A free, open-source anti-keylogger:
http://psmantikeyloger.sourceforge.net/prod01.htm

Has anybody tried this program out? Any comments, before I recommend it to others?

I believe anti keylogging is a remnant of the past with really good HIPS software. My suggestion is ditch antikeylogging and opt for HIPS software instead. UNLESS you are working on a strictly OFFLINE pc, in which you could get away with only using antikeylogging measures perhaps. Also note that most people that want to keylog you will use GOOD keyloggers that are Kernel based and my guestimation is that 75% of antikeyloogging software are usermode hook based and can NOT prevent kernel mode keyloggers.

Had some "fun" with this baby !

Did a search on here and found this by zorro zorrito 2004 http://www.wilderssecurity.com/showthread.php?t=53439

________________

PSMAntiKeyLogger is a real-time protecting tool which protects you against not only Keyloggers but also from Screen captures

PSMAntiKeyLogger Version 1.0.1 By truong2d

Bugs : (0 open / 0 total)

Development Status : 5 - Production/Stable

http://sourceforge.net/projects/psmantikeyloger/

truong2d = DoDucTruong = DDT Seoul Korea, who has other projects including, the Winsock Firewall which has been tried by posters on here, with mixed results !
________________

I first scanned it at VirusTotal, clean

http://img327.imageshack.us/img327/3599/vt11uc.png (http://imageshack.us)

All the following was all done offline of course. Just for the record i'm on 98SE, so your experiences may be different ?

I attempted to install it with Total Uninstall as normal, which froze just after it looked as if the App install was nearly finished, but not TU, and had to reboot. I tried again, similar experience. I then found it had installed after all, and was the first App to start up. Had a slight problem with ZoneAlarm throwing an error after Enabling vsinit.dll = TrueVector Service

http://img327.imageshack.us/img327/3452/hook15xq.png (http://imageshack.us)

Anyway i decided to press ahead, and rebooted again to fix this as ZA showed me i needed to, everything back to normal.

Here's the GUI panels

http://img384.imageshack.us/img384/1361/st121eh.png (http://imageshack.us)

http://img327.imageshack.us/img327/9988/st340ys.png (http://imageshack.us)

The help file doesn't appear to work as it's not in it's Program File folder. And trying to launch PMS from Windows Start or from it's Program File folder doesn't work for me. I had to Ctl/Alt/Del out of them. These things may be due to my install issues ?

These are the items it's calling on as seen by Process Explorer, note Winpatrol and XAHook in there

http://img384.imageshack.us/img384/308/pex17fg.png (http://imageshack.us)

It appears to consume no resources, even during the following !

Then it was time to put it to the test for real with two live Keyloggers, one at a time straight after each other, Martins undetectable keylogger and TinyKL, after disabling my AV. I forgot to disable BOCLean which jumped straight in as expected, along with PSMAntiKeyLogger as soon as i double clicked on them, so i shut BOCLean down too.

http://img384.imageshack.us/img384/9551/pmsdetect17cy.png (http://imageshack.us)

I disabled both and then unstalled etc the keyloggers cleanly and rebooted.

For now it's still in and running permanently, if have any more news i'll let you know. It would be nice to hear about others trials with it on their systems. It's taken quite a bit of time to do this and put it all together, so i hope that some of you benefit from it too.

Thanks for the heads up chiawaikian


StevieO

Great review SteviO.

Techwig stated about kernel based key loggers not being detectable by most anti keyloggers.

Will this software detect as such?

Quote from Undetectable keyloggers site:

http://www.winsite.com/bin/Info?26000000037599

As the name states, its undetectable. Its a simple stay-on-top program with a memo, that displays everything you type.

It uses a special system of keyylogging,which is magnificent if i may say so myself, so dont be surprised if your anti-keylogging software doesnt block it.

If you want to test your pc and see if it is truly protected against spyware, try this.

Note to people who think slowly:

This is NOT spyware, it is only intended for testing if your computer is is really immune to spyware.

I agree, that was a great review.

StevieO, do I have permission from you to post your review elsewhere? Credits will be to you of course.

@ Franklin

The KL you mentioned and linked to, is actually one of the two i used in the tests, Martins undetectable keylogger ! So yes PMS did detect it, and instantly along with BOClean too, so very impressive.

@ chiawaikian

Yes sure, where will the review be ?

_______________

If both of you and others could also test it, that would be good. Thanks for the nice remarks, glad you liked it !


StevieO

Here :P :
http://chiawaikian.proboards78.com/index.cgi?board=review

-{ Quote: "@ Franklin
If both of you and others could also test it, that would be good. Thanks for the nice remarks, glad you liked it !
StevieO" }-
Hi SteveO,gave it a run and had a major conflict with Sandboxie which was unable to read referenced memory at some address trying to start FF sandboxed.

Can't remember exactly what it said.Should of grabbed a screenshot.:-\

Uninstalled PMS and Sandoxie is working fine.Tried Snoopfree A/K and things seem ok at the moment.

Do we really need a anti keylogger if we have ZAP installed????

An anti-keylogger may not be very neccessary in this case since ZAP 6 has the OS Firewall feature.

chiawaikian

Thanks for the link, havn't seen it appear yet though ?

Franklin

Well you tried it out anyway, and as i also found, there wern't any problems uninstalling ! If you're using Sandboxie you shouldn't need anything else, unless you just used it to test PMS ?

____________

I thought i would uninstall and reinstall to see if that made any difference to the initial install issues. I used the normal Control Panel removal method, followed by both Regseeker and Eusing registry cleans. This included manual searches deleting the few references i found, and also full Temp file etc flushes.

When i rebooted to my surprise on opening the GUI, i found entries in there from the previous install ? This software is very clever in more ways than one as you will see in a moment. I think some of it's features like these, have been overlooked in the past with other software. These could just be due to the use of the Madshi code integrated within it, as is other software like Online Armor, and/or original coding by the author !

Nancy_McAleavey from BOCLean had this to say about the MADSHI libraries the other day. ( can cause all of your other security (including firewall) to fail ) http://www.wilderssecurity.com/showpost.php?p=347929&postcount=17 mm

I've been experiencing ZA Client closedown errors related to RPCRT4.DLL, so i presume PMS is connected in some way with this event. ZA appears to be still protecting me though.

I tried to shut PMS down with Ctl/Alt/Del, Process Explorer, Starter, Winpatrol and Spybot. But it wouldn't allow any termination except via it's own exit, pretty good built in protection that i havn't seen very often ! I Could however disable it from next running on start up after a reboot with Winpatrol. You could of course use msconfig to do this, but WinPatrol offers more flexibilities, with it's various options just a few clicks away.

I looked at a few sites for more info on RPCRT4.DLL errors.
_________

Microsoft

This problem may occur if you have antivirus or firewall software that is installed and running on your computer.

You may also experience remote procedure call (RPC) engine reliability issues in applications that use asynchronous RPC and RPC over HTTP functionality. The symptoms of RPC engine reliability issues may include the following: Client applications receive error messages that report unhandled access violation exceptions. Client applications that use RPC stop responding.
_________

I disabled DCOM and RPCSS a while back with no problems, so it's not that. Don't disable RPCSS on XP etc though, otherwise you might not be able to boot.

So i'm keeping it installed on my PC, which means that i can run it on demand whenever i like, just to check what might be hooking etc. It's a shame that, on my system anyway, there appear to be some unresolved issues, as this could be a very good App indeed i feel. As i said before though, on your system things might be different, and i would say it's definately worth trying. Because apart from the ZA problem, on mine, it's a very impressive piece of software. A little bit more development work, and it will be up there with the best i think !


StevieO