Prevx vs new SpyShelter TestTool

Discussion in 'Prevx Releases' started by shadek, Sep 29, 2010.

Thread Status:
Not open for further replies.
  1. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,557
    I'm using English keyboard layout during my tests.
    I have only GeSWall installed during that time which I already disabled right before the tests :)

    I typed my input on paypal.com (login form)

    IE8 failed.
    SRWare IRON failed
    but Opera PASSED.

    so I'm sticking with Opera now :(
     
  2. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,557
    I re-did the test...

    Now Prevx PASSED keylogging test on the ff browsers:

    IE8
    Mozilla Firefox
    SRWare Iron
    Opera

    WTF! was that earlier? :cautious:
    I'm going crazy :argh:
     
  3. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Still failing for me. I could arrange a remote session. But I'm not sure it's possible for the Prevx devs to fix the Swedish input control in specific. I don't think the swedish users are a big enough group to be worth the work. Anyhow, tested with US input keyboard and I'm still not protected. See previous screenshot at post #23 in this thread for more information. For me, it has the consequence that I cannot rely on the SafeOnline module to protect me at 100% any more I'm afraid.
     
  4. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    If you get the option, do it. My experience of remote support has been very good with the problems themselves fixed during the session.
     
  5. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    Blocked it for me with IE9 :thumb:
     
  6. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Yes. I've had two remote sessions in history and both of them solved my problems! I'm afraid this one will not be very valuable to resolve. :) It'd be an issue if the problem was a general one, but this seems it's a bit more specific. :) I think I'm going to test with some other browser, although I love Firefox.
     
  7. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    I would ask Joe for a remote session to see if it would help!

    TH
     
  8. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    I also tested this test tool and PSO passed on the 3 Browsers I use which are IE8, FF, Opera! :thumb:

    TH
     
    Last edited: Sep 29, 2010
  9. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Bloody hell. I must be doing something wrong. Can you tell me the exact procedure you did when you teated?
     
  10. pegas

    pegas Registered Member

    Joined:
    May 22, 2008
    Posts:
    2,961
    I tested Prevx with SpyShelter test tool yesterday, see a few posts above. To begin testing I had to "Trust Once" to let Prevx run the test file (AntiTest.exe). After testing I let Prevx to clean my system (get rid off AntiTest.exe) what has been made successfully. After that a rescan showed no infection found. Today I have checked my account at Prevx and have noticed my system has been infected (see below) :eek: If I am correct Prevx has treated the file as a serious threat. However I rather think it was false positive from Prevx because the file is a legitimate test file.

    Therefore would you mind to whitlist this file?

    snap.JPG
     
  11. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    I just tested TestTool with SafeOnline and Chrome 6. SO fails to protect me in that browser as well.
     
  12. pegas

    pegas Registered Member

    Joined:
    May 22, 2008
    Posts:
    2,961
    I did test it with Opera 10.62. Before testing I elevated HTTP configuration to Max. as I usually use High. Then I run the test file (AntiTest.exe), I had to Trust Once to let Prevx run this file. Then I typed into Google web search page and checked the Test Tool what it is recorded there. That's all.
     
  13. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    That does not work for me in Firefox, Chrome and IE. SafeOnline won't do the job against this one (TestTool) on my computer. :doubt:
    SafeOnline does protect me against other keyloggers though i.e. Zemana Keylogger Simulation Test v1.5.2.70. So it's not like SafeOnline is broken on my computer, it's just that it won't protect me against TestTool keylogger. I feel really exposed and can't trust the green icon in browser anymore, which sucks.
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Hi, I reverted to a clean snapshot of CTM and tried it( XP Home SP2).

    1- Opera- Pass
    2- IE 6 - Pass
    3- Iron Portable- Pass

    I have no firefox. I think there might be some conflicts some times between security software. On my system Prevx SOL conflicts with CIS. I installed it but then removed immediately as soon as I realized.
     
  15. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    If you're not willing to have a remote support session then you might as well ask the mods to close this thread. It would be good if you could give Prevx the opportunity to fix this problem.
     
  16. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden

    See post #28 and #31 in this thread where I clearly state I am willing to have a remote support session. :)
     
  17. ELWIS1

    ELWIS1 Registered Member

    Joined:
    Sep 29, 2010
    Posts:
    60
    I installed Prevx 3.05.206 and the problem remains. Both the Opera 10,62 and Firefox 3,6,10. No pass testTool keylog.
     
  18. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    Have you email support to request one?
     
  19. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    No, not yet. But I will soon if Joe currently have no time for this issue. :)

    EDIT: I just sent the support a message about my problem. We'll see how things proceed and I'll give an update here when I have information to share. It might be useful for the others (ELWIS1 among them) who are experiencing the same issue.
     
    Last edited: Sep 30, 2010
  20. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    I did the same as pegas!

    TH
     
  21. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Ok. I tried it with different browsers and with other keyloggers and it's only this test that fails.
     
  22. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    did you try setting SO to Max.
     
  23. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    I tried it on Win 7 x64 with IE8, FF 3.6.10 and Opera 10.62, other security software is Mamutu and Eset Smart Security. I tried the test tool and it can capture keystrokes, take screenshots and steal clipboard on all browsers. However while typing this I also noticed that some keystrokes are not correctly captured and show a black square with a white circle in it instead of the correct key. All testing was done on HTTPS sites with max protection.
    I was thinking that EMET might also perhaps affect SafeOnline. Currently I have all system-wide settings(DEP, ASLR and SEHOP) to always on and added all browsers with all migitations on at application settings(DEP, SEHOP, NullPage, Heapspray, EAF and MandatoryASLR.)
     
  24. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    You're having the same issue as me. Some of the keystrokes looks like mumbo-jumbo in the keylogger, but most of the letters are right on spot. At least now we know this is a major issue with Prevx and not with an individual setup.

    Trjam, yes, I have the setting at max. Prevx is at fault. It becomes clearer and clearer. But the support is working with me now so we'll see what happens. :)
     
  25. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,557
    I re-did the test on a clean system
    Site tested: facebook.com

    Browsers Tested: Firefox, SRWare Iron, Opera, Internet Explorer
    All browsers are protected with the latest EMET and Prevx SafeOnline

    All browsers passed the keylog test.


    prevx safeonline protection must be unstable thats why sometimes it fails sometimes it passes :(

    Here is the screenshot of the keystrokes logged while I type this post:
     

    Attached Files:

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.