Powered Keylogger Undetectable?

Discussion in 'other anti-malware software' started by Searching_ _ _, Sep 30, 2008.

Thread Status:
Not open for further replies.
  1. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    I wonder if it is still undetectable. [​IMG]
    Hasn't been updated since September 2007.
    It uses a kernel level driver.

    http://www.security-utilities.com/keylogger.html

    Detection List
     
  2. xtree

    xtree Registered Member

    Joined:
    Dec 4, 2006
    Posts:
    96
    Undetectable when installed beforehand?
    Don't let it be installed. ;)
     
  3. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    816
    Location:
    Sverige
    I just scanned the installer itself with superantispyware,malwarebytes antimalware, agnitum spyware scanner, avira, and kaspersky.

    Only agnitum and avira detected the installer as malware.
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,890
    Location:
    Canada
    i tried it againts ProcessGuard stop the installer from installing after i allow to run.i think it uses some kernel tecniques.
     
  5. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,100
    Location:
    North Carolina USA
    F-Secure 2009 pops it.

    C:\Users\Austin\Desktop\powered_keylogger.exe Action: quarantined
     

    Attached Files:

    Last edited: Sep 30, 2008
  6. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Can't run in a tightened sandbox.
    Keylogger.jpg
    VT.jpg
     
  7. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    During installation and running, Comodo Defense+ finds it.
    MSK.jpg
     
  8. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,041
    kaspersky blocks it.
    riskware not-a-virus:monitor.win32.powerlogger
    maybe someone can installl in a vm and see if anything detects it once active.
    such as superantispyware, major av's,anti rootkit tools etc.
     
  9. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    SAS doesn't detect it. I have Trend Micro 2009 , SAS Pro and Comodo on my spare system.
    On installing, only Comodo Defense+ gave alerts. Both Trend Micro ans SAS-Pro were silent. Scanning memory and scanning in safe mode ( the directory of the keylogger) did not change anything. Both SAS Pro and Trend missed it cold !!

    EDIT: A-Squared/Ikarus detects it as not-a-virus:Monitor.Win32.PowerLogger.220
     
  10. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Yes but is it really malware as it still needs installation with no rogue like symptoms and some may have a use for it?

    Also it's advertised as to it's full capabilities.
     
  11. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    747
    Detected by Prevx 2.0 and Prevx CSI as soon as the download to the desktop finished. Didn't need to try and install it.:thumb:
    No reaction from GeSWall, presumably you would need to run it for GeSWall to detect it.
     
  12. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    I can not try, because that AVIRA AntiVir - CATCH IMMEDIATELY before downloading completely ...:-*

    PROROOTECT
     
  13. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    916
    Avast caught it as soon as I tried to download it.
     

    Attached Files:

  14. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Avast bravo!... It seems, it is somewhat improved ... for this case ...:blink:
     
  15. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    916
    Only 3 AVs flag the installer at ~VirusTotal link removed per policy. - Ron~ and Avast wasn't one of them. Maybe due to them using a different version of avast at VT.

    I didn't try to install the logger to see how well it hides itself after installation.
     
    Last edited by a moderator: Sep 30, 2008
  16. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,100
    Location:
    North Carolina USA
    well obviously that tells you something about Virus Total as we have screenshots showing more catching it then they seem to show.
     
  17. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    If I upload Powered Keylogger 2.2.exe to VT I get "file has already been analysed" which shows 15 detections on the 28th of this month with 35 scan engines.

    If I hit re-analyze it shows 17 detections for todays date with 36 scan engines?
    VT before.jpg

    VT After.jpg
     
  18. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    916
    ~Link removed per policy. - Ron~


    Oops, my bad....sorry Ronjor. I went back and read the policy on VT and Jotti results. Won't happen again.:oops:
     
  19. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    916
    Franklin,

    After reading your post and thinking about it for a bit I decided to download the logger again and upload it to VT a second time. This time I got the same results as you did 17/36 detections (Avast was one of them) so I am not sure what happened the first time I sent it to VT. The only thing I can think of is that when avast popped up the first time I downloaded it and I ignored the warning that Avast somehow corrupted changed the file?? This time I disabled Avast while downloading the file.
     
  20. BrendanK.

    BrendanK. Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    520
    Location:
    Australia
    NIS 2009 gobbled it up.
     
  21. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    Has anbody tried this against Defensewall?
     
  22. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Nod32 detected it but not a word from threatfire at defaults.
     

    Attached Files:

  23. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Dr Web cureit detects it after its installed.
     
  24. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Strange behaviour of Avast free

    I have Avast standard shield only, no web based scnaner, Avast does not warn when writing to disk!, Right click and scan and it give a warning?


    Would you check with the web shield disabled and write it to you hard disk (standard shield should catch it). This to find out whether it is a general inconsistency or only my set up.

    Thanks
     
  25. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Driver won't install
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.