SpyShelter 12

Discussion in 'other anti-malware software' started by mood, Oct 21, 2019.

  1. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    929
    Location:
    Canada
    Your friend lost his Steam account because he was doing something online he shouldn't have been doing or because he had inadequate protection on his computer. The keylogger was a result of one or the other.
     
  2. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,038
    No, most likely he launched an infected file. If he'd been more careful, he wouldn't have got infected. The best protection against infection, is user behaviour, not adding extra security software.
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,592
    Location:
    The Netherlands
    I believe this is a bit too simple. We don't know anything about his friend. Perhaps he was tricked by someone into downloading a keylogger, this can happen to anyone. And we all know that AV's will never be able to offer 100% protection, you can see this in almost every AV test.

    Also, we don't know anything about people who are visiting this forum, perhaps some of them are big time crypto traders? So a little bit of extra protection can't hurt, especially in this new era where lots of people are working from home and their PC's may be an entry point to corporate networks.
     
  4. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    324
    Location:
    USA
    It took about a second for the 12.5 update from 12.4. Self-rebooted with no problems; runs OK. That is the fastest uninstall & update I have EVER seen.

    My license expires on the 16th and I had been getting Windows notifications about that and just haven't yet gotten around to buy a new one.

    But 12.5 warned I have a week remaining on my trial license, even though my name present in the "Licensed to" field on the About screen.

    Sigh.
     
  5. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    117
    Location:
    Finland
    Yes he did, NOD32 did not flagged it as a malware. But day after, NOD32 flagged it, but damage was already done. The malware itself was targeted to Steam users. It replaced Steam own "steam.exe" with its own 100% looking login window. When you enter your credentials, it will send those credentials to an attacker email.
    So i wonder, if SS or Keyscrambler could prevent this by scrambling login and password, so an attacker will get only scrambled login/pass text?
     
  6. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    744
    Location:
    U.S. Citizen
    Hi,
    Question,please!
    SpyShelterFW, is software, light, but incompatible with any AV Products still? Or some anti-viruses? Or SpyShelter change?
    Looking forward to your answer.......
     
  7. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    117
    Location:
    Finland
    @Moose World
    Worked with all AVs i've tested. But for sure, do not install with AV security software with their own firewalls :D
    NOD32+Spyshelter FW would be a very light combo.
    However, personally i don't use any firewall based on Windows' own firewall.
     
  8. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    744
    Location:
    U.S. Citizen
    @moredhelfinland,

    Appreciate your answer and insight........
    You may want to check the review/test on NOD32
    on YouTube with (malwarereviewz)

    Again, thank you.
     
    Last edited: Apr 11, 2021
  9. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    324
    Location:
    USA
    It's SpyShelter Anti-Keylogger and its stated core mission.

    23 of its 55 ProtectionModules are Anti Keylogging.

    When the good steam.exe was first run, a rule was created having a 48 character hash. Subsequent, legitimate updates thereafter create new hashes, of course. At the very least, when the sneaky, bad steam.exe got run, SS would evoke an alert based on hash check fail and/or one or more ProtectionModules.

    At least I hope that's how it works for any exe on my system. That would be a red flag for me if I hadn't updated the app and as I disable or block auto-updates for just about everything, e.g. microsoftedgeupdate.exe blocked in the firewall.

    If the bad steam.exe is allowed (And who would do that? :rolleyes: ) then the keylogger would act like a keylogger and trust SS to scramble the data.

    Faith in the any developer's expertise in protection is what we ultimately count on given acceptance in the court of professional, and public to a degree, acceptance. As I have yet to encounter any reports of persistent, miserable failure(s), I'll be buying another license next week. (That said, SS is one of the rare developers that doesn't renew or discount.)

    Cheers.
     
  10. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    117
    Location:
    Finland
    @Surt
    Even Keyscrambler does that. It does it simple way, very effective. As for SS, it seems to hook(prevent) some hooks that keyscrambler does not do. Which is a big plus in terms of keyloggin protection.
     
  11. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    117
    Location:
    Finland
    Zonealarm is the best, what becomes kernel mode fw drivers.
     
  12. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,038
    That's a shame, but it is a reminder of why you should never depend on antivirus, or any security software to protect you, as nothing provides 100% protection. It's very important to always be very careful about what files you open.
     
  13. osmandemi

    osmandemi Registered Member

    Joined:
    May 5, 2010
    Posts:
    79
    I couldn't use spyshelter because when I opened xbox gamepass games, keyloger protection prevented the keys from working. Xbox gamepass games update not working . Is this problem still going on ?
     
  14. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    630
    Location:
    USA
  15. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,971
    Location:
    Poland - Cracow
    :) Post #199

    @Surt
    If you think about detections of file changes...as I suppose...the answer is "YES". Here is an example of today's update of Thunderbird and detected actions - all of them have info "was changed"
    SS TB update 1.jpg
    SS TB update 2.jpg

    And here is an example of checking hash - you can see hashes of Edge/elevation_service.exe and time of creation
    SS hash.jpg
     
  16. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    324
    Location:
    USA
    Nice work, that gathering of screensnips in those composite jpgs. That is SS at work, all right, seen that a zillions times, and in agreement with my comment in #209, "...SS would evoke an alert based on hash check..." Of course, in allowing all that, you (we) trust that the source servers are OK.

    Otherwise, this recent sub-topic ponderings and moredhelfinland's inquiry in this thread was whether or not SS would scramble a keylogger enabled by a properly named but malicious exe to steal login credentials even in the event of a user allowing the SS "file was changed." I believe it would or even alert in further efficacy based one or another of its 23 modules. Then again, as roger_m reminds us... "nothing provides 100% protection."

    Ultimately, further discussion on how that malicious stream.exe got onto that user's system and completed its mission without an alert by an anti-something-or-another is beating a dead horse...
     
  17. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    Spy Shelter Premium has stopped working on my System. The tray icon does not load, and the GUI does not work despite the service and process running in the task manager. I try launching SpyShelter by using the desktop icon and Programs Menu, but nothing happens. I have no access to SpyShelter's GUI. I recently changed SpyShelter to launch as a Service, and I just installed this months patches for Windows 10. I also just changed SpyShelter to custom notifications under settings. I do not know if the problem is due to the recent changes I made to SpyShelter's Settings or if it is due to Windows 10 patch updates. I can't untick the option to start SpyShelter as a service since I do not have access to the GUI.

    I'm using a license version of SpyShelter Premium on Windows 10 Pro 20H2.

    Update #1:
    Support Ticket just sent to SpyShelter. 4-13-21 @ 7:17

    Update #2 4-13-21 @ 7:35
    I was able to get SpyShelter working again by killing the service, and SpyShelter Process from the task manager. I then restarted the service from Services under Administrative Tools. I was then able to launch the GUI and unticked the option to start SpyShelter as a service. SpyShelter is working fine now.

    Strange thing is SpyShelter does not allow stopping the service under Administrative Tools or net stop service name. I have asked for clarification from SpyShelter if this is expected behavior. I could only kill the service from the task manager (which is easier). I have sent a follow up message to SpyShelter, maybe they can improve their service.
     

    Attached Files:

    Last edited: Apr 13, 2021
  18. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    630
    Location:
    USA
    @ichito, please note that my post #214 (SS-Free 12.5 availability) was correct and timely. SS-Free 12.5 was NOT included with the Paid versions of 12.5 which were released last Wednesday (as you reported in post #199). SS-Free 12.5 wasn't released until a week later!
     
    Last edited: Apr 13, 2021
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,592
    Location:
    The Netherlands
    Yes SpyShelter and KeyScrambler should be able to protect against this with keystroke encryption. The only problem is that I see that a certain Steam folder is automatically added to the exception list, but I don't know if this means that steam.exe is not protected by SS. Actually, I forgot that this doesn't matter if you select "Encrypt keystrokes of all processes".
     
  20. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,971
    Location:
    Poland - Cracow
    Launching a file with "a properly named but malicious exe" is the first step only, for sure you can observe some next alerts about unknown actions. It depends on used settings and level of protection also. This an example I've posted some time ago
    https://www.wilderssecurity.com/threads/spyshelter-11.402823/page-5#post-2802181

    Sorry...you are right :thumb:
     
  21. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    665
    Location:
    Island of Woman
    so the tray icon going grey does it mean anything, the programme appears to function fine and block traffic or processes
     
  22. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    324
    Location:
    USA
    Check SpyShelterSrv in Services; should be Running, Automatic. If that, try stopping and starting it. Hope that helps.

    That's what I meant by "it would or even alert in further efficacy based one or another of its 23 modules" as "level of protection" and the "used settings" of the at least one of the 23 modules. I like using all 23. Thanks again for agreeing with me.
     
  23. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    665
    Location:
    Island of Woman
    the only thing I wonder is that dllhost.exe in.Use warning from SS, cant find any info
    can be blocked without bsods or visible problem
     
    Last edited: May 5, 2021
  24. pvsurfer

    pvsurfer Registered Member

    Joined:
    Sep 1, 2004
    Posts:
    1,541
    Location:
    USA
    SpyShelter discount code (valid for any/all SpyShelter Editions):

    SPS20-21

    Note: This offer is only valid until May 8, 2021


    How to use the discount code:
    Coupon code can be used on the product checkout page. Simply go to SpyShelter Purchase Page, select the product you want to purchase and the number of licenses, click the
    Purchase button, input the coupon code into the Your Coupon Code field and hit the Update button.
     
    Last edited: May 7, 2021
  25. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    I have discovered a bug with Spyshelter 12.5 premium after having tried the Restricted Apps feature. The Restricted Apps module is still being enforced even after having disabled Spyshelter. I even tried disabling Spyshelter, closing SpyShelter, and stopping the SpyShelter Service. This is a big problem since I need to disable Spyshelter when updating some Restricted Apps. Take Firefox for instance, updater.exe writes to C\Program Files\ during the update process, and I do not want to allow write access to the entire C:\Program Files\ directory; it defeats the point of restricting vulnerable apps.

    Below is a screenshot of the folders I allow write access to and a screen shot of the write attempt being blocked during an attempt to update Firefox. The write attempt I am referring to is marked inside the red box. This block occurs after having disabled Spyshelter, completely shutting down the appliction, and stopping the Spyshelter Service. Also, note that I added the the Mozilla Maintenance folder in the C:\Program Files x86 Folder to the Allowed Write Access list after seeing the write attempts blocked in the log, so ignore those blocked entries in the log.

    Edit 9-24-21 @ 5:27
    I just created a support ticket for this with SpyShelter.
     

    Attached Files:

    Last edited: Sep 24, 2021
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.