I wonder if it is still undetectable. http://www.wilderssecurity.com/images/smilies/dry.gif
Hasn't been updated since September 2007.
-{ Quote: "Powered Keylogger is a driver-based software keylogger that secretly captures keystrokes, mouse clicks and passwords, tracks sent and received emails, monitors Internet activity and logs launched applications. Powered Keylogger is undetectable by a list of firewalls and antivirus software, even anti-spyware/anti-keyloggers won`t locate it." }-

It uses a kernel level driver.

http://www.security-utilities.com/keylogger.html

Detection List (http://www.mykeylogger.com/detection-list/)

-{ Quote: "I wonder if it is still undetectable. http://www.wilderssecurity.com/images/smilies/dry.gif
Hasn't been updated since September 2007.

It uses a kernel level driver.
" }-

Undetectable when installed beforehand?
Don't let it be installed. ;)

I just scanned the installer itself with superantispyware,malwarebytes antimalware, agnitum spyware scanner, avira, and kaspersky.

Only agnitum and avira detected the installer as malware.

-{ Quote: "I just scanned the installer itself with superantispyware,malwarebytes antimalware, agnitum spyware scanner, avira, and kaspersky.

Only agnitum and avira detected the installer as malware." }-
i tried it againts ProcessGuard stop the installer from installing after i allow to run.i think it uses some kernel tecniques.

F-Secure 2009 pops it.

C:\Users\Austin\Desktop\powered_keylogger.exe Action: quarantined

Can't run in a tightened sandbox.
203183
203184

During installation and running, Comodo Defense+ finds it.
203185

kaspersky blocks it.
riskware not-a-virus:monitor.win32.powerlogger
maybe someone can installl in a vm and see if anything detects it once active.
such as superantispyware, major av's,anti rootkit tools etc.

SAS doesn't detect it. I have Trend Micro 2009 , SAS Pro and Comodo on my spare system.
On installing, only Comodo Defense+ gave alerts. Both Trend Micro ans SAS-Pro were silent. Scanning memory and scanning in safe mode ( the directory of the keylogger) did not change anything. Both SAS Pro and Trend missed it cold !!

EDIT: A-Squared/Ikarus detects it as not-a-virus:Monitor.Win32.PowerLogger.220

Yes but is it really malware as it still needs installation with no rogue like symptoms and some may have a use for it?

Also it's advertised as to it's full capabilities.

Detected by Prevx 2.0 and Prevx CSI as soon as the download to the desktop finished. Didn't need to try and install it.:thumb:
No reaction from GeSWall, presumably you would need to run it for GeSWall to detect it.

I can not try, because that AVIRA AntiVir - CATCH IMMEDIATELY before downloading completely ...:-*

PROROOTECT

Avast caught it as soon as I tried to download it.

Avast bravo!... It seems, it is somewhat improved ... for this case ...:blink:

Only 3 AVs flag the installer at ~VirusTotal link removed per policy. - Ron~ and Avast wasn't one of them. Maybe due to them using a different version of avast at VT.

I didn't try to install the logger to see how well it hides itself after installation.

well obviously that tells you something about Virus Total as we have screenshots showing more catching it then they seem to show.

If I upload Powered Keylogger 2.2.exe to VT I get "file has already been analysed" which shows 15 detections on the 28th of this month with 35 scan engines.

If I hit re-analyze it shows 17 detections for todays date with 36 scan engines?
203191

203192

~Link removed per policy. - Ron~


Oops, my bad....sorry Ronjor. I went back and read the policy on VT and Jotti results. Won't happen again.:-[

-{ Quote: "If I upload Powered Keylogger 2.2.exe to VT I get "file has already been analysed" which shows 15 detections on the 28th of this month with 35 scan engines.

If I hit re-analyze it shows 17 detections for todays date with 36 scan engines?" }-

Franklin,

After reading your post and thinking about it for a bit I decided to download the logger again and upload it to VT a second time. This time I got the same results as you did 17/36 detections (Avast was one of them) so I am not sure what happened the first time I sent it to VT. The only thing I can think of is that when avast popped up the first time I downloaded it and I ignored the warning that Avast somehow corrupted changed the file?? This time I disabled Avast while downloading the file.

NIS 2009 gobbled it up.

Has anbody tried this against Defensewall?

Nod32 detected it but not a word from threatfire at defaults.

Dr Web cureit detects it after its installed.

-{ Quote: "Avast caught it as soon as I tried to download it." }-

Strange behaviour of Avast free

I have Avast standard shield only, no web based scnaner, Avast does not warn when writing to disk!, Right click and scan and it give a warning?


Would you check with the web shield disabled and write it to you hard disk (standard shield should catch it). This to find out whether it is a general inconsistency or only my set up.

Thanks

-{ Quote: "Has anbody tried this against Defensewall?" }-

Driver won't install

It will be interesting to see if KeyScrambler can defeat it once it,s installed!

Keyscrambler personal defeats it. Installed keyscrambler in xp sp3 then installed powered keylogger 2.2. Using IE6 powered keylogger records nothing but random keystrokes.

-{ Quote: "Strange behaviour of Avast free

I have Avast standard shield only, no web based scnaner, Avast does not warn when writing to disk!, Right click and scan and it give a warning?


Would you check with the web shield disabled and write it to you hard disk (standard shield should catch it). This to find out whether it is a general inconsistency or only my set up.

Thanks" }-

@Kees1958

When I initially attempted to download the logger the other day it immediately triggered Avast due to the webshield being active. I did later that day disable Avast completely and then download the logger to my desktop. After enabling Avast again I was able to right click the logger and scan it with Avast which then alerted on it.

I will disable the webshield by itself here in a few minutes and then attempt to download the logger again and see what happens. I will let you know what happens.

@kees1958

With webshield disabled I was able to download the file to my desktop with no alert from Avast. However, if I either try to run the file or if I right click and scan it, then it is picked up by Avast.

Hope this helps.

KeyScrambler defeats this keylogger. :thumb:

-{ Quote: "@kees1958

With webshield disabled I was able to download the file to my desktop with no alert from Avast. However, if I either try to run the file or if I right click and scan it, then it is picked up by Avast.

Hope this helps." }-

Thx for testing, strange the write check of the standard module does not catch it, while scanner and webshield will catch it.

SEP11 won't allow download. But as this thing has been around for years (look at what AV's it was tested against), God forbid if a current AV would allow it.

Installed hidden files n driver are easily detected by a good antirootkit scanner. Gmer detects it for example. Also RootRepeal can catch it.

-{ Quote: "kaspersky blocks it.
riskware not-a-virus:monitor.win32.powerlogger
maybe someone can installl in a vm and see if anything detects it once active.
such as superantispyware, major av's,anti rootkit tools etc." }-

I just downloaded it and KIS 2009 did not pick it up. What settings are you using?

I also tried with Avira Premium and NIS 2009...both of them stopped the download.

-{ Quote: "I just downloaded it and KIS 2009 did not pick it up. What settings are you using?." }-

Settings/Threats and Exclusions/ under Threats go to settings and enable other programs in adware and other programs.

-{ Quote: "Settings/Threats and Exclusions/ under Threats go to settings and enable other programs in adware and other programs." }-

That did it...thanks!