Ghostpress - Free AntiKeylogger

Discussion in 'other anti-malware software' started by Tyrizian, May 19, 2016.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,446
    Location:
    The Netherlands
    OK thanks, I can now visualize it more clearly. But how does it do this, don't you need to make use of global window hooking or API hooking?
     
  2. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,302
    Location:
    USA
    When I try to add to startup after uac prompt it unticks itself...click the link to see what I mean

    video converted to gif...
    https://im2.ezgif.com/tmp/eecaba033a.webm

    Someone mentioned it doesn't work when typing in a sandbox, it does for me

    I would prefer a similar pop-up window to how keyscrambler is if that's possible? I think the widget is annoying and ugly (sorry, just being honest) and I can never find a good place to put it so it's not blocking parts of a website, but I do like to see the animation for visual confirmation that it's indeed working. Overall I do like this app :thumb:

    EDIT: One other tiny issue, when I sign into wilders with keepass for example, GP slows down the auto type quite a bit, is this something that can be tweaked or will I have to live with it?
     
    Last edited: Nov 5, 2016
  3. mWave

    mWave Guest

    How's the development of this product going? I haven't tested it before myself however this thread seems quiet compared to how it used to be... Any updates?
     
  4. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    12,239
  5. hsdev

    hsdev Registered Member

    Joined:
    May 20, 2016
    Posts:
    68
    @Rasheed187 We are using a global hook to intercept all keyboard traffic before it reaches its destination. Ghostpress does the rest.
    @Overkill Can you reupload the file please?
    Anyway I took a note to have a smaller visual confirmation that is is working at the moment. Would you like it more transparent or just like a small line in the middle top of the current window?

    @mWave @mood The newest version is now finished and gets updated within the next 24 hours. Full changelog will be posted.
    We listened to your recent wishes and added a portable mode and the animated widget will get partly transparent when you did not press a key for 10 seconds.

    If you have any further ideas, you can let me know!
    At the moment we are working on a new security solution which is a lightweight yet multifunctional security solution. You can test the current version here: https://hendrik.tf/riot-isolator.html

    @Tyrizian Could you update the link to https://hendrik.tf/ghostpress.html ?
     
  6. VecchioScarpone

    VecchioScarpone Registered Member

    Joined:
    Aug 29, 2015
    Posts:
    332
    Location:
    Down Under the Southern Cross
    https://hendrik.tf/ghostpress.html ?[/QUOTE]

    @hsdev

    I'm trying out the above version installed from above link. Encountered two issue:
    1. Autostart on windows start up not working.
    2. On this version an "A new version is vailable link" takes me to a webpage that Norton Connect Safe flag as a malicious site, I can't not even manually override the block.

    Running Windows 10 home x64
     
    Last edited: Mar 4, 2017
  7. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    12,239
    If you want the newest version, try it again later. The link will be updated "within the next 24 hours":
     
  8. VecchioScarpone

    VecchioScarpone Registered Member

    Joined:
    Aug 29, 2015
    Posts:
    332
    Location:
    Down Under the Southern Cross
    mood

    Much appreciated, Thanks.
     
  9. hsdev

    hsdev Registered Member

    Joined:
    May 20, 2016
    Posts:
    68
    @VecchioScarpone The old update system is connected with a domain we no longer own. We updated the update system and moved it to our new domain hendrik.tf.
    Did you run Ghostpress as administrator when you tried to enable autorun?
     
  10. VecchioScarpone

    VecchioScarpone Registered Member

    Joined:
    Aug 29, 2015
    Posts:
    332
    Location:
    Down Under the Southern Cross
    @hsdev
    As administrator the autostart application function does work.
    However HitmanPro and VoodooShield both flagged a trojan in the exe. Did not take a snapshot unfortunately.
    I deleted the Ghostpress exe zip file.
    Afterward I run Hitmanpro, MBAM, EEK, SAS and WD, and no trojan found.
    BTW your new updates domain is also flagged as unsafe malicious site.

    Sorry mate don't quite know what to say... I'll give it a miss for the time being.

    As a matter of clarity:

    HitmanPro scan of the zip file exe from the link provided in post #130 does gives a clean bill, Virus Total scan too.
    VS scan flag it as a highly suspicious file.

    However both HitmanPro and VS did flag a trojan once I executed Ghostpress exe. and runned the app.
     
    Last edited: Mar 5, 2017
  11. hsdev

    hsdev Registered Member

    Joined:
    May 20, 2016
    Posts:
    68
    @VecchioScarpone Sadly we cannot ensure that all false positives are fixed. The behavior scanners of these tool might detect that Ghostpress intercepts your key presses (to protect it). If you can report the false positives you would help us a lot!

    We scanned our site with Virustotal and did not find any negative warning message.

    Hopefully the updated version wont cause these troubles.
     
  12. hsdev

    hsdev Registered Member

    Joined:
    May 20, 2016
    Posts:
    68
    We are sorry. The autostart issue was identified, but we need more time to fix it. We will update as soon as this issue is fixed.
     
  13. VecchioScarpone

    VecchioScarpone Registered Member

    Joined:
    Aug 29, 2015
    Posts:
    332
    Location:
    Down Under the Southern Cross
    No need to be sorry. I should have take a snapshot of the warning before nuke the all thing.
    I'm sure you will sort things out.
     
  14. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    566
    Location:
    Far East
  15. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    12,239
    v1.2 is the latest, but a newer version will be released soon:
     
  16. VecchioScarpone

    VecchioScarpone Registered Member

    Joined:
    Aug 29, 2015
    Posts:
    332
    Location:
    Down Under the Southern Cross
    Just a thought.
    You may wish to know that after exiting the program, deleting the App zip file, rebooting, Ghostpress was still running in the background. Could not delete related folders as the program was running locked.
    Luckily I have a great search tool, Everything, that dig all files out showing all files locations. To remove Ghostpress folder,files, exe, traces etc, from my computer I had to dig deep into, Programdata, APPDATA, Windows system etc. And use Lock hunter to remove the locked one.
     
    Last edited: Mar 5, 2017
  17. hsdev

    hsdev Registered Member

    Joined:
    May 20, 2016
    Posts:
    68
    @VecchioScarpone At the moment Ghostpress saves a copy in the AppData folder to have a permanent startup location (only when you enabled the start up feature). Since Ghostpress does not use any setup program, you have to run a second version of Ghostpress on your desktop or somewhere else to disable autostart and get the AppData folder cleaned. Otherwise Ghostpress does not know if you want to delete itself. This is not the best solution and I took a note of adding an automated uninstall option for future updates.
     
  18. VecchioScarpone

    VecchioScarpone Registered Member

    Joined:
    Aug 29, 2015
    Posts:
    332
    Location:
    Down Under the Southern Cross
    @hsdev
    Thanks for your reply.
     
  19. hsdev

    hsdev Registered Member

    Joined:
    May 20, 2016
    Posts:
    68
    Finally the update was tested and released. Ghostpress now supports 12 languages.

    Version 1.3
    +Portable parameter (settings wont be saved)
    +Romanian translation (Thanks to Arthur)
    +Portugese translation
    #Animated widget will go partly transparent when no key was pressed within the last 10 seconds
    #Moved update system to new domain with encryption enforced
    #Fixed minor update check bug
    #Fixed non-administrator bug for adding autostart
    #Minor UI changes
     
  20. pb1

    pb1 Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    464
    Location:
    sweden
    Hi hsdev.
    Process protection, what does it really mean? What does it do?
     
  21. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    12,239
    It prevents Ghostpress from being closed from other applications/users.

    Demonstration
    :
    I launched Process Explorer and can see Ghostpress as a process, but with no available information "n/a" and the termination of Ghostpress was denied:
    Ghostpress_process-explorer_1.png
    Ghostpress_process-explorer_2.png Ghostpress_process-explorer_3.png
     
  22. pb1

    pb1 Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    464
    Location:
    sweden
    Yeah, i read that. But process protection usually means more than that so that is why i wondered. Are you SHURE that it is all there is to it?
     
  23. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    12,239
    Let's wait for an answer from the developer, maybe it's more than the above (#146)
     
  24. hsdev

    hsdev Registered Member

    Joined:
    May 20, 2016
    Posts:
    68
    At the moment we change the ace qualifiers to decline access to the process without Administrator privilegs.
    In our tests to improve this we have three choices:
    - add a watchdog process and other stuff to restart the process once suspended or closed; since we know how to bypass this kind of protection we did not add it
    - add a rootkit like function to hide the process from any user access level; self explaining why we do not add it
    - cause a BSOD (blue screen of death) once the process is closed; this could be abused by trojans and does not make much sense or is annoying to our users

    Since you can access your system on kernel level with drivers to kill processes, we did not find any protection we would like to add at the moment(administrator). If you have any ideas, you can let us know.

    At the moment this prevents non-privileged access on Ghostpress.
     
    Last edited: Mar 10, 2017
  25. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    12,239
    Causing a BSOD would be too much :eek:
    I think at the moment the current protection is sufficient.
     
Loading...
Similar Threads
  1. Uitlander
    Replies:
    29
    Views:
    3,050
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.