This Keylogger Defeats Zemana And Comodo D+

Discussion in 'other anti-malware software' started by markedmanner, Feb 2, 2011.

Thread Status:
Not open for further replies.
  1. markedmanner

    markedmanner Registered Member

    Just found this very very simple keylogger that logs your keystrokes and saves them in a log file and I did not get a single warning from Zemana or Comodo D+ that this was logging what I type. You can download it here:

    Have yet to test it against spyshelter I assume it will be the same result. I know this logger is very simple but I would hope that something would have notified me that it was logging what I type and even the active window it is being typed in.
  2. Noob

    Noob Registered Member

    I'll give it a try.

    Keylogger warning by OA Premium.
    Even after allowing the file but NOT trusting.

    I think that it got through D+ because you trusted the file, which should not be :D
    Or your Sandbox rights were too high (I usually set it at BLOCK)

    BTW, guys the file is clean according to VT and EAM
  3. kjdemuth

    kjdemuth Registered Member

    Comodo did block it under "Untrusted" setting. Sandbox also automatically caught it. D+ has it blocked under the log.
  4. Noob

    Noob Registered Member

    Nice report, i couldn't believe it got through D+ :rolleyes:
    I'm not saying it's bullet proof but it's as close as it can get being a Classical HIPS :thumb:
  5. safeguy

    safeguy Registered Member

    I didn't download the file due to lack of information such as source, who created it, etc. In any case, what settings do you have for Comodo D+?
  6. CloneRanger

    CloneRanger Registered Member

    @ markedmanner

    Not sure what your settings are, but it gets blocked here :D Did you allow it ?



    Not a peep from Prevx PSOL though ? :(

    By the way, thanks for reminding me about this :thumb: I saw it when DL'ing TChunt but got distracted so forgot about it :D
  7. Noob

    Noob Registered Member

    He set the sandbox settings to a more limited mode (Untrusted) :)

    I guess he did allowed it.
    BTW, PrevX SOL doesn't works like other keylogging programs which are essentially a HIPS, PrevX SOL protects browser activities and keylogging (Such as data theft, fake sites, account details, where the data is being sent etc.)
    Hence the name PrevX SafeOnline

    Other products are advertised as Anti Loggers ;)
    Last edited: Feb 2, 2011
  8. JimboW

    JimboW Registered Member

    Defense+ failed here but NAV 2011 got her :thumb:
  9. CloneRanger

    CloneRanger Registered Member

    @ Noob

    Hi, PSOL scanned it in the cloud after i allowed it, so i'll be interesting to see what they say in my Prevx thread about it !

    Thanks ;)
  10. kjdemuth

    kjdemuth Registered Member

    I have the execution control set for untrusted. I also have run installers outside sandbox and run trusted software both ticked off.
  11. kjdemuth

    kjdemuth Registered Member

    Jimbow, what setting do you have D+ on?
    It caught it for me.
  12. Noob

    Noob Registered Member

    There are lots of flaws in the default settings of D+, specially the sandbox level.
    You should tweak it a bit and i'm pretty sure it will block it ;)

    You welcome mate *Hugs*
  13. cruelsister

    cruelsister Registered Member

    I think that the original poster was running Zemana in default mode. I always click on the Expert mode box in Security Settings- this will alert to any keylogging attempt. I believe the default setting will allow commercial programs that are signed (or at least it allows 16K).
  14. JimboW

    JimboW Registered Member

    Safe mode but I have sandbox off.
  15. Noob

    Noob Registered Member

    You should tweak your D+ settings for better protection (You might get a bit more pop ups in the beginning) :)
  16. Kernelwars

    Kernelwars Registered Member

    Spyshelter nailed it:)
  17. blasev

    blasev Registered Member

    yup spyshelter is definitely caught it :ninja:
  18. tipo

    tipo Registered Member

    norton said ws.reputation.1
    you cannot rely on that. norton doesn`t know about this file anything. the only thing it knows is that it hasn`t been used by community members therefore it is unsafe.
  19. aigle

    aigle Registered Member

    CIS with default settings will obviously not intercept it. On maximum paranoid settings, it does intercept. GesWall also stops it.

    Attached Files:

    • k.JPG
      File size:
      30.8 KB
  20. aigle

    aigle Registered Member

    On default settings, CIS will trust it as it,s digitally signed.

    Attached Files:

    • k2.JPG
      File size:
      39.1 KB
  21. aigle

    aigle Registered Member

    Hi, I just wonder from where zemana picked TCHunt? o_O

    Attached Files:

    • 16.gif
      File size:
      16.4 KB
  22. JimboW

    JimboW Registered Member

    Yes but it automatically blocked/quarantined the download which is what I would expect. That's good enough for me.
  23. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Just tried this in a VM with Zemana and latest Threatfire. Not a beep from Zemana too, while Zemana is in expert mode. Threatfire(set to lv 4) only gave a warning after it already captured a few keystrokes.
  24. Rules

    Rules Registered Member

    Tested with SpyShelter on W7x64, no problem keylogger blocked.

  25. aigle

    aigle Registered Member

    May be the reason is that it,s signed. See Zemana settings and turn off trusting signed executables.
Thread Status:
Not open for further replies.