Hi, guys,

Thank you for the best anti-Trojan ever and for the kindliest and friendliest forum.

A few questions:

1. Can TDS-3 remove the Widestep family of keyloggers (Quick, Handy, and Elite)? I could not find them in the primaries list.

The WideStep keyloggers are ALL OVER THE PLACE. If not alreday tackled by TDS, it may be a good idea to add them to the primaries.

2. Is there an application DEDICATED ONLY to keyloggers (whether trojans or not)? Do spyware removers such as Adaware (Lavasoft) deal with them effectively?

BTW, how do I know if my computer is infected with a keylogger? Many of them are very stealth! I understand that the newer ones log not only keystrokes but the contents of the clipboard!

Thank you again and have a spring (or, Down Under, autumn) week.

Gorgelink

Hello and welcome :)

There are a few good anti-keylogger programs discussed here.
It might be as easy to do a search here of the word keyloggers or anti-keyloggers.

Spy1 recommends Spycop I think and I like to recommend Anti-Keylogger
not AntiKeylogger. found here http://www.anti-keyloggers.com/
I also aggree it is best if you can install it or any other security program on a new fresh reformatted install with all the updates to Windows first if possiable.

You will also find almost all the information and links you ever wanted to filter through in the Library on their site.

I think it funny how the widestep people advertise their software as being
"WideStep Security Software "

How is it for security? ::)

Bruce

Shouldn't they be calling it activity spy or spyware? LOL


Bruce

Many thanks, Bruce.

Only my first question remains:

Can TDS-3 remove the Widestep family of keyloggers (Quick, Handy, and Elite)? I could not find them in the primaries list.

Gorgelink

PS:

Do Spybot and Lavasoft Adaware remove keyloggers as well? Anyone knows?

I will install The Elite and let ya know.

I know Spybot does do some keyloggers but is not it's specialty.
It usualy doesn't hurt to install a commercial keylogger on your own system for testing.

Bruce

Ad-aware and Spybot are not very good at finding keyloggers. They will find a few, but not nearly enough to be useful in this area.

No offence to DiamondCS, but I wouldn't rely on TDS-3 for keylogger detection, it is excellent at finding trojans though. Better off to go with either Spycop (which is a top notch anti-keylogger), or if your looking for freebies I would suggest using SnoopFree http://www.snoopfree.com

Many other anti-spyware programs will find some keyloggers as well, but again they are not the best in this area, and some are better than others. Some are MSAS, X-Cleaner, SpySweeper and Ewido.

My opinion is that your better off trying to prevent keyloggers than only relying on some product to find them after the fact. Programs like Process Guard excel in this area. Also Prevx, SSM, AntiHook and other IDS software are very helpful in stopping this type of trashware. Best of luck.

-{ Quote: "Hello and welcome :)

There are a few good anti-keylogger programs discussed here.
It might be as easy to do a search here of the word keyloggers or anti-keyloggers.

Spy1 recommends Spycop I think and I like to recommend Anti-Keylogger
not AntiKeylogger. found here http://www.anti-keyloggers.com/
I also aggree it is best if you can install it or any other security program on a new fresh reformatted install with all the updates to Windows first if possiable.

You will also find almost all the information and links you ever wanted to filter through in the Library on their site.

I think it funny how the widestep people advertise their software as being
"WideStep Security Software "

How is it for security? ::)

Bruce" }-
Do you not find their price a bit steep considering PG is $ 25-29 ?

Hi there!
TDS is very good in finding keyloggers and covers lots of detection even when not in the primaries list.
But if you have the keyloggers mentioned here, could you please zip and send a sample to submit@diamondcs.com.au just to make sure they'll be added specificly to the databases?

For your protection the layered approach is fine:
ProcessGuard (on a clean system preferably),
a registry protection like RegProtect and/or RegDefend,
and you have hammered tight your system on kernel level;
Port Explorer so you can see all connections, including hidden, illegal and trojan ones and act adequately,
WormGuard is a very nice addition for the worms and scripts and whatever you add to the blocklist,
of course TDS for the trojans and lots more
(have all the DiamondCS gems from their site)
and then you look further for the specific tools like anti-keylogger, SpybotS&D, Ad-aware, etc. the whole lot.

Thanks for your help, everyone!

The upshot is that now, to stay safe, one has to use 5-7 scanners on a weekly basis and at least 1-2 on a daily basis.

I don't know if computers have much future if it continues like this.

This is why softwares like TDS are indispensable.

Well, off my soapbox ...:o((

Take care there and thank you again.

Gorgelink

Hi, Jooske,

The WideStep keyloggers are commercial software (and pretty expensive, BTW).

Have a good one there.

Gorgelink

-{ Quote: "
[..]The upshot is that now, to stay safe, one has to use 5-7 scanners on a weekly basis and at least 1-2 on a daily basis.

I don't know if computers have much future if it continues like this.
[..]" }-

Regarding keyloggers, which are without any doubts, the most dangerous nasties i have taken the decision simply not to bother with Windows anymore, i mean, i am a registered user of Process Guard Full and am very interested in security and try to secure my machines as most as possible but no matter how tight i think my PC is i will not take any risks at all, so now when i log onto my bank account or paypal or buy stuff off the internet i boot a knoppix live-cd and have this warm-fuzzy-feeling, to me this is the ONLY way to go.

It would seem that PG + RegDefend + Prevx would do anything that Anti-Keyloggers might do. Does Anti-Keyloggers do anything more? I tried out the product and it seems decent but as far as I can tell, it monitors the same hooks as these products and also has addititional database of products that can be trusted and allowed through. Am I missing something?

Rich

Look - the beauty of a program such as SpyCop is that its' results after a scan are un-equivocal - it'll either show that you have a pre-existing keylogger on your computer or you don't - and it'll name which one you've got (with an option that enables you to go to the website the program originates from). If you do have one, SpyCop Technical Support guides you step-by-step in how to get rid of the thing - totally (a custom-tailored removal specific to your computer set-up).

I've tried to hammer the following point through time and time again:

You can't pre-suppose that any given user is going to know what the alerts from a program such as PG, RegDefend,PrevX (or any of the others) actually means due to the fact that keyloggers can either tie in to a pre-existing "allowed" program - or, their filenames have been constructed so as to be totally un-related to their function! .

AFTER you're sure that you don't already have a keylogger present on your computer, then one could go about trusting the above-named (or other) programs to keep you keylogger-free - but even then - only if the computer's owner really knows how to deal intelligently with any and all future alerts.

What's the recommendation for ProcessGuard?? That it be installed on a known "clean" system! Hello?

How do you know (in relation to keyloggers) whether you've got a pre-existing one on your system or not?

You check your system with a dedicated anti-keylogger program!

This really isn't rocket-science, folks - just plain common sense. Pete

Hi,

I guess I was talking more about preventative than first time detection. I certainly agree with what you say and I do run detection scans now and then to see what is happening. My own favorite, in this category is Security Task Manager. The paid version has a Spy Protector that seems to do very well in detecting keyloggers. Better than some of the dedicating keyloggers:

http://www.wilderssecurity.com/showthread.php?t=50166

Keyloggers are really nasty and I do monitor for them. For example, I also use Port Explorer, now and then, to see what is happening on my machine.

Rich

SpyCop is now fifty bucks. They sell it like an expensive ebook where you read and read and then read some more before you actually learn the price. And then there's deceptive marketing in that "If you order before Midnight tonight, we'll take off Twenty Dollars!! $69 - $49!!!) Of course, the deal is still good tomorrow (before Midnight!). It's a "garage outfit" with little overhead that could sell three times what they do now at $25. Do the math SpyCop! They also have some shrill supporters at this forum and others that tend to be a little rude. If you can find something better, get it. There's so many reasons not to like Spy Cop. Have I mentioned the lousy coding and clunky interface?

lol! @ "memory dude" (tell us how you really feel and quit holding back, okay?).

I really don't believe I was being "rude" in my previous post (it's all in how you read it, I guess) - just truthful.

Yes, SpyCop is a "garage outfit" (if that's what you want to call it). I have no idea how many people work there, but I do know this:

If you're going to try to present the small size of their company as a drawback/disadvantage, then we're all going to have to similarly look down our noses at DiamondCS, TrojanHunter, SBS&D, Javacool, Merijn, the makers of BoClean, etc., etc., etc. - IOW, I totally reject the concept that the size of the company has anything to do with the quality of the product! .

Yeah, their "marketing" side seems kind of brain-dead to me most of the time, too (that's why I ignore it as much as possible) - but likewise the marketing-style of the program has no effect on the quality of the product, either!

You can either agree or disagree with the price - I happen to believe in paying for top-notch, up-to-date protection regardless of cost. When you consider the fact that a license purchase is lifetime for both definition and program updates, the initial cost gets put into better prospective in a hurry.

"Technical Support" response time is incredibly quick - it ranges from literally within minutes (I kid you not) of receiving a support request to a couple of hours (including weekends if you've really got a problem).

"Lousy coding" I wouldn't know about (however, the program works amazingly well in spite of that, if it's even true).

"Clunky interface"? The interface - to me, anyway - is amazingly simple and straighforward ("eye-of-the-beholder" stuff again).

You're right though - if SpyCop doesn't appeal to you (for whatever reason), by all means get something else - but do get something.

But I'll (the real me, not some anonymous poster) continue to heartily endorse and recommend SpyCop - because it works.

Have a nice day. Pete

-{ Quote: "But I'll (the real me, not some anonymous poster) continue to heartily endorse and recommend SpyCop - because it works." }-
I will agree with ya Pete. Spycop detected every keylogger I threw at it. Very nice.

-{ Quote: "Have I mentioned the lousy coding and clunky interface?" }-
You mentioned it but I am not sure what your talking about. Feel free to explain more...

Thanks,

Chris

Heck I haven't tried SpyCop yet Pete but will in the near future.

I tried installing their Elite Keylogger to test with TDS-3 but Unhackme
through a fist at it telling me I had a rootkit so this install didn't go well.
Now I am guessing they used rootkit technology.

Also on a side note. I downloaded Bitcomet a few weeks ago and wondered
why I was getting one discrepincy with Rootkitrevealer.

I know now it was BitComet that thru the registry entry in.
I had to boot into safe mode to delete the dang thing.

It shows up under HKLM\software\windows\cryptography\RNG\seed

None of my other programs detected it. Not even sure if it was all bad but deleted it anyways LOL

Bruce

I haven't tried the keylogger apps but Security Task manager, TaskInfo could not pick up "Elite Keylogger" (widestep) unless unhidden. I ran a scan of windows folder with NOD32 but nothing found. However, Unhackme picked it up immediately

I thought this might be an interesting test. Yes, it's well hidden. Unless you unhide it (windump view), it's hiddden - it already picked up my login password and screenshots. However, Unhackme detected it immediately on boot (Screenshot) while hidden. However this app could not delete it (I tried all options). The only way to rid it was to uninstall it. I am sure about Unhackme's find because I rebooted immediately after uninstalling and Unhackme reported nothing this time.

*edit - another interesting bit of info was the fact that somehow internet connection was prevented by any means (FTP, browser) something prevented CPU access so that connection was impossible. Upon uninstalling keylogger, connection has been returned to normal

http://img100.exs.cx/img100/2408/keylog1zm.jpg (http://www.imageshack.us)

I also tested the Elite Widestep keylogger, and boy is that a tricky one to detect. Nearly every security program I tested against it, failed to detect it! Including MSAS, Ewido, A2, Pest Patrol, Spybot, Ad-aware, BlackLight, and a few others.

The only programs that were able to find it were Unhackme (as Lynchknot posted) and Rootkit Revealer 1.32 (I haven't downloaded the latest version of RR yet).

I would have liked to test Spycop against it but I don't have the $50. to do so. They really should have a trial version available of Spycop. But anyway at least we have some free tools available to detect this junk. ;D

Good work Lynch and Wolf. It's good to know there's something available to find these newer keyloggers. To me it really isn't so important if the apps actually remove the keloggers because if your aware that you have one, you can always just reformat to get rid of it, if nothing else works. But just knowing you have a keylogger is always the most important part. Thanks for your efforts.

As for Spycop, I completely agree there should be a free trial of the program, and I would never buy any program from some company who thinks they're too good to offer a free trial of their product, especially at 50 bucks!

How are we supposed to know if the program works good, we like the program and if it is compatible with our systems ect... We're just supposed to take their word for it that the program works as good as they claim it does? Yeah right! And I have some Real Estate for sale on the moon if anyone's interested. ;) ;D

That's ok we don't need Spycop anyway there are plenty of other decent and fair anti-keylogger companies around that do offer free trials of their products. :)

-{ Quote: "Good work Lynch and Wolf. It's good to know there's something available to find these newer keyloggers. To me it really isn't so important if the apps actually remove the keloggers because if your aware that you have one, you can always just reformat to get rid of it, if nothing else works. But just knowing you have a keylogger is always the most important part. Thanks for your efforts.

As for Spycop, I completely agree there should be a free trial of the program, and I would never buy any program from some company who thinks they're too good to offer a free trial of their product, especially at 50 bucks!

How are we supposed to know if the program works good, we like the program and if it is compatible with our systems ect... We're just supposed to take their word for it that the program works as good as they claim it does? Yeah right! And I have some Real Estate for sale on the moon if anyone's interested. ;) ;D

That's ok we don't need Spycop anyway there are plenty of other decent and fair anti-keylogger companies around that do offer free trials of their products. :)" }-

<g> One paragraph of actual response to the thread - and three bashing SpyCop?? lol! And all from an anonymous non-member calling itself "highsecurity"? How utterly quaint (not to mention - transparent)!

Like I said earlier: "You're right though - if SpyCop doesn't appeal to you (for whatever reason), by all means get something else - but do get something." (By someone not afraid to register and have an actual, verifiable identity). Pete

You seem to be looking for that which is not there Wilders member Spy1. I was not bashing Spycop. I merely pointed out that charging fifty dollars (overpriced IMO) for a program that can't even be tested first is simply unfair IMHO, and I would never buy from any company that has such pratices.

How can anyone really determine how good or bad the program is without being able to first test it? Are we just supposed to believe whatever they tell us on the website? Do you automatically believe everything you read on a sellers website?

Seems more like your the one attempting to do the "bashing" by calling another poster names like "itself" instead of saying themselves, and postulating that somehow your posts are better or more important than other non-members. It clearly obvious that you think very very highly of your own opinion, there's little doubt there.

Really, who are you trying to impress here? Because after reading your many posts peddling Spycop across the internet, whenever anyone posts anything even slightly negative (or what you perceive to be negative) about Spycop, I don't think anyone should take anything you have to say seriously about the program, due to your extremely high bias in favor of it.

I would even go so far as to say that you seem to be working for them or perhaps getting some kickback for ALWAYS posting very favorable posts about the program.

At any rate your opinion is far too skewed in favor of SC to be worth acknowledgement by anyone who is considering the purchase of an antikeylogger program IMO.

I would consider the other posters (guests and members) opinions here far more valuable than any of yours on SC and they seem like far more honest people than anything I have ever read by you about the program, no insults intended.

-{ Quote: "

Really, who are you trying to impress here? Because after reading your many posts peddling Spycop across the internet, whenever anyone posts anything even slightly negative (or what you perceive to be negative) about Spycop, I don't think anyone should take anything you have to say seriously about the program, due to your extremely high bias in favor of it.

I would even go so far as to say that you seem to be working for them or perhaps getting some kickback for ALWAYS posting very favorable posts about the program.
" }-

No offence highsecurity but Pete is known to be very defensive of all the software he uses (eg Shadowsurfer, TDS, Spycop etc). I highly doubt he is getting kick backs from all those companies.

Quite correct, Pollmaster - Pete (me) doesn't get any "kickbacks" of any sort from anyone.

All of my recommendations are delivered solidly on the basis of what I know works - and what doesn't.

Pete's not for sale.

What you see is what you get when it comes to Pete, because Pete call 'em likes he sees them and damn the torpedoes, anyway! <g>

I won't even mod anywhere anymore (and God knows I've been asked to enough) simply because I have to be totally independent in my views.

I haven't lost any sleep due to people's negative opinions of me (quite well-rested, in fact!).

And unlike a lot of others, I've never been afraid to be totally identifiable (and responsible for) every post I make, every suggestion I give, and every piece of software I endorse.

I don't need a specific "tag", "title" or the approbation of anyone - I've got a secure computer sitting here in front of me that'll give me all the "applause" I'll ever need.

Y'all have a great weekend! It surely is beautiful outside here! Pete

Hi,

UnHackMe 2.5 beta detects and successfully removes Elite Keylogger.
Direct download:
http://greatis.com/unhackme250b.exe
Removing of EK is not simple.
After restarting of computer you will get BSOD because the driver is out.
After restart Windows will boot as well.

Best wishes,
Dmitry Sokolov

Great job as usual Dmtry :)

Thanks,

Chris

-{ Quote: "Removing of EK is not simple" }-

From a fellow member at another board:

-{ Quote: "windump /uninstall
Don't even ask about how easy it is to remove the password." }-

-{ Quote: "From a fellow member at another board: windump /uninstall
Don't even ask about how easy it is to remove the password." }-
Hmm maybe if he doesn't already he should write a program that does this as quick and easy as UnHackMe does. Or maybe it's not as easy as he makes it sound.

Thanks,

Chris

-{ Quote: "Hmm maybe if he doesn't already he should write a program that does this as quick and easy as UnHackMe does. Or maybe it's not as easy as he makes it sound.

Thanks,

Chris" }-

His reply

-{ Quote: "@echo off
windump /uninstall

Put it in a batch file.

You don't need to know the password to uninstall as the program is not protected that way. No need to detect it, it will tell you to reboot to complete the uninstall. If you do want to detect (maybe you think snidy user has removed/renamed windump.exe) then just install the original package - it will tell you if it's already there. STM and RKR also detect it as shown previously but you need to know what you are looking at. There are other ways but they are not necessary." }-

So all users should just install it and then uninstall it just in case it may be installed on their system? I can just see novice computer users installing and uninstalling keyloggers just to make sure they don't have one installed currently. I have not tried to see if this really works but assuming it does it really should not be advised for novice users. Kudos to him for finding an alternative way though.

Thanks,

Chris

I don't think you understand. He says, "STM and RKR also detect it as shown previously but you need to know what you are looking at"

If you ran that batch file and nothing happens then obviously you don't have it (assuming the name was not changed). If you do have it then it will uninstall that keylogger. It is not protected by password.

If the name was changed he says you can find it with Security Task Manager but you have to know what to look for.

Please look at my posts in this thread.

-{ Quote: "Hmm maybe if he doesn't already he should write a program that does this as quick and easy as UnHackMe does. Or maybe it's not as easy as he makes it sound." }-

-{ Quote: "I have not tried to see if this really works but assuming it does it really should not be advised for novice users." }-

OK what I have been saying the whole time is that it is not as easy as what he said. Novice usuers probably will not know how to use these tools. His method is not quick and easy as he even states.

-{ Quote: ""STM and RKR also detect it as shown previously but you need to know what you are looking at"" }-

-{ Quote: "If the name was changed he says you can find it with Security Task Manager but you have to know what to look for." }-

I said Kudos for another way. But my posts have been about an easy method like UnHackMe.

Thanks,

Chris

It's easy for him as he knows what to look for. I'm sure he did not have "novice" users in mind. That is why he said, "you need to know what you are looking at" - once you know, then it's easy.

Well to reiterate Updated version of UnHackMe is very easy for novice or advanced users to get rid of Elite Keylogger wheather user knows it's there or not. Hopefully that clears it up.

Thanks for the info Lynchknot,

Chris

OK. Well, I'm just relaying info that might interest some. What he is saying is it's not as difficult as Dmitry claims it is. His original reply was to his post, not yours. Sure, Unhackme is great and easy to use. I'm using it myself at the moment. Thank you Dmitry for a great product!

**edit. however Dmitry I must ask - I'm receiving an error: "Cannot create shell notification" - not sure that's word for word but something to that effect.**edit - the answer may be here. I will read: http://greatissoftware.com/forums/index.php?board=7;action=display;threadid=95