This Keylogger Defeats Zemana And Comodo D+

Just found this very very simple keylogger that logs your keystrokes and saves them in a log file and I did not get a single warning from Zemana or Comodo D+ that this was logging what I type. You can download it here: http://16s.us/16k/

Have yet to test it against spyshelter I assume it will be the same result. I know this logger is very simple but I would hope that something would have notified me that it was logging what I type and even the active window it is being typed in.

 

I'll give it a try.

Upadte:
Keylogger warning by OA Premium.
Even after allowing the file but NOT trusting.

I think that it got through D+ because you trusted the file, which should not be
Or your Sandbox rights were too high (I usually set it at BLOCK)

BTW, guys the file is clean according to VT and EAM

 

Comodo did block it under "Untrusted" setting. Sandbox also automatically caught it. D+ has it blocked under the log.

 

Nice report, i couldn't believe it got through D+
I'm not saying it's bullet proof but it's as close as it can get being a Classical HIPS

 

I didn't download the file due to lack of information such as source, who created it, etc. In any case, what settings do you have for Comodo D+?

 

@ markedmanner

Not sure what your settings are, but it gets blocked here Did you allow it ?





Not a peep from Prevx PSOL though ?

By the way, thanks for reminding me about this I saw it when DL'ing TChunt but got distracted so forgot about it

 

He set the sandbox settings to a more limited mode (Untrusted)

I guess he did allowed it.
BTW, PrevX SOL doesn't works like other keylogging programs which are essentially a HIPS, PrevX SOL protects browser activities and keylogging (Such as data theft, fake sites, account details, where the data is being sent etc.)
Hence the name PrevX SafeOnline

Other products are advertised as Anti Loggers

 

Defense+ failed here but NAV 2011 got her

 

@ Noob

Hi, PSOL scanned it in the cloud after i allowed it, so i'll be interesting to see what they say in my Prevx thread about it !

Thanks

 

I have the execution control set for untrusted. I also have run installers outside sandbox and run trusted software both ticked off.

 

Jimbow, what setting do you have D+ on?
It caught it for me.

 

There are lots of flaws in the default settings of D+, specially the sandbox level.
You should tweak it a bit and i'm pretty sure it will block it

You welcome mate *Hugs*

 

I think that the original poster was running Zemana in default mode. I always click on the Expert mode box in Security Settings- this will alert to any keylogging attempt. I believe the default setting will allow commercial programs that are signed (or at least it allows 16K).

 

Safe mode but I have sandbox off.

 

You should tweak your D+ settings for better protection (You might get a bit more pop ups in the beginning)

 

Spyshelter nailed it

 

yup spyshelter is definitely caught it

 

norton said ws.reputation.1
you cannot rely on that. norton doesn`t know about this file anything. the only thing it knows is that it hasn`t been used by community members therefore it is unsafe.

 

CIS with default settings will obviously not intercept it. On maximum paranoid settings, it does intercept. GesWall also stops it.

 

On default settings, CIS will trust it as it,s digitally signed.

 

Hi, I just wonder from where zemana picked TCHunt?

 

Yes but it automatically blocked/quarantined the download which is what I would expect. That's good enough for me.

 

Just tried this in a VM with Zemana and latest Threatfire. Not a beep from Zemana too, while Zemana is in expert mode. Threatfire(set to lv 4) only gave a warning after it already captured a few keystrokes.

 

Tested with SpyShelter on W7x64, no problem keylogger blocked.

rules.

 

May be the reason is that it,s signed. See Zemana settings and turn off trusting signed executables.