MultiLogger test challenge

Discussion in 'other anti-malware software' started by CloneRanger, Oct 21, 2010.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    I discovered this the other day and it sounded like a very comprehensive all in one Logger app. Not having heard anything about it before, and not much on the web either ?

    I thought i'd install it and see how my security apps stood up to it, or not. So i enabled SD, allowed it through PG & PEG, and went ahead.

    Here's just a few screenies to give you a flavour.

    1.gif

    2.gif

    3.gif

    More
     
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    z1.gif

    z2.gif

    z3.gif

    z4.gif

    z5.gif

    Not a peep from Prevx though ?

    More
     
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Got this alert

    za1.gif

    In the EULA is this

    Consent to Use of Data

    On their www it says this

    Slight difference i think you'ld agree :D

    For some reason i could not find any logs or screen captures etc etc ? So i thought some of you might be up for the challenge and see what you could discover, and test your apps with it ;)
     
  4. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    Interesting..... not good for Prevx.
     
  5. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Have you tried to mimic entering credentials in websites guarded by Prevx (I'm assuming you mention SafeOnlineo_O)?
     
  6. tony62

    tony62 Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    214
    Location:
    UK
    Hi,

    Look at the remote IP address in the screenshot. It is a loopback/connection to your own computer. Besides, the process is from Windows:
    Link

    EDIT: Although i agree that the EULA is somewhat interesting.
     
    Last edited: Oct 21, 2010
  7. tony62

    tony62 Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    214
    Location:
    UK
    They also have an active forum, which, from my experience is a good sign:
    Forum
     
  8. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I couldn't find any other information except that it belongs to Windows for Windows Update, but I cannot find it in Windows 7. None of the info I've read states to which Windows versions it belongs.

    The only process I've found, similar to that name is wuauclt.exe
     
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
  10. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    It seems more likely to me that wuaudt.exe is simply a misread wuauclt.exe due to a specific font size and font type.

    Sites like Liutilities.com (link) and Processlibrary.com (link) (both sites are from Uniblue) show a page for wuaudt.exe but I would bet $ that it's a mistake on their side.
    (Which would be a bad thing if f.i. a trojan is named that way and folks come across those Uniblue pages and therefore assume it's a legit process).
     
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    These two processes are for the logger.
     

    Attached Files:

    • a.jpg
      a.jpg
      File size:
      9.8 KB
      Views:
      463
  12. tony62

    tony62 Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    214
    Location:
    UK
    Yes, very close to "wuaudt.exe"!! I just found this:
    Link
     
  13. tony62

    tony62 Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    214
    Location:
    UK
    There is a fairly recent review over at TechRepublic Here
     
  14. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    No :(

    Yes, but even though Zemana detected what it did, i'm not 100% sure BB was working properly on my comp ! However, as Zemana showed the capturing, i would have expected Prevx to as well, why it didn't ?

    Isn't it :D

    Yes thanks, i just showed that FYI

    Could be, not many posters though. Maybe not a lot of people know about it ?

    Yes thanks i saw that, not much else though.

    Not disable, otherwise i couldn't have taken the screenies ;) But i allowed everything.

    Indeed they are ;)

    *

    Be nice if some of you could install and test it, and see how it goes for you :thumb:
     
  15. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    That makes two of us :) You were actually the first person in the entire Prevx community to install this, which is likely a big part of why it wasn't picked up (especially with other security installed that was monitoring/blocking actions). I've tested it here without Zemana installed and SafeOnline protected all entered information silently (it intentionally will not show any warnings).

    As a note to anyone testing this against behavior blockers (Prevx isn't a behavior blocker so it shouldn't be put into this category): they've digitally signed all of the files and their company is listed as legitimate so most AVs/behavior blockers will allow this through.

    Just my $0.02 :)
     
  16. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    I like the silent approach:D
     
  17. tony62

    tony62 Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    214
    Location:
    UK
    I am interested in this application from a business point of view & will take a look at it this weekend.
    Thanks for finding it for us.
     
  18. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    :D

    Do i get a badge :D

    Sure about not detecting the install/app.

    But i allowed everything.

    That's good :)

    Whilst we're on the subject, it would be very useful if in future PSOL would display such blocking in real time. That way people would know for sure, they had something attempting to log etc, and that PSOL was preventing it = :thumb:

    As well as the free version, they have and/or are testing a Pro version for business etc, so it would be good to hear about your experiences with either versions :thumb:

    Pleasure :)

    *

    I wonder how it would/does fare against SpyShelter etc etc ?
     
  19. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi, nothing un-usual in this one. GesWall wil not let it install and CIS in default mode prompted to sandbox it and if done so, it was not installed.

    Once installed PrevxSOL and KS both protect against its keylogging. SOL protects from https session snapshots too.
     
  20. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,976
    Location:
    Eastern PA, USA
    Haha, NIS2011 blocked asmsoftware as a malicious site. Surprise, surprise!:p

    AAR, from your description it sounds alot like the functionality of Specter Pro. if so, it doesn't sound too bad for free, assuming one has a "legitimate" use for it.:ninja:

    P.S. Of course, I realize OP is talking about this as a multilogger test challenge and not inviting debate over its use.
     
  21. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Nice :thumb:

    But did you install & run it and see what you apps detected ?

    Indeed ;)

    *

    Did anyone manage to get the email and/or sms texting notifications to work ? The panel was greyed out for me ? as i showed in a sceenie above.
     
Loading...
Thread Status:
Not open for further replies.