mr.mark - Not too worried about it, actually (<g>) - I get less (and more boring) email than anyone else I know.

The whole Advanced Anti Keylogger folder is only 537KB (the .exe's only 352KB of that) - not a lot of elbow room for anything "extra" there.

SpyCop, TDS-3, NOD32, GAV, SBS&D, Port Explorer - none of them are showing anything out-of-the-way or hinky regarding AAKL (all have been used to scan it specifically and I have PE spying on it).

If I find anything, I'll let you know - if I'm missing anything, you let me know. Pete

The only thing I really don't like about the program, per se, so far, is that it doesn't have an option not to start it up with windows - it should have that option easily accessible in the main program interface.

Not only that, but closing the program by use of the SYSTRAY icon does not stop the exe from running - irritating at best, suspicious behavior at worst).

Killing aak.exe via WTM or C/A/D results in an error if you try to re-start the program before doing a system re-start. Pete

-{ Quote: " quoting: spy1 link=board=9;threadid=10547;start=0#msg68747 date=1056288886]
mr.mark - Not too worried about it, actually (<g>) - I get less (and more boring) email than anyone else I know.

The whole Advanced Anti Keylogger folder is only 537KB (the .exe's only 352KB of that) - not a lot of elbow room for anything "extra" there.

SpyCop, TDS-3, NOD32, GAV, SBS&D, Port Explorer - none of them are showing anything out-of-the-way or hinky regarding AAKL (all have been used to scan it specifically and I have PE spying on it).

If I find anything, I'll let you know - if I'm missing anything, you let me know. Pete
" }-hi pete

fwiw, a thread started here (http://www.dslreports.com/forum/remark,7192406~root=security,1~mode=flat) on dslreports security forum on this anti-keylogger program....

some people seem to find it all just too cozy (same company playing both ends of the field). others seem to think it's quite natural.

my personal gut feeling is to stay away from the anti-keylogger, though you make perfect sense in pointing at the various security tools you have "watching" it.

best regards,

:)

mark

Emailed them some of my questions and got this back:

"Hello Pete,

Sunday, June 22, 2003, 5:36:58 PM, you wrote:
PY> (a) Why does the program installation result in your having an IE page
PY> opened with a successful install message? What information is collected and
PY> sent by the program at that time?

PY> (b)What's the story with all the "HitBox" cookies that you get during
PY> d/l and installation?

AAKL nothing collects and sends. Simply "IE successful install
message" and "HitBox" statistics are exact way to count up real
quantity of program installations. By the way "IE successful install
message" of next AAKL version will bring new customers to on-line
product help and faq as well.

PY> ( c ) Since you also make EmailSpy and EmailSpyPro, why should we trust
PY> your product (AAKL)? Does AAKL detect ES and ESP?

We have designed AAKL because we know the technology of keyloggers well
and suppose that people in "both sides of barricade" have to have
security tools. AAKL can't block EmailSpy and EmailSpyPro because they
are not keyloggers.

PY> (d) Why doesn't AAKL have an easily-available option within the program
PY> interface NOT to run it at system start-up? There's no apparent reason for
PY> it to RUN all the time - or if there is, could you explain it?

Because keyloggers can start monitoring at any time not only at system
startup.


Truly yours

Spydex Inc.

Security Software Developer
---------------------------
http://www.spydex.com
http://www.emailspy.net
http://www.email-spy.biz


__________ NOD32 1.443 (20030620) Information __________

This message was checked by NOD32 Antivirus System.
http://www.nod32.com"

Which is good as far as it goes, I guess. They didn't really address the problem regarding the program starting at start-up regardless of what you do to stop it, however (I understood that keylogging programs could start up at anytime, I was looking for some kind of reason why the program didn't simply have an option not to run it if that's what the user desired).

aak.exe and aaksrv.exe run all the time. Right-clicking the SYSTRAY icon and selecting "Protection is disabled" doesn't kill either one and, of course, each has it's own ProcessID.

In their favor, they're not sucking up many resources.

Some of this concerns me, but basically the program is giving me real-time warnings on anything that can even be remotely construed as a key-logging attempt - which I like.

I'm going to keep it going for awhile (watching it closely).

I'd still like to be able to click just one button on the main user interface and have both .exe's shut down totally. Pete

fanj

as you know I use Anti-Keylogger. This company also makes a Keylogger but you CAN dissable it from starting up via a button.
When Anti-Keylogger starts up, it starts witha different named EXE each time. That way torjans can't detect a common name to dissable it like all the rest of the software makers do. The trojan trys to dissable your protection via the common EXE used and this EXE stays the same name each time it is loaded. What NOD does is runns two copies to try stop the trojan from dissabling it's scanner.
Good luck with your new toy ;D

con

Funny how WIlders people's discussion keep giving me ideas for new security products... 8)

Keep it up! One day I may even turn them into reality!

Hey. guy!
If you want you may try this advanced keylogger. It can the follow features:
captures passwords and logins
absolutely invisible keylogger
keeps track of all Key Strokes
records all Internet Activity
keeps visual Screen statistics in Screenshots log
watches everything opened, typed and saved
monitors instant messaging software
keeps tabs on all E-mail clients
monitors text and graphics copied and cut to the clipboard
sends reports secretly to your E-mail address
reveals others secrets

this keylogger run there better with XP

You can download it from
http://www.mykeylogger.com


Adapted link. You can not use HTML code on this board.

-{ Quote: "if I'm missing anything, you let me know" }-hey pete

some not-so-happy campers (http://www.dslreports.com/forum/remark,7275605~root=security,1~mode=flat) on the dslreports forum. they're not liking ADVANCED Anti-keylogger™ too much...

and neither are the folks at Raytown Corporation, who have posted this notification on their site (http://www.anti-keyloggers.com/):

Attention!
A software product ADVANCED Anti-keylogger™ has entered the IT market. Note that this product has nothing in common with Raytown Corporation. It is a pirate product intended to undermine the name of our trade mark Anti-keylogger™. When installed on your computer ADVANCED Anti-keylogger can cause serious problems - the system hanging-up, blue screens (BSoD) etc. Raytown Corporation is not liable for possible problems caused by this product!

hth :) mark

-{ Quote: " quoting: controler link=board=9;threadid=10547;start=15#msg69023 date=1056399479]as you know I use Anti-Keylogger... " }-hi con

i just installed Anti-keylogger (http://www.anti-keyloggers.com/download.html) tonight. i ran the scan with heuristics set at default (medium) the first time, then cranked it to high setting and rescanned.

happy to report no keystroke programs currently running on my system. running that initial scan reminded me of the first time i scanned my machines with an AT, holding my breath, not knowing if i had any trojan servers on my hard drive.

anyway, so far so good with the free evaluation copy of Anti-keylogger. but i have a couple of questions.

this one i should know, but i don't... does Anti-keylogger run resident, i.e, will it snag a keylogger if it begins executing, or is scanning the only means of detection?

the other question concerns your comment, "This company also makes a Keylogger but you CAN dissable it from starting up via a button". you were *not* referring to Anti-keylogger, am i right? other than removing it from the start menu, there is no button to turn Anti-keylogger on and off, is there?

any other insights into the program you'd care to share, i'll be glad to listen. i'm going to have to determine within 15 days if i want to purchase a license.

regards

:)

mark

Hello, Mr Mark!

Yes, I read all the un-happy comments about the program going "pay" and disabling itself. I don't care about that, since it was noted on the website itself that the original version was going to terminate itself when testing was completed (they really should have put that into the "readme" file, though - or at least made the fact stand out a little more on the website. The current website page says nothing about the previous version's actions). I don't have any problem with the way they did it - it's their program.

I simply un-installed what was left of the 3.0 version (it was still in Add/Remove Programs) and cleaned the remnants out of the registry - I don't have any spare change to spend on purchasing the program.

As regards Raytown - all I can say about their claims is that I experienced no such problems on my XP Pro machine while I was testing the original version of the AAK program - actually, it worked pretty damned well.

Good luck with AKL! Pete

-{ Quote: "all I can say about their claims is that I experienced no such problems on my XP Pro machine while I was testing the original version of the AAK program - actually, it worked pretty damned well." }-hey pete

that is very good news indeed. and i was also interested in your take on the dslreports forum "disgruntlement"... what you say makes sense to me.

so far so good with Anti-keylogger. don't know if i'll pay up when the time comes. i have an email in to their tech support... if i get no response, i generally take that as a fair indicator of how the company will treat any issues after i buy their product. this isn't always an accurate yardstick (vendors sometimes prioritize support requests and the evaluation people get back burner), but it's at least good enough to sway me if i am otherwise undecided.

thanks for the feed back!

best regards

:)

mark

You're quite welcome.

I'll be sticking with SpyCop (sure wish they had resident protection like AAKL did, though. Even though the SC screensaver checks your computer every single time it sits still long enough for the screensaver to kick in, it's still not the same). Pete