Chrome keylogging activity detected by Spyshelter.

Why do I get a prompt from Spyshelter about Google Chrome reading my keystrokes when I click on a password field on any webpage?

 

maybe it's "trigger happy".

 

seriously though,

unless another user can confirm your problem you're looking at 2-3 things:

1- you are infected


2- security apps conflicts:
you got Trusteer, SRP, UAC, EMET, Sandboxie, NoScript, Sphyshelter and Returnil password protection, all running.
it could be a recipe for conflicts.

let's leave out NoScript, UAC and SRP since they're unlikely to cause conflicts.
although it's possible, i'm no expert.


3- SpyShelter is "trigger happy".


if i were a betting man, i'd go with number 2.

 

I'm not 100% sure, but I seem to remember Privatefirewall's Process Detection (or maybe it was System Anomaly Detection) calling Chrome a keylogger.

And I think Online Armor said the same thing at one point.

OA even said it about IE8, as I recall.

 

I'm 99% sure I'm not infected

I tried this

installed Chrome on clean windows os
installed spyshelter free only

set spyshelter to allow only microsoft-signed apps.

I opened Chrome... click on any password field from various sites (facebook/wilders etc) I get a prompt from spyshelter if I want to block chrome trying to log keystrokes.

**********************

I heard trusteer also crashes chrome maybe because trusteer is trying to block chrome keylogging behaviour?

 

I believe that it's normal for this to happen.

 

I think so too!

just wondering because after blocking the behaviour I can still type in my password and log in successfully

is Chrome doing something fishy or I'm blocking a chrome security feature? maybe chrome has it's own antikeylogger?

 

I'm agree with hungry man. Try the same test but before verify that "remember password" is unchecked in chrome.

 

I set chrome to never ask to remember password

 

I don't believe Chrome is doing anything fishy, I've heard about this before but can't remember the justification.

 

hii here is an article showing google chrome is a keylogger
-http://jischinger.wordpress.com/2008/11/16/google-chrome-a-keylogger-privacy-concerns/-

 

Makes sense. The omnibox suggestions definitely do have to go to Google's servers at some point, they say so in the settings.

 

I think this is not what I'm concern about, I know this feature and I'm fine with it.

my concern is why should chrome try to record my keystroke when I try to type my password on any password field

I think other major browsers does this behaviour too!

 

Google has a rather big nose but I dont think logging password is going to help them boost their search thingy.. or maybe they wanna boost their database with whatever information they can possibly gather

 

I think the password and the omnibox tracking are different.

 

no way im using Firefox for years without any behaviour like this

 

Hmmm and have you tested other browsers?

 

yep firefox, ie9, opera, chrome and iron

and I noticed this keylogging behavior long time ago up until now, im just too lazy to post lol

If my memory serves me right only opera has no keylogging behaviour LOL.


other browsers fire up their keylogging behaviour as soon as they startup while chrome starts its keylogging behaviour when you start typing password.

 

WIth OA (and white list unchecked) when i launch opera for the first time it asks me for allowing a hook (for the keyboard). So i think it's not really different than chrome.

 

im also getting keylogging alert with spyshelter for chrome, but no alert from zemana.

i then tried firefox...
Zemana alerted firefox is trying to capture screen...
but spyshelter didnt ..

i think these are problems with antikeloggers.

 

hehe I still have doubts on these browsers

 

I say it's because everything that is not signature/whitelist/blacklist based WILL be trigger happy

 

May be I am missing something but normally this is caused by the AUTOFILL function. It happens in all major browser having this function activated.

 

that's one reason why i stopped using HIPS like products:
these things can be "trigger happy" and paranoia inducing.

at one point i stopped using the AIMP2 mp3 player because Zemana detected keylogging activities.
now i realize that it might have been legitimate; like keyboard commands, for example.

 

tried disabling autofill and remember password options but keylogging is still there

but why does these programs still work fine after blocking the behaviors?