PSMAntiKeyLogger

Discussion in 'other anti-malware software' started by chiawaikian, May 7, 2006.

Thread Status:
Not open for further replies.
  1. chiawaikian

    chiawaikian Registered Member

    Joined:
    Sep 16, 2005
    Posts:
    46
  2. TECHWG

    TECHWG Guest

    I believe anti keylogging is a remnant of the past with really good HIPS software. My suggestion is ditch antikeylogging and opt for HIPS software instead. UNLESS you are working on a strictly OFFLINE pc, in which you could get away with only using antikeylogging measures perhaps. Also note that most people that want to keylog you will use GOOD keyloggers that are Kernel based and my guestimation is that 75% of antikeyloogging software are usermode hook based and can NOT prevent kernel mode keyloggers.
     
  3. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Had some "fun" with this baby !

    Did a search on here and found this by zorro zorrito 2004 https://www.wilderssecurity.com/showthread.php?t=53439

    ________________

    PSMAntiKeyLogger is a real-time protecting tool which protects you against not only Keyloggers but also from Screen captures

    PSMAntiKeyLogger Version 1.0.1 By truong2d

    Bugs : (0 open / 0 total)

    Development Status : 5 - Production/Stable

    http://sourceforge.net/projects/psmantikeyloger/

    truong2d = DoDucTruong = DDT Seoul Korea, who has other projects including, the Winsock Firewall which has been tried by posters on here, with mixed results !
    ________________

    I first scanned it at VirusTotal, clean

    http://img327.imageshack.us/img327/3599/vt11uc.png

    All the following was all done offline of course. Just for the record i'm on 98SE, so your experiences may be different ?

    I attempted to install it with Total Uninstall as normal, which froze just after it looked as if the App install was nearly finished, but not TU, and had to reboot. I tried again, similar experience. I then found it had installed after all, and was the first App to start up. Had a slight problem with ZoneAlarm throwing an error after Enabling vsinit.dll = TrueVector Service

    http://img327.imageshack.us/img327/3452/hook15xq.png

    Anyway i decided to press ahead, and rebooted again to fix this as ZA showed me i needed to, everything back to normal.

    Here's the GUI panels

    http://img384.imageshack.us/img384/1361/st121eh.png

    http://img327.imageshack.us/img327/9988/st340ys.png

    The help file doesn't appear to work as it's not in it's Program File folder. And trying to launch PMS from Windows Start or from it's Program File folder doesn't work for me. I had to Ctl/Alt/Del out of them. These things may be due to my install issues ?

    These are the items it's calling on as seen by Process Explorer, note Winpatrol and XAHook in there

    http://img384.imageshack.us/img384/308/pex17fg.png

    It appears to consume no resources, even during the following !

    Then it was time to put it to the test for real with two live Keyloggers, one at a time straight after each other, Martins undetectable keylogger and TinyKL, after disabling my AV. I forgot to disable BOCLean which jumped straight in as expected, along with PSMAntiKeyLogger as soon as i double clicked on them, so i shut BOCLean down too.

    http://img384.imageshack.us/img384/9551/pmsdetect17cy.png

    I disabled both and then unstalled etc the keyloggers cleanly and rebooted.

    For now it's still in and running permanently, if have any more news i'll let you know. It would be nice to hear about others trials with it on their systems. It's taken quite a bit of time to do this and put it all together, so i hope that some of you benefit from it too.

    Thanks for the heads up chiawaikian


    StevieO
     
  4. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Great review SteviO.

    Techwig stated about kernel based key loggers not being detectable by most anti keyloggers.

    Will this software detect as such?

    Quote from Undetectable keyloggers site:

    http://www.winsite.com/bin/Info?26000000037599

    As the name states, its undetectable. Its a simple stay-on-top program with a memo, that displays everything you type.

    It uses a special system of keyylogging,which is magnificent if i may say so myself, so dont be surprised if your anti-keylogging software doesnt block it.

    If you want to test your pc and see if it is truly protected against spyware, try this.

    Note to people who think slowly:

    This is NOT spyware, it is only intended for testing if your computer is is really immune to spyware.
     
  5. chiawaikian

    chiawaikian Registered Member

    Joined:
    Sep 16, 2005
    Posts:
    46
    I agree, that was a great review.

    StevieO, do I have permission from you to post your review elsewhere? Credits will be to you of course.
     
  6. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    @ Franklin

    The KL you mentioned and linked to, is actually one of the two i used in the tests, Martins undetectable keylogger ! So yes PMS did detect it, and instantly along with BOClean too, so very impressive.

    @ chiawaikian

    Yes sure, where will the review be ?

    _______________

    If both of you and others could also test it, that would be good. Thanks for the nice remarks, glad you liked it !


    StevieO
     
  7. chiawaikian

    chiawaikian Registered Member

    Joined:
    Sep 16, 2005
    Posts:
    46
  8. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Hi SteveO,gave it a run and had a major conflict with Sandboxie which was unable to read referenced memory at some address trying to start FF sandboxed.

    Can't remember exactly what it said.Should of grabbed a screenshot.:doubt:

    Uninstalled PMS and Sandoxie is working fine.Tried Snoopfree A/K and things seem ok at the moment.

    Do we really need a anti keylogger if we have ZAP installedo_O?
     
  9. chiawaikian

    chiawaikian Registered Member

    Joined:
    Sep 16, 2005
    Posts:
    46
    An anti-keylogger may not be very neccessary in this case since ZAP 6 has the OS Firewall feature.
     
  10. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    chiawaikian

    Thanks for the link, havn't seen it appear yet though ?

    Franklin

    Well you tried it out anyway, and as i also found, there wern't any problems uninstalling ! If you're using Sandboxie you shouldn't need anything else, unless you just used it to test PMS ?

    ____________

    I thought i would uninstall and reinstall to see if that made any difference to the initial install issues. I used the normal Control Panel removal method, followed by both Regseeker and Eusing registry cleans. This included manual searches deleting the few references i found, and also full Temp file etc flushes.

    When i rebooted to my surprise on opening the GUI, i found entries in there from the previous install ? This software is very clever in more ways than one as you will see in a moment. I think some of it's features like these, have been overlooked in the past with other software. These could just be due to the use of the Madshi code integrated within it, as is other software like Online Armor, and/or original coding by the author !

    Nancy_McAleavey from BOCLean had this to say about the MADSHI libraries the other day. ( can cause all of your other security (including firewall) to fail ) https://www.wilderssecurity.com/showpost.php?p=347929&postcount=17 mm

    I've been experiencing ZA Client closedown errors related to RPCRT4.DLL, so i presume PMS is connected in some way with this event. ZA appears to be still protecting me though.

    I tried to shut PMS down with Ctl/Alt/Del, Process Explorer, Starter, Winpatrol and Spybot. But it wouldn't allow any termination except via it's own exit, pretty good built in protection that i havn't seen very often ! I Could however disable it from next running on start up after a reboot with Winpatrol. You could of course use msconfig to do this, but WinPatrol offers more flexibilities, with it's various options just a few clicks away.

    I looked at a few sites for more info on RPCRT4.DLL errors.
    _________

    Microsoft

    This problem may occur if you have antivirus or firewall software that is installed and running on your computer.

    You may also experience remote procedure call (RPC) engine reliability issues in applications that use asynchronous RPC and RPC over HTTP functionality. The symptoms of RPC engine reliability issues may include the following: Client applications receive error messages that report unhandled access violation exceptions. Client applications that use RPC stop responding.
    _________

    I disabled DCOM and RPCSS a while back with no problems, so it's not that. Don't disable RPCSS on XP etc though, otherwise you might not be able to boot.

    So i'm keeping it installed on my PC, which means that i can run it on demand whenever i like, just to check what might be hooking etc. It's a shame that, on my system anyway, there appear to be some unresolved issues, as this could be a very good App indeed i feel. As i said before though, on your system things might be different, and i would say it's definately worth trying. Because apart from the ZA problem, on mine, it's a very impressive piece of software. A little bit more development work, and it will be up there with the best i think !


    StevieO
     
Thread Status:
Not open for further replies.