Chrome keylogging activity detected by Spyshelter.

Discussion in 'other anti-malware software' started by Konata Izumi, Sep 10, 2011.

Thread Status:
Not open for further replies.
  1. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    Why do I get a prompt from Spyshelter about Google Chrome reading my keystrokes when I click on a password field on any webpage? o_O
     
  2. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    maybe it's "trigger happy". ;)
     
  3. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    seriously though,

    unless another user can confirm your problem you're looking at 2-3 things:

    1- you are infected


    2- security apps conflicts:
    you got Trusteer, SRP, UAC, EMET, Sandboxie, NoScript, Sphyshelter and Returnil password protection, all running.
    it could be a recipe for conflicts.

    let's leave out NoScript, UAC and SRP since they're unlikely to cause conflicts.
    although it's possible, i'm no expert.


    3- SpyShelter is "trigger happy".


    if i were a betting man, i'd go with number 2. ;)
     
    Last edited: Sep 10, 2011
  4. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    I'm not 100% sure, but I seem to remember Privatefirewall's Process Detection (or maybe it was System Anomaly Detection) calling Chrome a keylogger.

    And I think Online Armor said the same thing at one point.

    OA even said it about IE8, as I recall.
     
  5. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    I'm 99% sure I'm not infected :D

    I tried this

    installed Chrome on clean windows os
    installed spyshelter free only

    set spyshelter to allow only microsoft-signed apps.

    I opened Chrome... click on any password field from various sites (facebook/wilders etc) I get a prompt from spyshelter if I want to block chrome trying to log keystrokes.

    **********************

    I heard trusteer also crashes chrome maybe because trusteer is trying to block chrome keylogging behaviour?
     
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I believe that it's normal for this to happen.
     
  7. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    I think so too!

    just wondering because after blocking the behaviour I can still type in my password and log in successfully :D

    is Chrome doing something fishy or I'm blocking a chrome security feature? maybe chrome has it's own antikeylogger? :D
     
  8. EboO

    EboO Registered Member

    Joined:
    Mar 12, 2011
    Posts:
    287
    I'm agree with hungry man. Try the same test but before verify that "remember password" is unchecked in chrome.
     
  9. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    I set chrome to never ask to remember password :)
     
  10. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I don't believe Chrome is doing anything fishy, I've heard about this before but can't remember the justification.
     
  11. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    hii here is an article showing google chrome is a keylogger
    -http://jischinger.wordpress.com/2008/11/16/google-chrome-a-keylogger-privacy-concerns/-
     
  12. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Makes sense. The omnibox suggestions definitely do have to go to Google's servers at some point, they say so in the settings.
     
  13. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    I think this is not what I'm concern about, I know this feature and I'm fine with it.

    my concern is why should chrome try to record my keystroke when I try to type my password on any password field :D

    I think other major browsers does this behaviour too!
     
  14. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    Google has a rather big nose but I dont think logging password is going to help them boost their search thingy..:D or maybe they wanna boost their database with whatever information they can possibly gather :eek: :argh:
     
  15. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I think the password and the omnibox tracking are different.
     
  16. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    no way:eek: im using Firefox for years without any behaviour like this:p
     
  17. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Hmmm and have you tested other browsers? :D
     
  18. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    yep firefox, ie9, opera, chrome and iron :)

    and I noticed this keylogging behavior long time ago up until now, im just too lazy to post lol

    If my memory serves me right only opera has no keylogging behaviour LOL.


    other browsers fire up their keylogging behaviour as soon as they startup while chrome starts its keylogging behaviour when you start typing password.
     
    Last edited: Sep 11, 2011
  19. EboO

    EboO Registered Member

    Joined:
    Mar 12, 2011
    Posts:
    287
    WIth OA (and white list unchecked) when i launch opera for the first time it asks me for allowing a hook (for the keyboard). So i think it's not really different than chrome.
     
  20. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    im also getting keylogging alert with spyshelter for chrome, but no alert from zemana.

    i then tried firefox...
    Zemana alerted firefox is trying to capture screen...
    but spyshelter didnt ..

    i think these are problems with antikeloggers.:p
     
  21. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    hehe I still have doubts on these browsers :doubt:
     
  22. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    I say it's because everything that is not signature/whitelist/blacklist based WILL be trigger happy :D
     
  23. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
    May be I am missing something but normally this is caused by the AUTOFILL function. It happens in all major browser having this function activated.
     
  24. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    that's one reason why i stopped using HIPS like products:
    these things can be "trigger happy" and paranoia inducing. ;)

    at one point i stopped using the AIMP2 mp3 player because Zemana detected keylogging activities.
    now i realize that it might have been legitimate; like keyboard commands, for example.
     
    Last edited: Sep 11, 2011
  25. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    tried disabling autofill and remember password options but keylogging is still there :D

    but why does these programs still work fine after blocking the behaviors?
     
Loading...
Thread Status:
Not open for further replies.