This Keylogger Defeats Zemana And Comodo D+

Discussion in 'other anti-malware software' started by markedmanner, Feb 2, 2011.

Thread Status:
Not open for further replies.
  1. markedmanner
    Offline

    markedmanner Registered Member

    Just found this very very simple keylogger that logs your keystrokes and saves them in a log file and I did not get a single warning from Zemana or Comodo D+ that this was logging what I type. You can download it here: http://16s.us/16k/

    Have yet to test it against spyshelter I assume it will be the same result. I know this logger is very simple but I would hope that something would have notified me that it was logging what I type and even the active window it is being typed in.
  2. Noob
    Offline

    Noob Registered Member

    I'll give it a try.

    Upadte:
    Keylogger warning by OA Premium.
    Even after allowing the file but NOT trusting.

    I think that it got through D+ because you trusted the file, which should not be :D
    Or your Sandbox rights were too high (I usually set it at BLOCK)

    BTW, guys the file is clean according to VT and EAM
  3. kjdemuth
    Offline

    kjdemuth Registered Member

    Comodo did block it under "Untrusted" setting. Sandbox also automatically caught it. D+ has it blocked under the log.
  4. Noob
    Offline

    Noob Registered Member

    Nice report, i couldn't believe it got through D+ :rolleyes:
    I'm not saying it's bullet proof but it's as close as it can get being a Classical HIPS :thumb:
  5. safeguy
    Offline

    safeguy Registered Member

    I didn't download the file due to lack of information such as source, who created it, etc. In any case, what settings do you have for Comodo D+?
  6. CloneRanger
    Offline

    CloneRanger Registered Member

    @ markedmanner

    Not sure what your settings are, but it gets blocked here :D Did you allow it ?

    pg16.gif

    16.gif

    Not a peep from Prevx PSOL though ? :(

    By the way, thanks for reminding me about this :thumb: I saw it when DL'ing TChunt but got distracted so forgot about it :D
  7. Noob
    Offline

    Noob Registered Member

    He set the sandbox settings to a more limited mode (Untrusted) :)


    I guess he did allowed it.
    BTW, PrevX SOL doesn't works like other keylogging programs which are essentially a HIPS, PrevX SOL protects browser activities and keylogging (Such as data theft, fake sites, account details, where the data is being sent etc.)
    Hence the name PrevX SafeOnline

    Other products are advertised as Anti Loggers ;)
    Last edited: Feb 2, 2011
  8. JimboW
    Offline

    JimboW Registered Member

    Defense+ failed here but NAV 2011 got her :thumb:
  9. CloneRanger
    Offline

    CloneRanger Registered Member

    @ Noob

    Hi, PSOL scanned it in the cloud after i allowed it, so i'll be interesting to see what they say in my Prevx thread about it !

    Thanks ;)
  10. kjdemuth
    Offline

    kjdemuth Registered Member

    I have the execution control set for untrusted. I also have run installers outside sandbox and run trusted software both ticked off.
  11. kjdemuth
    Offline

    kjdemuth Registered Member

    Jimbow, what setting do you have D+ on?
    It caught it for me.
  12. Noob
    Offline

    Noob Registered Member

    There are lots of flaws in the default settings of D+, specially the sandbox level.
    You should tweak it a bit and i'm pretty sure it will block it ;)


    You welcome mate *Hugs*
  13. cruelsister
    Offline

    cruelsister Registered Member

    I think that the original poster was running Zemana in default mode. I always click on the Expert mode box in Security Settings- this will alert to any keylogging attempt. I believe the default setting will allow commercial programs that are signed (or at least it allows 16K).
  14. JimboW
    Offline

    JimboW Registered Member

    Safe mode but I have sandbox off.
  15. Noob
    Offline

    Noob Registered Member

    You should tweak your D+ settings for better protection (You might get a bit more pop ups in the beginning) :)
  16. Kernelwars
    Offline

    Kernelwars Registered Member

    Spyshelter nailed it:)
  17. blasev
    Offline

    blasev Registered Member

    yup spyshelter is definitely caught it :ninja:
  18. tipo
    Offline

    tipo Registered Member

    norton said ws.reputation.1
    you cannot rely on that. norton doesn`t know about this file anything. the only thing it knows is that it hasn`t been used by community members therefore it is unsafe.
  19. aigle
    Offline

    aigle Registered Member

    CIS with default settings will obviously not intercept it. On maximum paranoid settings, it does intercept. GesWall also stops it.

    Attached Files:

    • k.JPG
      k.JPG
      File size:
      30.8 KB
      Views:
      1,621
  20. aigle
    Offline

    aigle Registered Member

    On default settings, CIS will trust it as it,s digitally signed.

    Attached Files:

    • k2.JPG
      k2.JPG
      File size:
      39.1 KB
      Views:
      1,626
  21. aigle
    Offline

    aigle Registered Member

    Hi, I just wonder from where zemana picked TCHunt? o_O

    Attached Files:

    • 16.gif
      16.gif
      File size:
      16.4 KB
      Views:
      1,618
  22. JimboW
    Offline

    JimboW Registered Member

    Yes but it automatically blocked/quarantined the download which is what I would expect. That's good enough for me.
  23. BoerenkoolMetWorst
    Offline

    BoerenkoolMetWorst Registered Member

    Just tried this in a VM with Zemana and latest Threatfire. Not a beep from Zemana too, while Zemana is in expert mode. Threatfire(set to lv 4) only gave a warning after it already captured a few keystrokes.
  24. Rules
    Offline

    Rules Registered Member

    Tested with SpyShelter on W7x64, no problem keylogger blocked.

    rules.
  25. aigle
    Offline

    aigle Registered Member

    May be the reason is that it,s signed. See Zemana settings and turn off trusting signed executables.
Thread Status:
Not open for further replies.