How come TDS doesn't detect Spector Pro 5 keylogger?

:D are you talking about those spywares and trojans companys sale to spy on there employes and spouses

i seen a number of new spyware companys opening up shop and saleing trojans or spyware to spy on people

wondering if these one of them

Hi Sfax, Commercial key loggers may not always be spyware as such.
DCS will have to answer from their point of view on this particular program.

Pilli - Enjoy your weekend

For those companies that refure to detect commercial keyloggers, you and always try out Anti-Keylogger found at

http://www.anti-keyloggers.com

Let us know how it works for you.


Bruce

Hi controler, Don't think it is a mater of refusal more a commercial decision. Buying the legitimate program and then interferring with it in any way may break the licence agreement which in turn could be deemed illegal.
It is a very difficult area that's for sure.

::) i dont know guys i had many of times the chance to snag many diffrent comerchial spyware.

really cool ones that could hide in a mp3 or video or even jpg as a delivry point that actualy functioned.

that being said its very easy to abuse comerchial trojans kelogers.

i hope dcs detects all wither comerchial or not

a trojan is a trojan

the nicer spyware let blaze do the following from otherside of the world.

check e-mail
look threw web cam
live keystroke
control desktop
search folders
and spy on aim

perty cool in less your the victem lol

but they are for sale i had application that could make one and has a log in password

i got rid of it but still if a crayola boy like me can get ahold of such an application anyone can.

so i suggest geting all nastys wether comerchial or not

I second that, that would be a major improvement for v4

Controler, Anti-keylogger won't even start ... Windows says it generates errors and will be closed ... If I stop Spector, it works just fine :) I tried several anti-keyloggers and none of them detected it. Also tried several antiviruses and antispyware programs, but no luck. I'm a little bit concerned, because the new version of Spector really knows how to hide. If you don't know what to look for, you may be living with it without ever knowing that someone is spying on you. It has no visible processes in the memory either (I tried a couple of task managers) and leaves no traces in the registry. The only way to kill it is by checking for locked files on the hard drive, then boot with something like ERD Commander and remove it. I think TDS should at least detect it because it's basically a trojan program.

I use spysweeper and it seems spysweeper can handle keyloggers too

sfax?

are you using an NT System?

Guess I will try Spector myself with Anti-Keylogger

I think they may be comming to visit the forums soon. At least I asked them to.

We will see what happens. They were invited.
I do know a couple things about their software.

Bruce

Hi Sfax, :)

Like Pilli said, the only ones that can verify yes/no would be DCS.

From your post, you have it installed and:
a] want to get rid of it?
b] did not know about it until something happened?

Another thing you can use to monitor your system, is Port Explorer [also from DCS] to examine what traffic is being generated.

I am presuming you were concerned someone outside of your own environment being able to monitor the keylogger, not someone having physical access to your system to check.

Also if you have a good firewall, it should also alert to all objects trying to access outside to net? [As in having to Permit~Allow/Deny~Block attributes]

Port Explorer though can give very detailed info. [see pic, I turned on the 'full path' option you can see exactly what is making/listening contacts].
The blue ones are System process, the Black are normal app, and the Red indicates "Hidden" process which "can" be trojan-like apps, although not necessarily like my screen capture program HyperSnap.

Cheers, TAS

bottom line whats out there that finds this trojan

will spysweeper work on it

can you give us a detail how to find and get rid of it.

Spector Pro 5.0

Records Emails, Chats, IMs, Web Sites, Programs Run, Keystrokes Typed, Peer to Peer File Sharing, Screen Snapshots - Plus - Offers Internet Access Blocking and Instant Notification Alerts.

The Most Intelligent Internet Monitoring and Surveillance Software available. Rated #1 spy software by PC Magazine.

Start with the Most Advanced Snapshot Recorder, Add ACTUAL Email Recording, PLUS ACTUAL Chat Recording, PLUS The World's Best Key Logger and Web Site Recording.

Then, add Program Recording and Peer to Peer File Recording (New in Version 5.0).

In addition, Spector Pro will actually examine what is being done and analyze it to see whether you should be NOTIFIED RIGHT AWAY - if something bad is happening to your loved ones while they are surfing the Internet.

Finally, add in the ability to block specific web sites from being visited or block chat activity or block internet access altogether with Spector Pro's flexible Internet Access Blocking.

Combine seven recording tools with Internet access blocking and intelligent and instant alert notification when content you specify is encountered and you have the most powerful Internet monitoring and surveillance software you can buy anywhere.

Complete Power. Complete Flexibility. Complete Control.

::) hmmmmmm no quiet survalince on web cams or pc control or get file acess this is kinda weak compare to other comerchial spywares

but still nasty

i dont think this is that cool one i was thinking of either i dont see remote acess as admin or use there server behind a proxy log in

the one i saw you log on you get a staus if there on or off basicly hacking for dummys lol wit a easy to use interface you pay a monthly subscription or was it a yearly plus software

twice as nasty as the above

???

Well, you install some program, coming with some .exe file.
It is YOUR responsibility what you install on your system.

You don't know what you have installed?
You don't know what some crappy website has installed on your system?
Well, use a good file-integrity-checker, so at least you know which files on your system has be changed/deleted/added; and use something like ProcessGuard when you're using 2000/XP.

;D these programs dont use exe extention actualy you have lots of choices

it can be
e-mail
.swf
.mp3
.wav
.exe
.avi
.mpeg

that really do work lol

for example in the program i saw it was so easy to use it was disturbing

you select the carrier e-mail it or any delivry methode you can think of

as soon as they get it wham

your cpu belong to us i mean the bad guys lol sorry day dreaming lol.

but you can get it from a so called friend

in one case i think i saw a time thing on it

which would be googd on .jpg

most people keep pictures in the pc so with a time bomb on it type thing lol

yup it nasty out there

-{ Quote: "???

Well, you install some program, coming with some .exe file.
It is YOUR responsibility what you install on your system.

You don't know what you have installed?
You don't know what some crappy website has installed on your system?
Well, use a good file-integrity-checker, so at least you know which files on your system has be changed/deleted/added; and use something like ProcessGuard when you're using 2000/XP." }-

Absolutely Jan. :) Concur fully. ;D

TAS

Spector is a keylogger (and more) that is advertised widely in the United States. It is advertised as nothing less than the best tool to spy on your spouse, girl/boyfriend. etc.

Nobody installs Spector on their own free will. It is executed on systems with a lot of fancy work to prevent MOST security software from screaming.

A keylogger is infinitely worse than garden variety spyware and adware and the potential for damage to an individual (and not just on the computer) is extreme. I'm for any program that alerts to trojans, alerting to the very definition of pure SPYware - and that's keyloggers.

An interesting new piece of software I have been testing is called, "Snoopfree"....its manual is online. Here is a very interesting read about the breach warnings from SnoopFree.
http://www.snoopfree.com/help_file/Breaches.htm
It is very unique, and worth a look.

Thanks for the info John :)

I know someone else in here uses Snoopfree, too lazy to search :) and swears by it.

TAS

-{ Quote: "Spector is a keylogger (and more) that is advertised widely in the United States. It is advertised as nothing less than the best tool to spy on your spouse, girl/boyfriend. etc.

Nobody installs Spector on their own free will. It is executed on systems with a lot of fancy work to prevent MOST security software from screaming.

A keylogger is infinitely worse than garden variety spyware and adware and the potential for damage to an individual (and not just on the computer) is extreme. I'm for any program that alerts to trojans, alerting to the very definition of pure SPYware - and that's keyloggers.

An interesting new piece of software I have been testing is called, "Snoopfree"....its manual is online. Here is a very interesting read about the breach warnings from SnoopFree.
http://www.snoopfree.com/help_file/Breaches.htm
It is very unique, and worth a look." }-

Thanks John and thanks Tassie ;)

Am I allowed to point to this quote:
"Nobody installs Spector on their own free will. It is executed on systems with a lot of fancy work to prevent MOST security software from screaming."

OK, nobody installs it on their own free will !
But:
1.
How did it come on your system?
Were you surfing not fully protected?
Or did you give someone else access to your machine?
2.
OK, now for some strange reason it seems to be on your system.
How many times do I have to tell people to use a good file-integrity-checker?
At least you would know that suddenly some strange new files were added on your system....
And again: if you're using W 2000/XP, did you use ProcessGuard? I cannot use it on my W 98 SE machine, so I have to leave it to others whether PG will warn you in case that nasty is "suddenly" running on your system...

:o omg that parnoyal soft ware snoop free


i do not recomend that for newbie you be craping your pants every 10 minutes lol

mediume newbie if you understand firewall concept and you know how to look up info on the net to a program and are good at it then its a good programe

otherwise you will only become more paranoid

Snoopfree say they take care of all spyware "known and unknown" .Would this be better choice than say spy sweeper or does snoopfree really take care of spyware that is placed physically on the users pc rather than other forms such as spybot / spy sweeper take care of that may occur from downloading/surfing etc ?

:D jan not every one nice like you i wish they were this world be a better place

you can get it as an e-mail itself

for example i send you e-mail you dowenload it like normal you open it bang i got you

problem is people you know or dont know do this stuff

but i see your point to lol you should never trust a source inless you know them very well

??? jan just wondering well file integrity checker really spot Spector 5 pro

wow so many condomes for the pc now a days sucks we have to have all this security just to be safe kinda crazy

Hi Jan,

Everything you wrote is absolutely true - for the experienced and security-wise user. I frankly agree with you that for Spector to end up on the computer of one of the Wilders regulars would give cause to pause. However, we have to remember that not even 5% of computer users care to run anything but an antivirus and a firewall as their "security"......With that in mind, it is hard for me to scold someone for asking for solid protection from the most popular keylogging program in existense - Spector.

It's hard to tell someone not to expect something in a certain tool, because if they were smart, they would have caught it with another tool. If keyloggers are not included in the database of TDS (which I didn't know) the only fair thing to do is to asterisk the program with that information.

But, now I am curious because of this from the TDS3 FAQ on the DCS website:

Which kinds of malicious software does TDS detect?

TDS essentially detects anything malicious that isn't a virus. This includes RAT Servers, RAT EditServers, RAT Clients, RAT Plugins, RAT DDoS Servers, FTP RATs, Droppers, Binded trojans, Packed Servers, Keyloggers, Spyware, Mail Trojans, Password Stealers, Internet Worms, mIRC Worms, Malicious DLLs, Monitors, Spyware, and many others.
http://tds.diamondcs.com.au/index.php?page=faq

So I am wondering - does it or doesn't it?

My main point though is that a person shouldn't have to be an expert on computer security to be respected as a computer user with needs and desires from the software they choose to use. If I used TDS3, I know I would certainly expect it to detect keyloggers if the short answer to the question "What kinds of malicious software does TDS detect? is "Anything malicious that isn't a virus." That seems pretty clear to me. If TDS3, in fact, does not detect keyloggers, after reading the above - I would have a lot of questions if I had paid money for the claims of protection and were not getting it. It really has nothing to do with what "other" steps one has taken as a computer user.

Hope everyone has a great weekend!

:D actualy most people the common usser has a antivirus that they dont update at all

kinda scary i use to be like that

-{ Quote: "??? jan just wondering well file integrity checker really spot Spector 5 pro

wow so many condomes for the pc now a days sucks we have to have all this security just to be safe kinda crazy" }-

Hey Blaze (thanks for your kind words ! :D ).

OK, you asked:
"Will a good file integrity checker spot Spector 5 pro?"
At the moment I don't know because I don't have that nasty...
BUT:
if
1. it puts some new files on your system (or deletes some files or changes some files)
and if
2. you had already a database made by a good file integrity checker on a clean machine,
then your file integrity checker would have warned you about those changes once you run that file integrity checker on-demand.

For example the file integrity checker ADinf32 (not free) can be run using its so-called bios-mode in which it completely bypasses Windows.
I have never seen that it would not detect a file change (but of course I don't have run all nasties in the world).

Again :
I would be very surprised if ProcessGuard on a 2000/XP system would not warn you about changes made by this nasty.
But I have to leave that topic to others ;)

-{ Quote: "
Which kinds of malicious software does TDS detect?

TDS essentially detects anything malicious that isn't a virus. This includes RAT Servers, RAT EditServers, RAT Clients, RAT Plugins, RAT DDoS Servers, FTP RATs, Droppers, Binded trojans, Packed Servers, Keyloggers, Spyware, Mail Trojans, Password Stealers, Internet Worms, mIRC Worms, Malicious DLLs, Monitors, Spyware, and many others.
http://tds.diamondcs.com.au/index.php?page=faq
" }-

Yes John. Valid points, and regardless, no matter what 'Licence Agreements' may be in use by any proggy, a program like TDS still "reserves the right" IMO, to detect one of the above mentioned files/programs. No different to you searching through the folders yourself looking.

It's then up to the user [as TDS does not auto delete/quarantine/disable] to act upon any findings, so TDS itself is blame free.
The user can decide. It's their PC and I personally don't care what licence blurb is in, if I want to then delete the said detection I shall do so, period. :)

My PC, My Decision, My Privacy is My Motto regarding that. :)

TAS :)

Hi John :D

I understand what you're saying !!!!!
Valid points as Tassie too already said !

(And BTW, of course (!!!!!), a file integrity checker is most definetely NOT the end-and-all solution, certainly not!!).

Good weekend to you too John !!! :D

Warm regards, Jan.

i seem to remember that spector does require admin rights to install?? its just that my memory is not what it used to be... can some one confirm??

controler, you're the expert on commercial keyloggers...

Greetings

Wow me an expert on something? Thank you illukka

Yes in fact I did some testing of a couple commercial key loggers.
If I can find some of those posts here I will post the links.
In those posts I gave info received from a few companies. I however didn’t keep the old mail. I do remember that I could not get KAV to tag Starcmd.
The reasons are pretty much the same from all the venders. If you look at Boclean you see the option for Backorfice because of a legal battle that took place.
It appears the reasoning is that commercial key loggers are legit pieces of software installed by an ADMI and we know it is perfectly legal for companies to spy on their workers here in the USA. Their attorneys however DO recommend the company advice their workers that they have the right and might be spying on them. The fact is most companies DO monitor their workers activities. This is why commercial key loggers are not tagged by a lot of venders.

Now as you can see from reading the manual from the link below, you will see there are only three files that need to be deployed with this key logger.
Scroll down to the manual and click on that, then look at Chapter 9.
In the mean time, I will get another cup a java and look for my old posts.
None of the commercial key loggers I tested used any form of injection.
In the day I was working with them, I used an older version of Anti-Key logger.
They now have a newer version. In the new version you can exclude file and turn the thing on and off and that’s about it.
The good Key loggers are all password protected and completely configurable.
You can chose to capture screenshots ect. In my tests, I used a yahoo pop account before they made them a buyable only option.




http://www.keylogger.net/


Bruce

Hi

This is the only thread I found for now, I could not find the one on Ghost Key Logger. It may be in a KAV post or something.

http://www.wilderssecurity.com/showthread.php?t=17255


Bruce

Ok, here's why I started this thread. I fix computers for a living for many years now. The other day I had a client with an infected machine (trojans and spyware) that he bought very cheap from his office, and he was telling me he will pay me extra to make sure there is no keylogger running on it (formatting the drive was completely out of question since he had a bunch of programs installed that he didn't have the install CD for ...). When I have something like that to fix on my table, I usually keep the machine in the shop for one day and I run the following (from a CD that I keep updated regularly): antivirus : F-Prot (if it's FAT32), NOD32, Kaspersky, Trend Sysclean, Avert Stinger, McAfee CleanBoot, A2, antispyware : Ad-aware, SpySweeper and Spybot, antitrojan : TDS-3, then I finish with Hijack This, startup utilities and registry cleaners. In this particular case, since my guy mentioned the keyloggers, altough I was 100% sure the system was clean (especially since I expected TDS to flag anything suspicious), I ran Keylogger Killer (which didn't detect anything of course) and Anti-Keylogger (which died with an error message immediately - but I didn't pay too much attention to it). So I returned the machine, which was running great, and I charged the guy my usual fee assuring him 10 times that it's completely impossible to have a keylogger running (he knew the company's administrator used to have it installed on all the machines, but he wasn't sure whether he uninstalled it before he got it). After a couple of days, he shows up again with his machine, puts it on the table and shows me that SPECTOR 5 was running on there all this time !!! The administrator returned from a vacation and told him that he forgot to take out the keylogger. So he logs on with a combination of keys, and I could see everything I did few days ago with screenshots and everything!!! I saw every key that I typed, all these programs I used to clean it up, everything !!! It was incredible! No traces in task manager, no suspicious services, no traces in the registry!
Bottom line is, I think TDS should be able to detect its presence on a machine. It's a keylogger, so it should be detected no matter how popular it is, and no matter that it's a comercial software or not ...

:D why isnt big G or W here to answer this and put an end to all disbelivers lol

To see WHICH keyloggers TDS3 will detect, it's only necessary to go to the main TDS screen interface, click on "Help", then highlight "Primary List" and click on that. Scroll down to the "Keylog" entries in the list (there's a bunch) - none of which are named "Spector".

If someone reading actually OWNS a copy of this program (you have to purchase it, you can't simply trial it) you could always send a copy of it to DCS and I'm sure they'd add it - the program IS a keylogger, and I can't really conceive of any possible legal ramifications of calling a spade a spade.

Yes, I feel we do indeed need to await a DCS response but this may not be until Monday morning Perth time so further speculation should be avoided :)

Nearly all AV /AT & spyware companies rely on samples sent to them and hunting for them using in house resources, all commercial keyloggers require a payment, I doubt they give free samples to AV / AT companies on request. This in itself could cause a considerable monetary strain on the AV/AT companies as their must be many of this type of program available.

This particular program Spector Pro 5 appears not to be detected by many AT/AVs etc. Many of which claim to catch this type of program so IMHO this is not necessarily a TDS3 specific issue but a much wider concern.

Hi all,

Just my small contribution to this thread. ElbTecScan can be downloaded here:
http://www.elbtec.de/download/elbtecscan.php4?PHPSESSID=191fb161eb61540bab2db5f439653bb8

Description
Spector, eBlaster and Orvell Monitoring are small, unnoticeable PC programs, especially designed to list all computer activities. These programs allow unwanted persons to read everything you have on your computer and even to see what is on your screen. There's no use to point out that credit card numbers, secret numbers or passwords can be read. EBlaster makes it also possible, people via internet to spy!

ElbTecScan is a free program for all those who want to find out if they are being spyied with these surveillance programs.

Out of curiosity, I checked an ElbTecScan scan with Regmon and Filemon. Regmon didn't log anything. Filemon showed ElbTecScan looking for:

C:\WINDOWS\system32\MSWNSRVX.EXE
2 C:\WINDOWS\system32\MSWNSRVX.CNT
3 C:\WINDOWS\system32\MSWNSRVX.HLP
4 C:\WINDOWS\system32\SHMSWNMP.DLL
5 C:\WINDOWS\system32\WEBEBOT.EXE
6 C:\WINDOWS\system32\MSNWINNET.DLL
7 C:\WINDOWS\system32\TUDMDXIUFRM.DRV
8 C:\WINDOWS\system32\XMSSYSMRU.CNT
9 C:\WINDOWS\system32\XMSSYSMRU.EXE
10C:\WINDOWS\system32\XMSSYSMRU.HLP
11C:\WINDOWS\system32\MSKERNEL32HLP.DLL
12C:\WINDOWS\system32\SPADMIN.EXE
13C:\WINDOWS\system32\WSWINNTFP.EXE
14C:\WINDOWS\system32\MSNETKERNEL32.DLL
15C:\WINDOWS\system32\MSWEBHLP.DLL
16C:\WINDOWS\system32\URLMKPL.DLL
17C:\WINDOWS\system32\MSSKFZWIN.DLL
18C:\WINDOWS\system32\KRNLED.EXE
19C:\WINDOWS\system32\OCXDRV32.DLL
20C:\WINDOWS\system32\MSACRARA.EXE
21C:\WINDOWS\system32\MSACRARA.CNT
22C:\WINDOWS\system32\MSACRARA.DLL
23C:\WINDOWS\system32\EXE2BIN16.EXE
24C:\WINDOWS\system32\MSUNI32B.EXE
25C:\WINDOWS\system32\WINCMD32.EXE
26C:\WINDOWS\MSWNSRVX.EXE
27C:\WINDOWS\MSWNSRVX.CNT
28C:\WINDOWS\MSWNSRVX.HLP
29C:\WINDOWS\SHMSWNMP.DLL
30C:\WINDOWS\WEBEBOT.EXE
31C:\WINDOWS\MSNWINNET.DLL
32C:\WINDOWS\TUDMDXIUFRM.DRV
33C:\WINDOWS\XMSSYSMRU.CNT
34C:\WINDOWS\XMSSYSMRU.EXE
35C:\WINDOWS\XMSSYSMRU.HLP
36C:\WINDOWS\MSKERNEL32HLP.DLL
37C:\WINDOWS\SPADMIN.EXE
38C:\WINDOWS\WSWINNTFP.EXE
39C:\WINDOWS\MSNETKERNEL32.DLL
40C:\WINDOWS\MSWEBHLP.DLL
41C:\WINDOWS\URLMKPL.DLL
42C:\WINDOWS\MSSKFZWIN.DLL
43C:\WINDOWS\KRNLED.EXE
44C:\WINDOWS\OCXDRV32.DLL
45C:\WINDOWS\MSACRARA.EXE
46C:\WINDOWS\MSACRARA.CNT
47C:\WINDOWS\MSACRARA.DLL
48C:\WINDOWS\EXE2BIN16.EXE
49C:\WINDOWS\MSUNI32B.EXE
50C:\WINDOWS\WINCMD32.EXE
51C:\WINDOWS\System\MSWNSRVX.EXE
52C:\WINDOWS\System\MSWNSRVX.CNT
53C:\WINDOWS\System\MSWNSRVX.HLP
54C:\WINDOWS\System\SHMSWNMP.DLL
55C:\WINDOWS\System\WEBEBOT.EXE
56C:\WINDOWS\System\MSNWINNET.DLL
57C:\WINDOWS\System\TUDMDXIUFRM.DRV
58C:\WINDOWS\System\XMSSYSMRU.CNT
59C:\WINDOWS\System\XMSSYSMRU.EXE
60C:\WINDOWS\System\XMSSYSMRU.HLP
61C:\WINDOWS\System\MSKERNEL32HLP.DLL
62C:\WINDOWS\System\SPADMIN.EXE
63C:\WINDOWS\System\WSWINNTFP.EXE
64C:\WINDOWS\System\MSNETKERNEL32.DLL
65C:\WINDOWS\System\MSWEBHLP.DLL
66C:\WINDOWS\System\URLMKPL.DLL
67C:\WINDOWS\System\MSSKFZWIN.DLL
68C:\WINDOWS\System\KRNLED.EXE
69C:\WINDOWS\System\OCXDRV32.DLL
70C:\WINDOWS\System\MSACRARA.EXE
71C:\WINDOWS\System\MSACRARA.CNT
72C:\WINDOWS\System\MSACRARA.DLL
73C:\WINDOWS\System\EXE2BIN16.EXE
74C:\WINDOWS\System\MSUNI32B.EXE
75C:\WINDOWS\System\WINCMD32.EXE


Nick

ElbTecScan does not detect Spector 5.0 either. According to ElbTecScan it only dtects up to Spector 4.0 pro. Does anyone know of any software that detects Spector 5.0?




Starrob

-{ Quote: "ElbTecScan does not detect Spector 5.0 either. According to ElbTecScan it only dtects up to Spector 4.0 pro. Does anyone know of any software that detects Spector 5.0?" }-

Although I have never used it, SpyCop (http://spycop.com/faq.htm#What is Spyware is and what SpyCop does) claims to detect Spector and other commercial surveillance software. It has a spot on DSLReports security updates page (http://www.dslreports.com/forum/remark,11302270~mode=flat).

Nick

8) i most likely coud get a sector 5 pro but i dont want that hell raiser on my pc while trying to submit it lol

that a bad ass buger

the problem i have is home ussers arnt part of company i seen comerchial keylogers basicly to be used any way you feel lol

one even hides it in any carrier

gives you access to any pc infected


so im thinking it should not be an issue

if the friend spouse has tds and is smart enough to catch some one in the cookie jar its the damn stalkers fault lol

-{ Quote: "ElbTecScan does not detect Spector 5.0 either. According to ElbTecScan it only dtects up to Spector 4.0 pro. Does anyone know of any software that detects Spector 5.0?




Starrob" }-
I dont know for which version of Spector, but give it a try. Bazooka Adware and Spyware scanner:

http://www.kephyr.com/spywarescanner/index.html

It only detects but they give removal instructions:

http://www.kephyr.com/spywarescanner/library/spector/index.phtml

Gerard

-{ Quote: "I dont know for which version of Spector, but give it a try. Bazooka Adware and Spyware scanner:

http://www.kephyr.com/spywarescanner/index.html

It only detects but they give removal instructions:

http://www.kephyr.com/spywarescanner/library/spector/index.phtml

Gerard" }-

Bazooka explains on their site:
- "Spector stores the logs in "%SystemDir%\netext\"."
Actually, you can choose the folder during install or anytime afterwards.
- "Files: wswinntfp.exe, winnetcl.exe, winnetcl.exe, spsetup.exe, spector_eval.exe, webebot.exe, spadmin.exe, sp40setup.exe, netknl.dll, netknlhm.dllmsurlbot.dll, abfrnex.dll, netknlhm.dll, mstfgher.dll, wmhshell.dll"
AFAIK, the names are chosen randomly.
Uninstall procedures:
- "Delete 'HKEY_LOCAL_MACHINE\SOFTWARE \ Classes \ CLSID \ {89044184-F260-4FDD-8FAB-2662814846E5}', if it exists.
Delete 'HKEY_LOCAL_MACHINE\SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer\Browser Helper Objects \ {89044184-F260-4FDD-8FAB-2662814846E5}', if it exists"
The keys don't exist. I'm not sure whether Spector even touches the registry.
- "Browse to the key: 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'. In the right pane, delete the value called 'Sysbot', if it exists."
Actually, it doesn't start from any of the autorun sections in the registry or windows file ...

All the above may have been true for Spector 4 or older.

Hi,

I don't like it to post this on the TDS-3-forum (a program which I very much like a lot!!!!!).
I have to apologize to Wayne for this!!!

I got a reply from SpyCop:
"Yes, SpyCop detects all Spectorsoft's products."

I have NOT checked this statement (meaning: installing that nasty and see what would happen).

As I said:
I DO apologize to Wayne !
I didn't know where to post this reply.
We are here in the TDS-3 forum, but there have been already so much talked about other programs in this thread...

Jan, you might want to write back to them to ask how they obtained their samples of Spectorsoft's products. ;)

We do not and will not pay for malware. If we started doing that kids everywhere would be modifying existing open source keyloggers and essentially try to extort us for money. You don't even know if the anonymous guest that started this thread has a financial tie to the software he mentioned, so as to get us to purchase it to add detection. Maybe he's the author of the Spectorsoft keylogger, who's to know. He seems to have a copy of the keylogger in question, so why doesn't he send it to submit@diamondcs.com.au so we can immediately add detection for it? There's also moral issues - we don't believe virus detection companies should be paying virus authors for writing malware. Afterall, we're trying to keep your systems clean - paying virus developers does not do anything to help keep your system clean, all it does is encourage the virus developer to keep developing.

You've got to keep track of the big picture - losing sleep over one individual keylogger that's tame compared to other keyloggers is just a waste of everyones time, yours and mine included. At the end of the day, TDS3 is the only database with daily database updates (and just look at how many new samples are added with each update), and detects more individual trojans than any scanner, keyloggers included. So don't lose sleep over one program that's "just another keylogger" (insert yawn here), and if somebody really wanted to get a keylogger on your machine they wouldnt bother paying for one when there are so many free ones out there that are even more powerful anyway. There's a lot more dangerous things to worry about out there such as kernel-mode rootkits, and that's where we're concentrating - the real nasties - the things you really should be concerned about.

Anyway, back to work.

What I would like to know is why a company like SpyCop can feel free to detect these programs and many AV/AT do not like to detect these.

Couldn't there be a option in TDS3/TDS4 that would detect commercial keyloggers in addition to trojans? Another question is exactly how hard is it to modify some product from Spector to be used maliciously? If it is relatively easy to do then if I wanted to get into someone computer for information, I would not use a Trojan, I would simply modify a commercial product since no one detects these. Why use things that all the AV/AT's target? So my question is again is it relatively easy or hard to modify a commercial product like Spector?

Maybe I will start a thread in Process Guard on this but I was also wondering if Process Guard prevent installation of Spector Pro 5 if someone else has physical access to the computer and Process Guard had the password protection on.

I would like to know there was some product that DCS has that could either block the installation of programs by someone that gains Administration access to the computer or detect the presence of these programs or preferably both.


Starrob

Wayne, you got the installer in the email. Check it out and let us know what you think ...

Starrob,
-{ Quote: "Couldn't there be a option in TDS3/TDS4 that would detect commercial keyloggers in addition to trojans?" }-
We add detection for any keylogger we come across, whether we find it or we're sent a sample, but to add detection for something you need a sample of it first. If it's a commercial program we either have to pay for it or wait for somebody to send us a sample. My previous post explains why such software should never be paid for.

-{ Quote: "Another question is exactly how hard is it to modify some product from Spector to be used maliciously?" }-
No harder and no easier than any other program.

-{ Quote: "If it is relatively easy to do then if I wanted to get into someone computer for information, I would not use a Trojan, I would simply modify a commercial product" }-
The only difference between a 'commercial keylogger' and an 'underground keylogger' is the pricetag - detection is no harder for either one once a sample has been obtained, and seeing as it's actually easier to obtain commercial ones their underground counterparts (not to mention they're free) it actually makes more sense for hackers to use free underground keylogger rather than paying for commercial one.

Cheers,
Wayne

Thankyou kindly sfax, we'll analyse it and have detection built in for tonights database update in about 5 hours from now. It will also be possible to add generic detection which should catch most if not all future builds, but again I must stress that this should be considered a low-level threat.

Cheers,
Wayne

Wayne - "you might want to write back to them to ask how they obtained their samples of Spectorsoft's products. "

Does it matter? If they obtained theirs the same way you obtained yours - that makes them neither better nor worse than you (just quicker).

If they purchased the product to enable them to include detection, then I APPLAUD them, for they've provided protection for everyone who uses their program. LEGITIMATELY, by buying the program.

Wayne - "There's also moral issues - we don't believe virus detection companies should be paying virus authors for writing malware."

Apples and oranges (we're not talking about "viruses" to start with) - SpectorSoft's product is commercially available and has legitimate uses - it is only when the product is maliciously MIS-used (when placed on someone's machine unbeknownst to them for evil purposes) that it falls into the "malware" category.

Wayne - "losing sleep over one individual keylogger that's tame compared to other keyloggers is just a waste of everyones time, yours and mine included."

Really? I wonder if some un-suspecting personal computer user who gets all of his passwords, credit-card numbers and banking information stolen by a program like SpectorSoft's that WASN'T detected by his security software would feel that way?

Somehow I doubt it.

I liked your statement in another thread ( #81 http://www.wilderssecurity.com/showthread.php?t=26109&page=4 ) much more:

Wayne - Oops! You edited out the part where you suggested that people use a dedicated anti-keylogging program to ensure having a clean computer before relying on ProcessGuard to protect them. Wow. How totally un-cool. And totally beneath you.

The truth plays much better.

-{ Quote: "The truth plays much better." }-
... says the anonymous user hiding behind a proxy. How credible indeed.

Anyway, this thread has been resolved so we'll let our bored friend here get back to looking for other places to start arguments.