Chrome keylogging activity detected by Spyshelter.

Discussion in 'other anti-malware software' started by Konata Izumi, Sep 10, 2011.

Thread Status:
Not open for further replies.
  1. LODBROK

    LODBROK Guest

    Chrome isn't alone. If you overwrite its default settings and max it up, Zemana will alert an allow/block for Thunderbird, Firefox, Foxit Reader, Revo Uninstaller (just to name the noteworthy) and this one...

    Permission = 1
    Action = Allowed
    Description = Internet Explorer
    Process Name = iexplore.exe
    Process Path = C:\Program Files\Internet Explorer\iexplore.exe
    Component = iexplore.exe
    Company = (Verified) Microsoft Corporation
    Activity = KeyLogger (Type: 23)
    MD5 Hash = B60DDD...487FCFB...19E
    Date = 14/10/.... - 10:03:08 AM

    The use of an Internet search engine will tell you why that is. I'd provide some search hints, but as we now know: Keys are being... Logged!! :blink:

    .
     
  2. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    I diagnose Mr. Konata Izumi officially as the first reported case with the Wilders Syndrome or better known as WSS scientifically.
    Man there's no cure for it im so sorry.

    We have a sanatory in which you're welcome whenever you want. :D

    The leading Virologist Noob and his team is working on a cure to prevent a pandemic, as of now all theorical ways to cure the disease has been a failure, we hope to come up with a cure in the near future. If you're interested in helping me and my team you can send us a donation to our charity account so we can further research this virus. As of now all investigations have been stopped due to funding problems.
    Hahahaha im J/K
     
    Last edited: Sep 12, 2011
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Isn't that just a fancy word for paranoia?
     
  4. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    It's normal in the Wilders, WE THE WILDERS ARE BORN TO BE PARANOIDS!
    Anyways i don't really think they are stealing info. (Or yes?!? Hahaha)
    If they dont Key-Log our keystrokes then how it will get what we are typing :D
     
  5. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Ask Opera :p.
     
  7. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,979
    Here's some recent "activity" intercepted by Zemana on my comp

    z.gif

    A thread i made about, ZA Spying on me ? https://www.wilderssecurity.com/showthread.php?t=284584

    It seems that now & then, even "some" of our "trusted" Apps "appear" to spy on us. Quite why hasn't been Fully established, IMO !
     
  8. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    my guess is those apps are just waiting for Hotkeys/keyboards commands/shortcuts.

    as a wise man used to say: "Paranoia will destroy y'a". ;)
     
  9. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    Donate or you guys will be doomed!! :D
    Fixed it for you Hahahaha
    Okay i admit it, i'm not even close to that :argh:
     
  10. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,974
    Location:
    Poland - Cracow
    Many apps have activity which is detected by SS (keylogging, screen capture, clipboard capture)...some examples
    Firefox
    Firefox.jpg
    FreeCommander
    FreeCommander.jpg
    IE
    IE.jpg
    MS Office
    MS Office.jpg
    Noob...your diagnosis is very accurate :thumb: :D
     
  11. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    Yeah i knew i was blessed with ma skillz D00d :D
     
  12. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,545
    there 2 kinds of prompts I have seen in spyshelter.

    1. an app could act as keylogger,take screenshots etc.
    2. an app is trying to record your keystrokes.

    I get #2 on Chrome.

    since chrome is a legitimate app I should allow? if I don't you call me paranoid? wtf o_O
     
  13. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,974
    Location:
    Poland - Cracow
    Two answers:
    1 - why NOT?
    2 - of course YES!
    :D
    Your choice :)

    OK...more seriously...I think you could allow becouse it might be you can not log in to your mail-box. The same was in Firefox on my lap...if I try to type name in Hotmail at once I have popup alert from SS about this keylogging action. Whitout allowing I can't enter into my mailbox.
    Similar situation is when I try make some screenshot by using FreeCommander (Alt+Ctrl+F10)...for me it's a legitimate action and of course I allow. In FC I have also option to changing file name (F2)...of course SS alerts about keylogging action...and af course is allowed.
     
  14. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,545
    I always block keylogging prompts but nothing breaks except for one online game :D

    Chrome keyboard shortcuts and other things still works after blocking keylogging behaviour though :argh:

    oh well.. I give up on this issue..

    spyshelter has kernel mode antikeylogger which encrypts keystrokes anyway. I'll just disable all the other spyshelter HIPS-like modules and just sandbox the browser and be done with this paranoia :D
     
    Last edited: Sep 12, 2011
  15. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    if it works then you're all sorted out. ;)
     
  16. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,545
    I was actually trying to poke my beloved google lol :)
     
  17. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    hahaha! :D
     
  18. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    I have read all this thread with interest, but am left with the questions :-

    Why the worry about your personally selected, highly reputable and trusted browser nosing in on your keystrokes ?

    What is all this fuss about ?

    What do you think they are going to do with the information ?

    I have Firefox, IE8 and Chrome, but use FF all the time. The others are just ornaments to play with occasionally. AND I have the dreaded Google toolbar and their beloved Classic Search as my Home Page in harmony with countless millions of other users.

    Yet, I sleep well at nights and do not have nightmares of these naughty browsers reading all my keystrokes and life is sweet.

    So for the ultra-paranoid enthusiasts - keep worrying and you`ll age faster than a fish out of water.

    John

    SMILEY 1A.gif
     
  19. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,322
    Location:
    USA
    This was classic Noob :D
     
  20. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    oftentimes when i was using HIPS I'd have to do research on a process i did not know about, while the HIPS was waiting for the Allow/Deny answer.

    more often than not, i was left with having to make the decision myself and not being sure after looking on the web for an answer.
    why should i make that decision? do i look like a rocket scientist? ;)

    in the end it pretty much come down to: do you trust the vendor or developer of the software?
    and if you're not sure, on demand scanners are there for that.
     
    Last edited: Sep 12, 2011
  21. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I agree Moontan, the user should not have to be making decisions especially since they simply don't have enough info to make them.

    If a user KNEW the software was malicious they wouldn't install it to begin with. If they think it's trusted of course they'll hit "yes."
     
  22. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,752
    Location:
    USA
    But I always saw a distinct value in a HIPS program as being a warning popping up when you're not doing anything related to that warning... like an email client asking for permission to connect out when I'm not working with email.

    Also, the ability to block a connection request when you don't think what the program is doing should require internet access.

    I just turned off the HIPS portion of my firewalls because I want to run for awhile and see what performance boost I get, and to see if my other layers are sufficient. But I have always liked HIPS.
     
  23. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,974
    Location:
    Poland - Cracow
    My conclusion is that:
    - quite all of HIPS/blocker/monitor/anti-exe (and what you want more in this kind of security) have own Black/White List...and it's obvious and comfortable
    - and it's obvious (and comfortable too) that each user should have their own B/W List...whitout those, whitout a little of trust he can easly come to the great paranoia.
     
  24. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    Hahahaha it the diagnosis of our patient. :D
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.