MultiLogger test challenge

I discovered this the other day and it sounded like a very comprehensive all in one Logger app. Not having heard anything about it before, and not much on the web either ?

I thought i'd install it and see how my security apps stood up to it, or not. So i enabled SD, allowed it through PG & PEG, and went ahead.

Here's just a few screenies to give you a flavour.







More

 

Not a peep from Prevx though ?

More

 

Got this alert



In the EULA is this

Consent to Use of Data

On their www it says this

Slight difference i think you'ld agree

For some reason i could not find any logs or screen captures etc etc ? So i thought some of you might be up for the challenge and see what you could discover, and test your apps with it

 

Interesting..... not good for Prevx.

 

Have you tried to mimic entering credentials in websites guarded by Prevx (I'm assuming you mention SafeOnline)?

 

Hi,

Look at the remote IP address in the screenshot. It is a loopback/connection to your own computer. Besides, the process is from Windows:

Link

EDIT: Although i agree that the EULA is somewhat interesting.

 

They also have an active forum, which, from my experience is a good sign:
Forum

 

I couldn't find any other information except that it belongs to Windows for Windows Update, but I cannot find it in Windows 7. None of the info I've read states to which Windows versions it belongs.

The only process I've found, similar to that name is wuauclt.exe

 

Did you disable Zemana during logger,s install?

 

It seems more likely to me that wuaudt.exe is simply a misread wuauclt.exe due to a specific font size and font type.

Sites like Liutilities.com (link) and Processlibrary.com (link) (both sites are from Uniblue) show a page for wuaudt.exe but I would bet $ that it's a mistake on their side.
(Which would be a bad thing if f.i. a trojan is named that way and folks come across those Uniblue pages and therefore assume it's a legit process).

 

These two processes are for the logger.

 

Yes, very close to "wuaudt.exe"!! I just found this:

Link

 

There is a fairly recent review over at TechRepublic Here

 

No

Yes, but even though Zemana detected what it did, i'm not 100% sure BB was working properly on my comp ! However, as Zemana showed the capturing, i would have expected Prevx to as well, why it didn't ?

Isn't it

Yes thanks, i just showed that FYI

Could be, not many posters though. Maybe not a lot of people know about it ?

Yes thanks i saw that, not much else though.

Not disable, otherwise i couldn't have taken the screenies But i allowed everything.

Indeed they are

*

Be nice if some of you could install and test it, and see how it goes for you

 

That makes two of us You were actually the first person in the entire Prevx community to install this, which is likely a big part of why it wasn't picked up (especially with other security installed that was monitoring/blocking actions). I've tested it here without Zemana installed and SafeOnline protected all entered information silently (it intentionally will not show any warnings).

As a note to anyone testing this against behavior blockers (Prevx isn't a behavior blocker so it shouldn't be put into this category): they've digitally signed all of the files and their company is listed as legitimate so most AVs/behavior blockers will allow this through.

Just my $0.02

 

I like the silent approach

 

I am interested in this application from a business point of view & will take a look at it this weekend.
Thanks for finding it for us.

 

Do i get a badge

Sure about not detecting the install/app.

But i allowed everything.

That's good

Whilst we're on the subject, it would be very useful if in future PSOL would display such blocking in real time. That way people would know for sure, they had something attempting to log etc, and that PSOL was preventing it =

As well as the free version, they have and/or are testing a Pro version for business etc, so it would be good to hear about your experiences with either versions

Pleasure

*

I wonder how it would/does fare against SpyShelter etc etc ?

 

Hi, nothing un-usual in this one. GesWall wil not let it install and CIS in default mode prompted to sandbox it and if done so, it was not installed.

Once installed PrevxSOL and KS both protect against its keylogging. SOL protects from https session snapshots too.

 

Haha, NIS2011 blocked asmsoftware as a malicious site. Surprise, surprise!

AAR, from your description it sounds alot like the functionality of Specter Pro. if so, it doesn't sound too bad for free, assuming one has a "legitimate" use for it.

P.S. Of course, I realize OP is talking about this as a multilogger test challenge and not inviting debate over its use.

 

Nice

But did you install & run it and see what you apps detected ?

Indeed

*

Did anyone manage to get the email and/or sms texting notifications to work ? The panel was greyed out for me ? as i showed in a sceenie above.