Hi Boys and Girls,
A toy to play with or a problem to deal with - either way, Giveawayoftheday.com is giving away free copies of Ultimate Keylogger today 7 March.

SourMilk out

it is time to test Zemana and SnooPFree and see them in action:thumb:

{QUOTE-> it is time to test Zemana and SnooPFree and see them in action:thumb: <-QUOTE}

Yeah, I was thinking that too. I'd be interested to hear the results.

Here's what PrevxEdge thinks of it:

{QUOTE-> Here's what PrevxEdge thinks of it: <-QUOTE}

Good to know. :thumb:

{QUOTE-> Here's what PrevxEdge thinks of it: <-QUOTE}thanks for the screenshot:thumb: cool test;) so that's mean that prevx edge catch comercial keyloggers,nice:) very happy about it:thumb:

Seems Online Armor doesn't detect the keylogging, screenshots or clipboard logging.

Nor does Zemana detect it...It's definitely logging however.

Using Anvir Task Manager with process hidden from Task Manager. It picks it up as dangerous (34%). Uploaded it to VirusTotal from Anvir.

Results from Anvir:
No file description available
Found 0 day(s) ago
Can use Internet
Overall security risk: 34%

VirusTotal analysis:
5/39 detected the keylogger.

Props to Prevx, Symantec, Mcafee, eSafe and Nod32 for detecting the commercial keylogger.

{QUOTE-> Seems Online Armor doesn't detect the keylogging, screenshots or clipboard logging.

Nor does Zemana detect it...It's definitely logging however. <-QUOTE}

that is because a lot of programs dont detect commercial keyloggers ON PURPOSE. this doesnt mean u are less secure, as long as you have a password to your user account, there should never be a prob with someone installing a commercial keylogger like this without u knowing, and who in ur house would want to anyways?

{QUOTE-> Seems Online Armor doesn't detect the keylogging, screenshots or clipboard logging.

Nor does Zemana detect it...It's definitely logging however. <-QUOTE}
Is that OA Free or paid?

{QUOTE-> Is that OA Free or paid? <-QUOTE}

Paid.

And @ Firzen: You never know where a keylogger may come from. A risky download perhaps? Maybe even just browsing around the web.

I am not saying I will get infected with the keylogger, however I am saying people without the adequate protection may.

{QUOTE-> Paid.

And @ Firzen: You never know where a keylogger may come from. A risky download perhaps? Maybe even just browsing around the web.

I am not saying I will get infected with the keylogger, however I am saying people without the adequate protection may. <-QUOTE}

the difference is, someone would have to physically go onto your computer and install a keylogger like this, so that is a reason why some products dont detect commercial keyloggers on PURPOSE. thats why they didnt alert u, and this type of keylogger cant be invisibly downloaded and installed like a malware keylogger. thers a difference. unless there's some untrustworthy person in your house, u have nothing to worry about, about ultimate keylogger not being flagged.

Norton Security Scan offered free was able to detect the keylogger and remove it.

Online Armor's firewall was able to detect the log file being sent via email, however, not FTP or Lan.

KL-Detector (http://dewasoft.com/privacy/kldetector.htm) was able to detect the log file made by the keylogger.

I-Hate-Keyloggers successfully stopped the keystrokes being recorded.

Privacy Keyboard detected the keylogger.

@Firzen: Even so I would like it to be detected, just in case, because you never know. :) Plus I have made this keylogger completely invisible so who is it to say that it won't be used for malicious purposes ;)

cool:thumb:

{QUOTE-> @Firzen: Even so I would like it to be detected, just in case, because you never know. :) Plus I have made this keylogger completely invisible so who is it to say that it won't be used for malicious purposes ;) <-QUOTE}

how can u never know with THIS type of a program? thats fantastic that uve made it completely invisible, that doesnt change the fact that the only way this is gunna get an ur system is if you PHYSICALLY install it, and as i said, unless there's someone untrustworthy in ur house, thats not gunna happen. this isnt an accurate why of testing these anti keylogger apps detection ability and whether or not it is effective against ACTUAL MALWARE keyloggers. there's no way this program can be INSTALLED invisibly, it can be made invisible after that, but what does that matter other than so the user doesnt see it (if its not you).

lets say u have a kid and install this keylogger to monitor things, do u want ur kid getting some weird popup about keyloggers when u knowingly installed it urself, and im sure you wouldnt want them to know about it. its unethical, but not malicious in anyway.

I could argue further, but I am not going to. These debates could go on forever, and I guess the anti* companies face the same dilemma. What to detect or what not to detect.

It was a nice argument(debate) though Firz ;D

I somehow doubt OA n Z would whitelist commercial keyloggers, think again Firzen - they wouldnt whitelist that wich they normally would detect. HIPS are supposed to intercept actions like these malicious or not. Everythingh u just said applies to AS only

{QUOTE-> I somehow doubt OA n Z would whitelist commercial keyloggers, think again Firzen - they wouldnt whitelist that wich they normally would detect. HIPS are supposed to intercept actions like these malicious or not. Everythingh u just said applies to AS only <-QUOTE}

it doesnt only apply to AS, because Zemana has their own whitelist for antilogger, but i am not sure whether it does or does not whitelist this since Zemana isnt actually just a traditional HIPS that alerts to everything, im sending them an email to ask about this, ill post back when i get a response.

{QUOTE-> it doesnt only apply to AS, because Zemana has their own whitelist for antilogger, but i am not sure whether it does or does not whitelist this since Zemana isnt actually just a traditional HIPS that alerts to everything, im sending them an email to ask about this, ill post back when i get a response. <-QUOTE}

Sure but just think about it, it wouldnt make sense for antikeyloggers to whitelist certain keyloggers - who would benefit from this and i dont think customers will appreciate that but ok i await ye reply :)

{QUOTE->
Online Armor's firewall was able to detect the log file being sent via email, however, not FTP or Lan.
<-QUOTE}

Does it show something in "Keylogges" section ? The problem may originate from executable been signed by trusted vendor, for example. In this case OA would not alert. To run a clean experiment you need to untrust keylogger executables and remove (if any) related records on the "Keyloggers" tab.

{QUOTE-> Does it show something in "Keylogges" section ? The problem may originate from executable been signed by trusted vendor, for example. In this case OA would not alert. To run a clean experiment you need to untrust keylogger executables and remove (if any) related records on the "Keyloggers" tab. <-QUOTE}maybe comercial keyloggers are not black listed or they are white listed;D in data bases

{QUOTE-> that is because a lot of programs dont detect commercial keyloggers ON PURPOSE. <-QUOTE}
That may be true for siganture based software but not for HIPS like OA , Zemana etc.

{QUOTE-> That may be true for siganture based software but not for HIPS like OA , Zemana etc. <-QUOTE}

Zemana isnt exactly a HIPS. and yes, Zemana DOES use whitelisting, now whats on the whitelist i dont know.

I don,t expect them to white list these keyloggers. I guess Zemana is very similar to a classical HIPS with less filters, altered pop ups and a white list to decrease the no of pop ups.

i speak for my self if i really want to make sure i stop keyloggers in real time i will prefer 100 times more to go with a pure hips instead of such technologgy that you may think did it block it or not,i know for sure a hips system will give you pop ups of malicious activities;)

{QUOTE-> That may be true for siganture based software but not for HIPS like OA , Zemana etc. <-QUOTE}

But what does prevent HIPS to whitelist something on a signature basis ? I know for sure OA has trusted and untrusted signatures database and if some signature fits in trusted list then this program is treated as trusted. This helps to avoid a lot and a lot of unnesesary alerts.

I'm confused about this "physical access to your pc" to install a commercial keylogger. Surely if a hacker has negotiated past your defence they could install one of these commercial keyloggers just as easily as a none commercial one. Have I missed something glaringly obvious here?

muf

{QUOTE-> I'm confused about this "physical access to your pc" to install a commercial keylogger. Surely if a hacker has negotiated past your defence they could install one of these commercial keyloggers just as easily as a none commercial one. Have I missed something glaringly obvious here?

muf <-QUOTE}

Jezz. If a hacker can install something on your computer without your knowing, you are absolutely helpless. Nothing can help you.

{QUOTE-> that is because a lot of programs dont detect commercial keyloggers ON PURPOSE. this doesnt mean u are less secure, as long as you have a password to your user account, there should never be a prob with someone installing a commercial keylogger like this without u knowing, and who in ur house would want to anyways? <-QUOTE}

well most people don't design their own keyloggers.

{QUOTE-> Jezz. If a hacker can install something on your computer without your knowing, you are absolutely helpless. Nothing can help you. <-QUOTE}

Generally malware is installed on people's computers without their knowledge. So what's your point ?

I would think that, in addition to a backdoor, trojan, rootkit (to name a few), a commercial keylogger could be installed. I'm sure 'hackers' won't care much for copyright ;)

If signatures exist for the keylogger in question, they could make modifications to adapt.

I tend to think of the creation of keyloggers as unethical.

Employers spying on their employees, parents on their children, it's just wrong.

I'm sure you can come up with exceptions, but rules tend to have exceptions :)

{QUOTE-> Jezz. If a hacker can install something on your computer without your knowing, you are absolutely helpless. Nothing can help you. <-QUOTE}

I'm also at a loss at what point you making. You think keyloggers come from sources other than hackers? Not many. Regardless of how a keylogger gets on your pc and whether it is commercial or none commercial the two types still do the same thing, that is to log your keystrokes or screen capture.

What i've often wondered is why security application's discriminate between them. I don't want any type on my pc so I'd like my security app to tell me about any application or file that is on my pc that is capable of logging keystrokes. It's as if the commercial keyloggers have a 'get out of jail' card they can use on all the security apps. I just don't get it. "They used a commercial keylogger to get your credit card details. Sorry but we don't detect commercial keyloggers". Like I said, I just don't get it...

muf

{QUOTE-> I'm also at a loss at what point you making. You think keyloggers come from sources other than hackers? Not many. <-QUOTE} commercial keyoggers come from giveawayoftheday, for example. But what I mean is you can hardly not notice that some program tries to install on your computer. The only way not to notice is if "a hacker" has physiscal access, but tin this case antikeylogger can hardly help, for most probably it would be deactivated, or answered "allow, remember" by "a hacker"
{QUOTE-> Regardless of how a keylogger gets on your pc and whether it is commercial or none commercial the two types still do the same thing, that is to log your keystrokes or screen capture.
What i've often wondered is why security application's discriminate between them. I don't want any type on my pc so I'd like my security app to tell me about any application or file that is on my pc that is capable of logging keystrokes. <-QUOTE}

Actually, a lot of the programs "are capable" of logging keystrokes. Though, many of them do not "log". But the main idea is if "a hacker" is able to install keylogger to your computer he is also able to bypass any security you have.

But, if you have HIPS in the first place it will prompt you about something is trying to start and install as autorun. And if it's not something you install on purpose you just decline. In case of ukl you see installer dialog in the first place.

{QUOTE-> commercial keyoggers come from giveawayoftheday, for example. But what I mean is you can hardly not notice that some program tries to install on your computer. The only way not to notice is if "a hacker" has physiscal access, but tin this case antikeylogger can hardly help, for most probably it would be deactivated, or answered "allow, remember" by "a hacker"


Actually, a lot of the programs "are capable" of logging keystrokes. Though, many of them do not "log". But the main idea is if "a hacker" is able to install keylogger to your computer he is also able to bypass any security you have.

But, if you have HIPS in the first place it will prompt you about something is trying to start and install as autorun. And if it's not something you install on purpose you just decline. In case of ukl you see installer dialog in the first place. <-QUOTE}that's why i believe after your firewall a hips program is a must to protect the entire system in real time:thumb:

{QUOTE->
The problem may originate from executable been signed by trusted vendor, for example. <-QUOTE}
Surely not.
Just allow the installer to run and see what happens.

206979


Latest OA Public Beta 3.1.0.26 - completely bypassed by Ultimate Keylogger.
That's a serious problem and therefore it should be recognized.

Cheers

{QUOTE-> commercial keyoggers come from giveawayoftheday, for example. But what I mean is you can hardly not notice that some program tries to install on your computer. The only way not to notice is if "a hacker" has physiscal access, but tin this case antikeylogger can hardly help, for most probably it would be deactivated, or answered "allow, remember" by "a hacker"


Actually, a lot of the programs "are capable" of logging keystrokes. Though, many of them do not "log". But the main idea is if "a hacker" is able to install keylogger to your computer he is also able to bypass any security you have.

But, if you have HIPS in the first place it will prompt you about something is trying to start and install as autorun. And if it's not something you install on purpose you just decline. In case of ukl you see installer dialog in the first place. <-QUOTE}

thank you, ive been trying to explain how this type of keylogger is an actual commercial program that needs to be installed with an installer and to do that u need to actually physically be at the computer and install it, so tbh i dont really care if this app and others like it are whitelisted for parents i suppose, since my user account is passworded and nobody uses my computer other than me ;D thx alex

{QUOTE-> Surely not.
Just allow the installer to run and see what happens.

206979


Latest OA Public Beta 3.1.0.26 - completely bypassed by Ultimate Keylogger.
That's a serious problem and therefore it should be recognized.

Cheers <-QUOTE}

As far as I see ukl is trivial windows-hook based keylogger. Nothing too special there. I dunno why OA allows it. The reason can be anything but not inability to catch winhooks.

{QUOTE->
Latest OA Public Beta 3.1.0.26 - completely bypassed by Ultimate Keylogger.
That's a serious problem and therefore it should be recognized.

Cheers <-QUOTE}

Recognized and fixed.


Mike

{QUOTE-> Seems Online Armor doesn't detect the keylogging, screenshots or clipboard logging.

Nor does Zemana detect it...It's definitely logging however. <-QUOTE}

Not surprised at all that Zemana failed to detect it.

CFP detects the global hook it installs. Once denied this hook, keylogger can,t work and is shut down.

Also labelled suspicious by heuristics.
If allowed to hook, it can log keystrokes and clipboard without any pop ups but screen capture still can be detected by CFP.

GesWall- I tried by running keylogger inside GesWall.

1- Keys logging -- GesWall PASSED
2- Clipboard loggingt --- GesWall FAILED
3- Screen capture ----- GesWall FAILED

It,s interesting as latest GW now claims to intercept clipboard logging and screen capture. I will post over there forums.

{QUOTE->
Latest OA Public Beta 3.1.0.26 - completely bypassed by Ultimate Keylogger.
That's a serious problem and therefore it should be recognized.

Cheers <-QUOTE}
Hi, can you tel how did you test?

{QUOTE-> Hi, can you tel how did you test? <-QUOTE}
OS: Windows XP SP3
I have tested it with the GOTD installer (Setup.exe) and the installer from their website (ultimatekeylogger.exe).
Both with the same result.
After I allowed only the installer to run (Untrusted), the UKL starts up right after the installation is finished and is able to record inputs and actions, like visited websites etc.
There is no other OA pop-up and the UKL process is Untrusted in OA Programs, which is pretty irritating.
But it will be solved anyway.

Cheers

Sorry for the delay coming back to this thread but Zemana Antilogger does detect and block Ultimate Keylogger, see the screenies. Only managed to get the second pop-up, the first one came up before the installation of Ultimate Keylogger was finished, it appeared to install and the pop-up shown here came up. Blocked both, and they show as such in the screenshot from Zemana. Although there is a short cut on the desktop and an entry in Start > all programes Ultimate Keylogger appears to be dead, it cannot be opened.

{QUOTE-> OS: Windows XP SP3
I have tested it with the GOTD installer (Setup.exe) and the installer from their website (ultimatekeylogger.exe).
Both with the same result.
After I allowed only the installer to run (Untrusted), the UKL starts up right after the installation is finished and is able to record inputs and actions, like visited websites etc.
There is no other OA pop-up and the UKL process is Untrusted in OA Programs, which is pretty irritating.
But it will be solved anyway.

Cheers <-QUOTE}
Are you sure it is the proper way to test. When you allowed it to install and run, it already has hooked the system, so after that yoiu are not supposed to get an alert from a HIPS.

This is the way I tested. I disable CFP. Installed UKL and let it run. Then I killed it via ProcessExplorer. Enabled CFP and then started UKL by double clicking the main exe. CFP alerted about its execution and allowed it to run. It was the pint when i got a pop up alert about a global hook that if I block, keylogger is dead.

CA=an you test like this? If u allow this hook, keylogger wil work without any more pop ups( except for screen capture).

{QUOTE-> Sorry for the delay coming back to this thread but Zemana Antilogger does detect and block Ultimate Keylogger, see the screenies. Only managed to get the second pop-up, the first one came up before the installation of Ultimate Keylogger was finished, it appeared to install and the pop-up shown here came up. Blocked both, and they show as such in the screenshot from Zemana. Although there is a short cut on the desktop and an entry in Start > all programes Ultimate Keylogger appears to be dead, it cannot be opened. <-QUOTE}
Hmm... where is the 2nd pop up? Also what about screen capture alert?
Can u try like i posted above?

{QUOTE-> Hmm... where is the 2nd pop up? Also what about screen capture alert?
Can u try like i posted above? <-QUOTE}

The screen shot above is the second pop-up, the one I got after it appeared to have installed. There is no screen capture alert, Ultimate Keylogger is neutered, it does not run. Will have another go later to see if I can capture the first pop-up again that I got while installing.

Have just shut down Zemana, stopped protection, and I can now open the Ultimate Keylogger GUI. Reactivated Zemana and it does not detect Ultimate Keyloggers presence. Will see if I have time later to activate Ultimate Keylogger and see if Zemana detects it when it is active.

This is the first pop-up received when installing Ultimate Keylogger with Zemana enabled. I blocked but once I had clicked block it continued to install leading to the second pop-up as in my previous post which I also blocked. Again, I was unable to open or activate Ultimate Keylogger unless I disabled Zemana protection, on reactivation Zemana again failed to detect Ultimate Keylogger although the GUI was open and I was typing in Notepad. Very strange.

{QUOTE->
CA=an you test like this? If u allow this hook, keylogger wil work without any more pop ups( except for screen capture). <-QUOTE}
Unfortunately the same result like before, the way of testing makes no difference here.
And there is no prompt about a global hook or whatever, only some prompts if I open the UKL logs.
Let's say it's related to the Beta status of this OA version.

Cheers