This Keylogger Defeats Zemana And Comodo D+

Private firewall blocked this one The HIPS module it got is the killer

 

Nope, it's still very hard to remove.
Theres a way to remove from the Comodo files (I don't remember how)
Anyways, i remove them manually always, and the last time i did (2 weeks ago) it had around 10300 around entries (Not the most accurate but it was over 10k 100% sure), COME ON 10K entries?!?

 

unfortunately, maintainability of TVL in comodo is poor. Hope they would improve in the upcoming version..

Thanks,
Harsha

 

Well, fair enough, it is easy enough to just turn that option off anyway, but do we know for sure it's that easy to add something to the trusted vendors list? Just because one person says "Yeah, allow that"?

 

AppGuard nailed it. Lol

 

Kees,
The only reason I check off the first one is I don't trust their trusted vendors list. There have been instances that the "trusted vendor" was scamware or other things such things.

The second option is exactly why I don't have it checked.

 

Great

 

I thought some in the thread my appreciate a brief explanation of how passive key logging works. It's a very basic concept used by many applications. Here's a simple example that many can relate to:

When you press the P key while playing a video game on your PC, the game pauses. How does the game know to pause? The game is monitoring the state of the P key. Like all keys, the P key has two states (up or down). Now take that concept and begin monitoring the state of all the keys on the keyboard. Loop over and over again very quickly noting state changes. When you do that, you have a passive key stroke logger.

Pros:

* Runs as a restricted user. No need for admin rights.
* More difficult (but not impossible) to detect in general.
* Simple to write (no kernel hooks, etc.)

16k was written to demonstrate this concept for educational purposes only. It's not malicious nor harmful. There's no need to distrust my authenticode certs or blacklist my apps. I'm on your side here.

 

Thanks for writing this little app and pointing this out. I had always been curious about this. Because when I type in Open Office, Word etc.. Zemana and other HIPS never notified me of the program reading my keystrokes. Clearly its a trusted program but I always asked my self what if a keylogger operated in the same way? I would not be even notified of it logging what I type and that is what you have done here. Although CIS and Zemana will both detect it but you have to adjust settings and they will not detect it with the default settings.

I would also like to see a test against keyscrambler. Has anyone tried this?

 

Languy99 had a great example of the FAIL of Comodo software blacklist in one of his videos. A piece of malware was installed because of a vendor on the whitelist. See video here: -http://www.tubechop.com/watch/128284-

 

Website currently blocked by ClearCloud DNS.

 

Spot on This works even in Clean PC Mode. I've just checked it..

Anyway, for those of you worried/concerned over the Trusted Vendors List in Comodo, here's how to clear it:

1. Go to the CIS install directory and open the 'database' folder:
C:\Program Files\COMODO\COMODO Internet Security\database

2. Now, delete the file named "vendor.n". Alternatively, create a fake file with the same name (you can use Notepad) and replace it.

Repeat this whenever the program is updated.

 

Here's how i've arranged my settings, which successfully blocked this

 

Nice tip I also tried the settings recommended and indeed comodo does not have to be in paranoid mode to block this. I think the trusted vendor list and trusting digitally signed installers can mean malware gets installed possibly. This is proof of that.

 

This is why, they cause are the LAZY MEMBERS!!
Okay, i'm fine you do a whitelist but PLEASE, you don't need to add every single thing from the whole internet!

Specially that the list contains so many random companies IMO.

 

Sadly, you're right. The moron circus has officially started. Go around the clowns: http://74.207.233.100/16k

Someone should ask them why they waited until now to block it. 16k has been up for years.

Edit: Our hosting provider is receiving abuse complaints too. Reminds me of the movie "Dumb and Dumber".

 

Well, ClearCloud DNS service for sure isn't that old. You/someone else who visits your website can always submit your domain to be removed, via ClearCloud block page.

By the way, Paretologic also labels your domain as malicious, according to VirusTotal. Just so that you are aware.

 

Yes. There are lot's of clowns in this circus. It ought to be a good one.

 

Does it block with default settings?

 

oh yes didnt do any setting..or any fancy things..it just nails everythings that stinks..

 

So this thread is BUSTED!

 

You better believe it my good friend

 

I don't know what was wrong before, but Zemana does block it now.

 

Software conflict probably?

 

I thought so too, but can't pinpoint it. Had Trendmicro browser guard installed(seems unlikely product to conflict) when I booted my VM again I was uninstalling BG while I was editing Zemana settings, I tried the keylogger again and Zemana blocked it. However after installing BG again Zemana still blocks it and the settings of Zemana are the default expert settings which I had before as well when Zemana failed.