AT & Keyloggers

Since i've had it , Spycop has nailed 2 keyloggers on my system.

I've never used Anti- Keylogger so i can't comment on it.






snowbound

 

Since I don't have a copy of the beta of the STARR keylogger, I can't test SpyCop against it - however, I'm going hazard a guess that if the new beta is radically different from the last release, SpyCop's ability to pick it up may be impaired.

Having said that (and it's just a guess), I'd also like to state that until a keylogging program is generally available to the public (as a release version, not a beta), specific detection for it isn't added by either SpyCop or Anti-Keylogger.

IOW, all companies involved in the detection effort probably wait for the RC.

If you can point me to where I can get a copy of the beta, I'll happily run a SpyCop scan with the full version. Pete

 

Hi spy 1 well sure i can send you right over to betanews where I picked up my copy originaly. Then I used the autoupdate feature and
it upgraded a bit again. this is where i got it to begin with.
I will see if I saved the last copy I downloaded.
I guess you could start with this copy and I will check their main page in the mean time. I may have got the beta off there also.

http://fileforum.betanews.com/detail.php3?fid=1016608257

otherwise here was a google for the beta but it looks the same size as the version on iopus's page.

http://www.softpedia.com/public/scripts/downloadhero/14-5-20/


I do remember the version on the home page used starrcmd as the run key and the beta used starrcmd5

I have not reinstalled anti-keylogger on my new test system yet but I will
and let you know how it goes.

con

 

con - Here's another program you can try: http://dewasoft.com/privacy/kldetector.htm - but I'm really unsure as to whether it will detect the program or not now that it's already on your system.

This one - KL-Detector v1.0 - isn't quite as user-friendly as SpyCop, but it is free.

I can't vouch for the integrity of its' makers' (I just learned about it myself minutes ago) over at Dick's site.

Just another toy to play with. Pete

 

I tried installing Anti-Keylogger. There is two anti keylogger programs on the internet today. I use the one from anti-keyloggers.com

After installing and rebooting, my system froze. I had to remove anti-keylogger in safe mode. When windows came back up I got a warning from Bo Clean saying it had detected a trojan. I am guessing this is what froze the install. Guess I need to contact Bo Clean. for some reason Bo clean doesn't detect it till reboot, then locks the system up. I am going to try installing it on another system with Bo Clean on to see if that one does it also.

this is what Bo Clean reports:

01/01/2004 10:55:54:
Analyzing file C:\PROGRA~1\WINDOW~4\WINACT~1.EXE
Trojan horse was found in above file
LOPWINACT TROJAN STOPPED by BOCLEAN!
Above file copied to C:\evidence.boc for examination.
Active trojan horse was shut down. System now safe.
Trojan horse was removed, registry cleaned.


http://www.anti-keylogger.net/

http://www.anti-keyloggers.com/

 

I was able to install Anti-keylogger on my other test system and Bo Clean didn't alert this time. I am guessing it must be one of the other programs conflicting. the only difference is I have Norton on one and KAV on the other. I also have spywareblaster and spyguard on the system I can't install Anti-keylogger on.

this is what Anti-keylogger finds for Starr

c:\windows\system32\wskrnla.exe

I still want to try KAV's extended def's manualy with 5.0 beta but at this time you can only update the normal def's manualy.
Maybe someone else can give the extended def's a try using the released version of KAV.

 

So that path you provided Controler. Does that mean anti-keylogger found it?

muf

 

Muf

I am using the new version of Anti-Keylogger which is advertised on their site. The SOHO version not the corporate version. The scan was done on medium not high heuristics sensitivity

it sure does. I allowed Anti-Keylogger to do it's thing and it removed that file which appears to be the logging engine. To verify this i opened up Starr and when you do this the logging engine is stopped, then when you exit starr the engine is suppose to restart again and i get an error message that starr could not start the logging engine.
Now i don't know if this is only on program exit and not on windows startup or what yet. still doing alot of messing around here.
I don't know if that is the same exe on every install of Iopus Starr.
They may change it, I just don't know yet.
So far the only way I find to get rid of the complete program is by using it's own uninstaller, which is incorporated into the program. You can't uninstall it from anywhere else that I can see.
I may give Raython a e-mail and ask them a bit more about it.

 

I guess it is not that tough to find if you have your folder options set to show hidden system files ect.

c:\documents and settings\all users\application data\wskrnldata

if you have the support logging feature enabled in starr you get a nice install TXT report which I have included for your pleaure

 

Con - I got the program from this link you gave above ( http://fileforum.betanews.com/detail.php3?fid=1016608257 ) .

The only problem is - it refuses to install. Pete

 

you must have something blocking it then?

Anti-Keylogger does kill the logging file which makes it useless but I guess if you want to get rid of all the files associated with the install, which I poated in last post as a TXT file, then you can add them to a program like Trojan hunter or wormguard I think. That way the AV-AT
programmers are not acountable for added the def's to their programs and getting sued LOL

 

spy1 I can send you the install file I have. it is about 1.7 meg.
actualy one of the cooliest keyloggers i have seen in some time.
or just download from the main iopus-starr web site.
it is a trial. and all the funtions work.

con

 

I am trialling both Spycop and Anti-Keylogger at the moment. Both look good, but AK seems faster, and more professional looking. I know looks aren't everything, but it just gives a feeling of a more polished product.

What i was wondering is with SC you can update the definitions(this is not active in trial version). There doesn't seem to be the same in AK. Is this one of those products you have to uninstall and re-install when a new version comes out, or is the update only shown when you buy it?

Also, they do not have real time(resident) protection. Is this the norm for these types of applications, or is there similar software out there that does have resident protection. I noticed something called Net Cop which seems to have resident scanning and has your iopus-starr Keylogger in it's database. Look here http://www.net-cop.net/features.htm
If you click on 'news' it gives the full list of programs it protects against. Anyone tried this program?

muf

 

muf

AK does start on windows startup and changes it's file name each time.
It does not appear to detect starr while it is running. It only seems to pick it up on a scan.
AK does not have a database update. you only need to upgrade on each new version. I am still going to send them an e-mail on starr


con

 

Nice one. I may also try this net cop shield software. I found a demo version here http://www.5star-shareware.com/Internet/IntPriv/netcop-download.html

muf

 

muf

i ment to get back to you on the file that is started with windows.

this is the registry monitoring file. It monitors for any changed registry changes and then asks if you want to do a scan.

con

 

Thanks for that info. I am still trying it out. It's not found anything(which is good), but that also doesn't tell me if it's doing it's job. Maybe i should download and install a keylogger to test it. Maybe...

muf

 

Here is the makers of Anti-Keylogger's newest software if you want to give it a try.

http://www.anti-hack.biz/index.html


con

 

Pestpatrol V4.3.0.7 (standard version) offers great protection against keyloggers :

http://www.pestpatrol.com/KeyPatrol/

You can scan on-demand with it, or let it invoke on systemboot.

Mona

 

But Privacy Keyboard requires NO updates

 

Privacy Keyboard doesn't work on Windows ME

I really don't know which one to go for out of Anti-Keylogger and Spycop. I am open to recommendation's from people who have tried one or both of these. As i see it, Spycop does more than just keyloggers. But does that mean it's inferior to Anti-Keylogger at protection against keylogging? Spycop claims to have the biggest database, but AK claims it doesn't need updates. Such a difficult choice...

muf

 

Thanks for the input Paul. I must admit i'm leaning towards AK. It just seems more...polished. Very quick scanner and checks for suspicious changes on startup. It has already given me an alert that my startup files were changed. Advised me to do a full scan. Turned out i was ok but nice to know it's there to let me know of changes.

muf

 

Con - Give me a holler if you're online via PM. Got the beta installed and I'm fixing to start testing.

I can't get it to update - I'm assuming I have the latest beta due to your notation of the "5" at the end of the "Run" command. Pete

* The first thing I noticed upon re-start after the install was that the ProcessGuard icon never showed up. The window for PG flashed up (like it normally does) during start-up - but the tray icon never appeared. It's shown as being running (at least, the PG_MSGProt.exe is).

I'm going to start SpyCop up and run a scan now.