Powered Keylogger Undetectable?

I wonder if it is still undetectable.
Hasn't been updated since September 2007.

It uses a kernel level driver.

http://www.security-utilities.com/keylogger.html

Detection List

 

Undetectable when installed beforehand?
Don't let it be installed.

 

I just scanned the installer itself with superantispyware,malwarebytes antimalware, agnitum spyware scanner, avira, and kaspersky.

Only agnitum and avira detected the installer as malware.

 

i tried it againts ProcessGuard stop the installer from installing after i allow to run.i think it uses some kernel tecniques.

 

F-Secure 2009 pops it.

C:\Users\Austin\Desktop\powered_keylogger.exe Action: quarantined

 

Can't run in a tightened sandbox.

 

During installation and running, Comodo Defense+ finds it.

 

kaspersky blocks it.
riskware not-a-virus:monitor.win32.powerlogger
maybe someone can installl in a vm and see if anything detects it once active.
such as superantispyware, major av's,anti rootkit tools etc.

 

SAS doesn't detect it. I have Trend Micro 2009 , SAS Pro and Comodo on my spare system.
On installing, only Comodo Defense+ gave alerts. Both Trend Micro ans SAS-Pro were silent. Scanning memory and scanning in safe mode ( the directory of the keylogger) did not change anything. Both SAS Pro and Trend missed it cold !!

EDIT: A-Squared/Ikarus detects it as not-a-virus:Monitor.Win32.PowerLogger.220

 

Yes but is it really malware as it still needs installation with no rogue like symptoms and some may have a use for it?

Also it's advertised as to it's full capabilities.

 

Detected by Prevx 2.0 and Prevx CSI as soon as the download to the desktop finished. Didn't need to try and install it.
No reaction from GeSWall, presumably you would need to run it for GeSWall to detect it.

 

I can not try, because that AVIRA AntiVir - CATCH IMMEDIATELY before downloading completely ...

PROROOTECT

 

Avast caught it as soon as I tried to download it.

 

Avast bravo!... It seems, it is somewhat improved ... for this case ...

 

Only 3 AVs flag the installer at ~VirusTotal link removed per policy. - Ron~ and Avast wasn't one of them. Maybe due to them using a different version of avast at VT.

I didn't try to install the logger to see how well it hides itself after installation.

 

well obviously that tells you something about Virus Total as we have screenshots showing more catching it then they seem to show.

 

If I upload Powered Keylogger 2.2.exe to VT I get "file has already been analysed" which shows 15 detections on the 28th of this month with 35 scan engines.

If I hit re-analyze it shows 17 detections for todays date with 36 scan engines?

 

~Link removed per policy. - Ron~


Oops, my bad....sorry Ronjor. I went back and read the policy on VT and Jotti results. Won't happen again.

 

Franklin,

After reading your post and thinking about it for a bit I decided to download the logger again and upload it to VT a second time. This time I got the same results as you did 17/36 detections (Avast was one of them) so I am not sure what happened the first time I sent it to VT. The only thing I can think of is that when avast popped up the first time I downloaded it and I ignored the warning that Avast somehow corrupted changed the file?? This time I disabled Avast while downloading the file.

 

NIS 2009 gobbled it up.

 

Has anbody tried this against Defensewall?

 

Nod32 detected it but not a word from threatfire at defaults.

 

Dr Web cureit detects it after its installed.

 

Strange behaviour of Avast free

I have Avast standard shield only, no web based scnaner, Avast does not warn when writing to disk!, Right click and scan and it give a warning?


Would you check with the web shield disabled and write it to you hard disk (standard shield should catch it). This to find out whether it is a general inconsistency or only my set up.

Thanks

 

Driver won't install