Concerned user...

Discussion in 'NOD32 version 2 Forum' started by Radi, Sep 25, 2006.

Thread Status:
Not open for further replies.
  1. Radi

    Radi Registered Member

    Joined:
    Sep 25, 2006
    Posts:
    4
    So far I have been using Nod and I'm very pleased with it. However, recent "accident" concerns me.

    A week ago, my brother decided to install a keylogger on my computer. I have no idea why he would do that. Fortunetly, I did discover it. And here is the main problem. Nod did nothing about it when it was installed.

    And Ad-Aware did discover it properly on the first scan.

    Here is the link to the site with a keylogger: h[I]tt[/I]p://www.widestep.com/

    A bug? Stealthy malaware?

    Any feedback would be appreciated.

    P.S. I'm running XP SP2 with Sunbelt firewall and nod.
     
    Last edited by a moderator: Sep 26, 2006
  2. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Looks like it's a tool for parents to keep an eye on their kids. Same stuff as NetNanny I guess.
     
  3. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    OT posts removed concerning "Sunbelt Kerio Personal Firewall".
    As was suggested in a removed post....Please ask those type questions in the below forum or PM the affected member for questions such as that.

    https://www.wilderssecurity.com/forumdisplay.php?f=31

    Thanks,
    Bubba
     
  4. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Bubba, OK thanks for the heads up.
     
  5. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    No problem and Thanks for understanding.
     
  6. Radi

    Radi Registered Member

    Joined:
    Sep 25, 2006
    Posts:
    4
    That still does not answer my question. Why did Nod let it install on my system?? Is it considered as a "legitimate software"?
     
  7. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Well nod is primarily an antivirus program and not an anti malware program although it does detect some trojans and spyware (i think).
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    NOD32 provides protection against:

    Trojans
    Viruses
    Worms
    Spyware
    Adware
    Phishing
    Hackers

    So pretty much malware is covered in amongst that lot.

    Cheers :D
     
  9. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    But I think Radi is concerned about whether the Widestep keylogger referenced above should fall into one of those categories. In other words, is NOD32 deliberately allowing the keylogger to be downloaded and installed, or is the keylogger slipping by? If the keylogger is slipping by, should it be stopped from doing so, or is that outside the scope of NOD32?
     
  10. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Probably.
     
  11. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Wow that is pretty much most malware covered, more than i previously thought.
     
  12. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    And only getting better.

    Cheers :D
     
  13. pc-support

    pc-support Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    285
    Location:
    Edinburgh, UK
    Is your NOD setup to allow or disallow potentialy dangerous applications?
     
  14. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Mine is, so that piece of software Eset must consider as legitimate.

    Cheers :D
     
  15. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    And that's why a HIPS is always useful :D :rolleyes: ;)
     
  16. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Agreed.

    Cheers :D
     
  17. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    and never let your brother use your PC. :D :D :D
     
  18. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    or ride a donkey backwards, as you never know where you're going, or when you will get there :blink: :eek: ;) :D
     
  19. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    I prefer horse-power :D :D
     
  20. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Handy Keylogger 3.25 build 032 from http://www.widestep.com/ is actually detected already as follows:
    Code:
    hk_setup.exe »NSIS »Hlib32.dll - Win32/Spy.AdvancedKeyLogger.C trojan
    Possibly it is utilised by malware and is the reason ESET have it detected...Don't know

    The other two have been sent for analysis with a link to this thread.

    Cheers :)
     
  21. Radi

    Radi Registered Member

    Joined:
    Sep 25, 2006
    Posts:
    4
    Last edited: Sep 27, 2006
  22. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    I can't see your picture for some reason. edit: The link is not correct

    NOD32 does detect WideStep Handy Key logger 3.25 (log attached) - it's the other two versions of Key Logger (Quick Keylogger 2.1 & Elite Keylogger 3.0) from WideStep that are currently not detected and possibly for good reason, or possibly not - I do not know.

    Samples have already been sent for analysis with a link to this thread.

    Cheers :)
     

    Attached Files:

  23. ASpace

    ASpace Guest

    As already mentioned , this can be thought as a legimitamte software , not a real malware . I can guarantee that ESET are aware of this "keylogger" and if they decide it is something really malicious , they will add it soon in the database :)

    The other still remains , don't let anybody else touch your computer , at least don't give them admin rights :thumb:
     
  24. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    It detects one dll file from the Handy Key Logger. Whether that is enough to "cripple"/disable the key logger, I don't know.

    EDIT: I know this is a NOD32 forum, but on a side-note, DrWeb and KAV detected more files.
     
  25. Radi

    Radi Registered Member

    Joined:
    Sep 25, 2006
    Posts:
    4
    Hmm I guess it was one of those two (Elite and Quick).

    Thank you for the help.
     
Thread Status:
Not open for further replies.