So far I have been using Nod and I'm very pleased with it. However, recent "accident" concerns me.

A week ago, my brother decided to install a keylogger on my computer. I have no idea why he would do that. Fortunetly, I did discover it. And here is the main problem. Nod did nothing about it when it was installed.

And Ad-Aware did discover it properly on the first scan.

Here is the link to the site with a keylogger: http://www.widestep.com/

A bug? Stealthy malaware?

Any feedback would be appreciated.

P.S. I'm running XP SP2 with Sunbelt firewall and nod.

Looks like it's a tool for parents to keep an eye on their kids. Same stuff as NetNanny I guess.

OT posts removed concerning "Sunbelt Kerio Personal Firewall".
As was suggested in a removed post....Please ask those type questions in the below forum or PM the affected member for questions such as that.

http://www.wilderssecurity.com/forumdisplay.php?f=31

Thanks,
Bubba

Bubba, OK thanks for the heads up.

No problem and Thanks for understanding.

That still does not answer my question. Why did Nod let it install on my system?? Is it considered as a "legitimate software"?

Well nod is primarily an antivirus program and not an anti malware program although it does detect some trojans and spyware (i think).

{QUOTE-> Well nod is primarily an antivirus program and not an anti malware program although it does detect some trojans and spyware (i think). <-QUOTE}NOD32 provides protection against:

Trojans
Viruses
Worms
Spyware
Adware
Phishing
Hackers

So pretty much malware is covered in amongst that lot.

Cheers ;D

But I think Radi is concerned about whether the Widestep keylogger referenced above should fall into one of those categories. In other words, is NOD32 deliberately allowing the keylogger to be downloaded and installed, or is the keylogger slipping by? If the keylogger is slipping by, should it be stopped from doing so, or is that outside the scope of NOD32?

{QUOTE-> Is it considered as a "legitimate software"? <-QUOTE}
Probably.

{QUOTE-> NOD32 provides protection against:

Trojans
Viruses
Worms
Spyware
Adware
Phishing
Hackers

So pretty much malware is covered in amongst that lot.

Cheers ;D <-QUOTE}
Wow that is pretty much most malware covered, more than i previously thought.

{QUOTE-> Wow that is pretty much most malware covered, more than i previously thought. <-QUOTE}And only getting better.

Cheers ;D

{QUOTE-> So far I have been using Nod and I'm very pleased with it. However, recent "accident" concerns me.

A week ago, my brother decided to install a keylogger on my computer. I have no idea why he would do that. Fortunetly, I did discover it. And here is the main problem. Nod did nothing about it when it was installed.

And Ad-Aware did discover it properly on the first scan.

Here is the link to the site with a keylogger: http://www.widestep.com/

A bug? Stealthy malaware?

Any feedback would be appreciated.

P.S. I'm running XP SP2 with Sunbelt firewall and nod. <-QUOTE}

Is your NOD setup to allow or disallow potentialy dangerous applications?

{QUOTE-> Is your NOD setup to allow or disallow potentialy dangerous applications? <-QUOTE}Mine is, so that piece of software Eset must consider as legitimate.

Cheers ;D

And that's why a HIPS is always useful ;D ::) ;)

{QUOTE-> And that's why a HIPS is always useful ;D ::) ;) <-QUOTE}Agreed.

Cheers ;D

and never let your brother use your PC. ;D ;D :D

{QUOTE-> and never let your brother use your PC. ;D ;D :D <-QUOTE}or ride a donkey backwards, as you never know where you're going, or when you will get there :blink: :o ;) ;D

{QUOTE-> or ride a donkey backwards, as you never know where you're going, or when you will get there :blink: :o ;) ;D <-QUOTE}
I prefer horse-power ;D ;D

{QUOTE-> Mine is, so that piece of software Eset must consider as legitimate.

Cheers ;D <-QUOTE}Handy Keylogger 3.25 build 032 from http://www.widestep.com/ (http://h<i>tt</i>p://www.widestep.com/) is actually detected already as follows:
hk_setup.exe »NSIS »Hlib32.dll - Win32/Spy.AdvancedKeyLogger.C trojan
Possibly it is utilised by malware and is the reason ESET have it detected...Don't know

The other two have been sent for analysis with a link to this thread.

Cheers :)

Ok I did some testing on VMWare. Trial version of Nod does not detect widestep keylogger (and yes, it did search for dangerous applications). Adaware does. Here is the proof - [img=http://img86.imageshack.us/img86/7278/nod32ra1.jpg] (http://img86.imageshack.us/img86/7278/nod32ra1.jpg)

*- Fixed image.

{QUOTE-> Ok I did some testing on VMWare. Trial version of Nod does not detect widestep keylogger (and yes, it did search for dangerous applications). Adaware does. Here is the proof - [img=http://img86.imageshack.us/img86/7278/nod32ra1.jpg] (http://imageshack.us) <-QUOTE}I can't see your picture for some reason. edit: The link is not correct

NOD32 does detect WideStep Handy Key logger 3.25 (log attached) - it's the other two versions of Key Logger (Quick Keylogger 2.1 & Elite Keylogger 3.0) from WideStep that are currently not detected and possibly for good reason, or possibly not - I do not know.

Samples have already been sent for analysis with a link to this thread.

Cheers :)

As already mentioned , this can be thought as a legimitamte software , not a real malware . I can guarantee that ESET are aware of this "keylogger" and if they decide it is something really malicious , they will add it soon in the database :)

The other still remains , don't let anybody else touch your computer , at least don't give them admin rights :thumb:

{QUOTE-> I can't see your picture for some reason. edit: The link is not correct

NOD32 does detect WideStep Handy Key logger 3.25 (log attached) - it's the other two versions of Key Logger (Quick Keylogger 2.1 & Elite Keylogger 3.0) from WideStep that are currently not detected and possibly for good reason, or possibly not - I do not know.

Samples have already been sent for analysis with a link to this thread.

Cheers :) <-QUOTE}

It detects one dll file from the Handy Key Logger. Whether that is enough to "cripple"/disable the key logger, I don't know.

EDIT: I know this is a NOD32 forum, but on a side-note, DrWeb and KAV detected more files.

Hmm I guess it was one of those two (Elite and Quick).

Thank you for the help.

I have asked Eset to comment on the detection of all 3 versions.

Cheers ;D