Powered Keylogger Undetectable?

Discussion in 'other anti-malware software' started by Searching_ _ _, Sep 30, 2008.

Thread Status:
Not open for further replies.
  1. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    I wonder if it is still undetectable. [​IMG]
    Hasn't been updated since September 2007.
    It uses a kernel level driver.

    http://www.security-utilities.com/keylogger.html

    Detection List
     
  2. xtree

    xtree Registered Member

    Joined:
    Dec 4, 2006
    Posts:
    96
    Undetectable when installed beforehand?
    Don't let it be installed. ;)
     
  3. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    785
    Location:
    Sverige
    I just scanned the installer itself with superantispyware,malwarebytes antimalware, agnitum spyware scanner, avira, and kaspersky.

    Only agnitum and avira detected the installer as malware.
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i tried it againts ProcessGuard stop the installer from installing after i allow to run.i think it uses some kernel tecniques.
     
  5. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    F-Secure 2009 pops it.

    C:\Users\Austin\Desktop\powered_keylogger.exe Action: quarantined
     

    Attached Files:

    Last edited: Sep 30, 2008
  6. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Can't run in a tightened sandbox.
    Keylogger.jpg
    VT.jpg
     
  7. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    During installation and running, Comodo Defense+ finds it.
    MSK.jpg
     
  8. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    kaspersky blocks it.
    riskware not-a-virus:monitor.win32.powerlogger
    maybe someone can installl in a vm and see if anything detects it once active.
    such as superantispyware, major av's,anti rootkit tools etc.
     
  9. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    SAS doesn't detect it. I have Trend Micro 2009 , SAS Pro and Comodo on my spare system.
    On installing, only Comodo Defense+ gave alerts. Both Trend Micro ans SAS-Pro were silent. Scanning memory and scanning in safe mode ( the directory of the keylogger) did not change anything. Both SAS Pro and Trend missed it cold !!

    EDIT: A-Squared/Ikarus detects it as not-a-virus:Monitor.Win32.PowerLogger.220
     
  10. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Yes but is it really malware as it still needs installation with no rogue like symptoms and some may have a use for it?

    Also it's advertised as to it's full capabilities.
     
  11. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    703
    Detected by Prevx 2.0 and Prevx CSI as soon as the download to the desktop finished. Didn't need to try and install it.:thumb:
    No reaction from GeSWall, presumably you would need to run it for GeSWall to detect it.
     
  12. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    I can not try, because that AVIRA AntiVir - CATCH IMMEDIATELY before downloading completely ...:-*

    PROROOTECT
     
  13. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    903
    Avast caught it as soon as I tried to download it.
     

    Attached Files:

  14. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Avast bravo!... It seems, it is somewhat improved ... for this case ...:blink:
     
  15. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    903
    Only 3 AVs flag the installer at ~VirusTotal link removed per policy. - Ron~ and Avast wasn't one of them. Maybe due to them using a different version of avast at VT.

    I didn't try to install the logger to see how well it hides itself after installation.
     
    Last edited by a moderator: Sep 30, 2008
  16. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    well obviously that tells you something about Virus Total as we have screenshots showing more catching it then they seem to show.
     
  17. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    If I upload Powered Keylogger 2.2.exe to VT I get "file has already been analysed" which shows 15 detections on the 28th of this month with 35 scan engines.

    If I hit re-analyze it shows 17 detections for todays date with 36 scan engines?
    VT before.jpg

    VT After.jpg
     
  18. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    903
    ~Link removed per policy. - Ron~


    Oops, my bad....sorry Ronjor. I went back and read the policy on VT and Jotti results. Won't happen again.:oops:
     
  19. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    903
    Franklin,

    After reading your post and thinking about it for a bit I decided to download the logger again and upload it to VT a second time. This time I got the same results as you did 17/36 detections (Avast was one of them) so I am not sure what happened the first time I sent it to VT. The only thing I can think of is that when avast popped up the first time I downloaded it and I ignored the warning that Avast somehow corrupted changed the file?? This time I disabled Avast while downloading the file.
     
  20. BrendanK.

    BrendanK. Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    520
    Location:
    Australia
    NIS 2009 gobbled it up.
     
  21. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    Has anbody tried this against Defensewall?
     
  22. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Nod32 detected it but not a word from threatfire at defaults.
     

    Attached Files:

  23. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Dr Web cureit detects it after its installed.
     
  24. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Strange behaviour of Avast free

    I have Avast standard shield only, no web based scnaner, Avast does not warn when writing to disk!, Right click and scan and it give a warning?


    Would you check with the web shield disabled and write it to you hard disk (standard shield should catch it). This to find out whether it is a general inconsistency or only my set up.

    Thanks
     
  25. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Driver won't install
     
Thread Status:
Not open for further replies.