AT & Keyloggers

Does AT software also catch keyloggers or do I need a separate software for that?

Also do I need a dedicated AT software or does an AV and anti-spyware software like spywareguard, adaware and spybot do the trick.

Thanks in advance.

[Gavin - DiamondCS]

Hi,

TDS detects hundreds of known malicious keyloggers, and a lot of "commercial" keyloggers too. These are actually a danger, we try to add detection for as many as possible. There are anti keylogger programs - some are actually made by those who also make the keyloggers.. nice isnt it ? (sarcasm )

TDS also has generic/heuristic detection for keyloggers, I think of the other AT's only Pest Patrol also has it.

Programs like AdAware, Spybot, SpywareBlaster are for spyware and adware really, and although some detect keyloggers they probably arent going to be doing an overly good job of it, simply because they need to add detection for the keyloggers first. Commercial ones are a problem, noone especially not those freeware tools wants to pay for them. The actual risk from these keyloggers does however seem smaller than that of malicious keyloggers created by trojan writers.

[illukka]

at least spybot does catch some keyloggers.
trojan hunter has lot's of 'em in its rulesets, tds too, even pest patrol has a key patrol component.. kaspersky, when u download bases from the updates_x directory detects keyloggers too
i seem to remember that there was even a specialised program to detect keyloggers.. was it anti-keylogger or somthing??
spycop is a big name in this http://spycop.com/products.htm

[Gavin - DiamondCS]

Yes those too

KAV detects malicious keyloggers without extended bases - they are called TrojanSpy.

[illukka]

yes it does, the x-bases are for the ultra paranoids, they detect _COMMERCIAL_ keyloggers and commercial remote acces software tools too.. so if you strongly suspect that you're spied on it is a good option to try...

[controler]

Just a quick word on Spybot S&D
I know if you send Patrick samples of those Keyloggers, he will add them to Spybot detection.

Trojan Hunter also detects keyloggers.

[Nancy_McAleavey]

Quote:

quoting: JO link=board=25;threadid=17255;start=0#msg106670 date=1070508647]
Does AT software also catch keyloggers or do I need a separate software for that?

Also do I need a dedicated AT software or does an AV and anti-spyware software like spywareguard, adaware and spybot do the trick.

Thanks in advance.

BOClean detects and deletes trojans, keyloggers and all sorts of malicious spyware (the stuff you can't stop from downloading, installing or uninstalling).

http://www.nsclean.com/boclean.html

[illukka]

sorry nancy, i forgot boclean.. thanks for correcting me

[tutankamon]

Hi all,
What about Digital Patrol? It gets a good write up in the latest computer mag, also a good score.

[illukka]

i trialed digital patrol last february.. in short you can find better detectors than it..it does find some trojans and keyloggers etc. that's true...
there might have been development, it's been 10 months.. but it had a lot to catch up, the competition was miles ahead of it

[controler]

I am guessing TDS-3 is working on Iopus-starr keylogger as we speak
I know it don't detect it yet.

con

[DolfTraanberg]

Quote:

quoting: controler link=board=25;threadid=17255;start=0#msg110076 date=1071355808]
I am guessing TDS-3 is working on Iopus-starr keylogger as we speak
I know it don't detect it yet.

Unless you have a local spy at your house there must be a Trojan running as well to get the data out.
Dolf

[controler]

ok this is not a keylogger that has the option to send via e-mail but NOD-32 and TDS-3 do not detect this one yet.

con

[rerun2]

Quote:

quoting: controler link=board=25;threadid=17255;start=0#msg110076 date=1071355808]
I am guessing TDS-3 is working on Iopus-starr keylogger as we speak
I know it don't detect it yet.

con

I do not know TDS's nor NOD's policy on keyloggers, but it may be because this is a commercial keylogger. SpyCop detects it.

[Paul Wilders]

Quote:

quoting: controler link=board=25;threadid=17255;start=0#msg110095 date=1071357779]
ok this is not a keylogger that has the option to send via e-mail but NOD-32 and TDS-3 do not detect this one yet.

con

con,

I presume you've submitted this one to the software companies mentioned?

regards.

paul

[controler]

I am working on getting another REAL ISP e-mail acocunt here in the big city. Hotmail uses Mc afee and Yahoo uses Norton to scan their mail. They also only allow one meg of info to be transmitted. I figured everyone would do a google
Just tried Hotmail and the file is 1.6 meg so it was too big. And tried Yahoo neither allow that big of a file.
Anyplace I can FTP to?
Since this is a commercial Monitoring program, I see no harm in posting the companies link here.
http://www.iopus.com/starr.htm


con

[Paul Wilders]

con,

Quote:

Since this is a commercial Monitoring program, I see no harm in posting the companies link here.

That will do as well

regards.

paul

[controler]

As of today 12/26/2003

this keylogger is still not removed.


con

[spy1]

That's why the smart ones use SpyCop to detect keyloggers.

That's what it does . Pete

[controler]

Spy 1

I know you are not calling me stupid LOL

I think what we are doing here is proving who
is brave enough to include comercial keyloggers and who is not.
As I mentioned before, I installed this keylogger
for testing reasons.
Now as you suggest I will give Spycop a try.
I also have anti-keylogger as you may remember.
I guess if a keylogger has an install program and runs invisable, it is not a trojan but rather on the risky list.
Although, If that same keylogger was installed by someone other then yourself it becomes a trojan in my mind.
Am I beating a losing horse to death here ?

con

[controler]

as you suggested I gave Spycop Trial a try on the latest BETA iopus-starr keylogger and it does not find anything


con

[spy1]

Con - I wouldn't depend on the trial version of SpyCop to detect it's own rear end with both hands and a compass! Pete

*Did you really say "beta"?

**And, no - of course i wasn't calling you stupid.

*** Is your version of Anti-Keylogger the most recent? The paid for one?

[controler]

Yes this is the newest BETA version.
I sure don't want to buy any software to see it's newest database.
Just like Andreas was saying A 2 would detect some of the files I had. It didn't.
I had the newest A2 scan engine running on a fresh
install of Windows.
As of now I only have TDS-3 A 2 Norton AV 2003, Spybot S&D and Look & Stop installed on this system.

And version 5.0 Beta build 116 iOpus STARR Keylogger

These settings are stored in the 256 bit AES encrypted "starr.ini"
file. Administrators can directly change it's settings here.

PROTECT Logging engine:
1.Use Starr File Protection (When active it makes files completlt invisable
for every application.
2.Hide process from task manager after auotstart.



[SETTINGS]
FolderLogs=<DATA>
FolderReports=<DATA>
NameLogs=#<USER>#<PC>#.sxx
LE_SendBytes=0
LE_SendLastTime=0
LE_SendNumber=1
FolderLAN=\\Admin-PC\StarrReports\
FolderLANUser=
FolderLANPwd=
IniVersion=5000116
FirstStart=0
LicenseKey=AAAAA-BBBBB-CCCCC-DDDDDD-EEEEE-FFFFF
Autostart=1
AutostartMode=1
TestURL1=http://www.iOpusemail.com/index_a.htm
TestURL2=http://www.iopus.de/is-online-test/index_a.htm
BannerText=<CR>
ALL ACTIVITIES ON THIS SYSTEM ARE MONITORED.
BannerShow=0
BannerFrequency=1800
LogWebsites=1
ReportFormat=101
LogKeystrokes=1
LogApplicationPath=1
LogApplication=1
LogChat=1
LogTech=0
LogSTARR=0
LogAol=1
PwdLog=xxxxxxxxx
LogDuringWinLogon=1
CreateSupportLog=1
SkipEventsShorterThan=2
UseSkipFeature=0
SendReportFormat=100
SendAsZip=0
EmailAssumeAlwaysOnline=0
SendZipPassword=
SendAddNumber=1
SendDeltaKB=30
LogfileMaxsizeMB=20
SendMode=0
EmailUseUserAccount=1
SendEveryXMinutes=60
EmailUnlock=0
SendDelete=1
SendTrigger=1
EmailTo=YOUR-EMAIL@-HERE-.COM
EmailSmtp=
EmailFrom=
EmailPort=25
EmailSubject=Report, No. <COUNTER>, Current User:<USER>
SendFilePrefix=No[<COUNTER>]-
EmailPopName=
EmailPopPwd=
EmailPopHost=
InstallKeyboardMonitor=1
InstallFileProtection=1
ActivateFileProtection=1
HideProcess=1
DeleteMRUEntriesAfterReboot=1
DeleteMRUEntriesInstantly=1
StartStarrcmdWord=starrcmd5
AskEngineRestart=1
ShowDialogRunWord=1
ScreenCaptureQuality=1
ScreenCaptureMode=2
ScreenCaptureIntervall=60
MonitorScreenCapture=1
LogUserListExclude=1
LogUserList=
DLLMode=0
KeyboardMonitorMode=1
PmMode=1

[muf]

I have thought about buying Anti-keylogger, but have been unsure as i can not decide if this is the best one or Spycop is. Controler, you say you have Anti-keylogger. did it detect the iopus-starr keylogger? You never actually said, and was you using the most up to date version?

muf