NOD32 can't detect perfect keylogger!!!

Discussion in 'NOD32 version 2 Forum' started by wid4008, Nov 29, 2004.

Thread Status:
Not open for further replies.
  1. wid4008

    wid4008 Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    3
    I created a remote installtion package (i.e. trojan) from the latest version (1.62) of Perfect Keylogger and scanned it using the most secured features (i.e. Deep Heuristic....) of NOD32 but NOD32 found absolutely nothing wrong with the file at all! :'(

    Now the question is, how safe am I with NOD32?
    I will not be safe at all should I recieve similar file from someone else who created the .exe file with Perfect Keylogger as NOD32 pass it off as perfectly alright. :doubt:

    If you don't believe me you can download perfect keylogger and try it out for yourself.
     
  2. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    How safe would one be from an attack by bees using a baseball bat for defense?

    In regards to NOD32 - you are at your safest from a viral attack but if you desire a good defense from a key logger you must turn elsewhere as NOD32, we believe, makes no claims against key loggers.

    Best wishes
     
  3. wid4008

    wid4008 Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    3
    Thanks for the reply. Maybe you got a point there.
    So you are trying to say that NOD32 is absolutely useless against Perfect Keylogger right? Then whta does the 'potentially dangerous programs' diagnostic method under the scan option effective against then?

    I have uploaded the trojan file in question and anyone can download it to try if NOD32 can detect anything funny about this file.
    Go to this website to get the file.

    snip - against TOS = Blackspear

    It is absolutely safe to download the file BUT EXECUTE THE FILE AT YOUR OWN RISK! Just download the file and scan it with NOD32 and you will know what I am talking about.
     
    Last edited by a moderator: Nov 29, 2004
  4. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    I don't understand why are ppl nagging about undetected stuff on forums.
    Every AV company has a submission mail address or webform and submit it there instead f wasting time,bothering other users with things that they cannot do anything about. Also many users get feeling that specific AV misses too much when they see such posts (but in the end,missing specific samples is a common practice of every AV). Just my opinion.
    Also many commercial keyloggers isn't icluded in virus definitions,because they are commercial (also depends on AV policy).
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Wid4008 please refrain from posting such links, it is against Wilders TOS.

    Cheers :D
     
  6. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    ...and no AV catches all - at least not at the same time, as shows from this pic coming from Jotti few minutes ago:
     

    Attached Files:

  7. eisefr

    eisefr Registered Member

    Joined:
    Nov 23, 2004
    Posts:
    153
    Location:
    Germany
    A Keylogger is NOT a virus in my eyes.
    Its a software what is tracing the inputs from a user.

    This is a more ore less legal thing. Some companies are using such software to keep an eye on their coworkers. None of those companys go in public with that fact.. but the fact about there being so many companies selling such key loggers tells me enough.

    But I don't think its necassary for a anti VIRUS - software to give me an alarm when a key logging software is running in the background.

    If I want to be sure no such software is running on my computer I can install other software... like mentioned above. (Ad aware... etc.)
     
  8. quexx88

    quexx88 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    235
    Location:
    Radnor, Pennsylvania
    I downloaded a trial version of 1.62 of Perfect Keylogger. When I scanned the installer, nothing was found. Upon running the installer, both NOD32 and ewido went off, and deleted it.
     
  9. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,775
    Location:
    Texas
    You can do a search for "logger" on the NOD definitions update page and see that they have been adding these for awhile now.
    I think the days of the "pure" antivirus" are behind us now. Some adware and spyware can be as bad or worse than a virus.

    My two cents.
     
  10. Ineke

    Ineke Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    20
    Location:
    NL
    Time Module Object Name Virus Action User Info
    29-11-2004 17:49:41 AMON file C:\DOCUME~1\INEKEV~1\LOCALS~1\Temp\RarSFX0\bpkhk.dll Win32/Spy.PerfKey.12 trojan deleted

    So it found it correct.......and deleted !!
     
  11. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    A little off topic , but i always wondered whetehr this small freeware keylogger detector works?.I have 98 so cant try it. I would be intrested to know if anyone has though,and whther it works....
    http://dewasoft.com/privacy/kldetector.htm
    ellison
     
  12. ShunterAlhena

    ShunterAlhena Registered Member

    Joined:
    Aug 1, 2004
    Posts:
    134
    Location:
    Szigethalom, Hungary
    I don't know, once I tried to install Perfect Keylogger Amon fired and warned me.
    Ad-Aware also gets is.
    So it should not pose a security threat :)
     
  13. leehigdon3

    leehigdon3 Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    132
    Location:
    Plano, TX USA
    Absolutely. Many of these "trojans" are extremely difficult to accurately detect as well as remove. The proof of this is the malware detection rates for even the very best products, when focused on trojans and backdoors.
     
  14. ShunterAlhena

    ShunterAlhena Registered Member

    Joined:
    Aug 1, 2004
    Posts:
    134
    Location:
    Szigethalom, Hungary
    May I ask for your opinions on the following combination:
    NOD32 mainly for viruses, keyloggers and some trojans, AMON/IMON running all time
    Ad-Aware for adware, spyware and some trojans (on-demand scan)
    Kerio Personal Firewall with out and inbound filtering, with all ports stealthed

    Can you suggest any addition, or is it secure "as is"?

    Ps. I regard myself as a "low risk user" :)
     
  15. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Yes,its enough. You can use SpyBot for spyware too,since Ad-aware is not almighty... Everything is just fine.
     
  16. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi ShunterAlhena, you may want to take a look here for further discussion on security and how to make your system that much stronger, and here for more discussions.

    Hope this helps...

    Cheers :D
     
  17. Hitmaster

    Hitmaster Guest

    This may seem somewhat off topic, but I tried sending a remote installation of my Perfect Keylogger to someone's hotmail account, but hotmail detects it as a virus and does not let it be received. In my opinion, any keylogger this easily detected can not be too great =/
     
  18. ShunterAlhena

    ShunterAlhena Registered Member

    Joined:
    Aug 1, 2004
    Posts:
    134
    Location:
    Szigethalom, Hungary
    Thanks BlackSpear!
    I lurk here on weekly basis with some posts as well but I already see you are essential to this forum :)
     
  19. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    It's also worth remembering that if someone with sufficient programming knowledge (or the money to purchase that knowledge) recompiles P/K, it's quite problematic whether the HotMail filters will still catch it.

    In that case, if you're absolutely sure you're starting with a clean computer , and you're running ProcessGuard, you should be warned regardless. (And one would think the size of the attachment might be a tip-off, also). Pete
     
    Last edited: Dec 9, 2004
  20. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Hotmail sees ANY attachment that isn't zipped as a probable virus and won't let you receive them so that is no clue to how good or bad perfect keylogger is
     
Thread Status:
Not open for further replies.