SSM failing keylogger test

Discussion in 'other anti-malware software' started by djg05, Nov 4, 2006.

Thread Status:
Not open for further replies.
  1. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    I have been playing around with ProSecurity and SSM and decided in the end I preferred SSM.

    I have now come across in another thread about Martin's Undetectable Keylogger which SSM fails. It does alert about the program launch. That could be any expected program so it is allowed. Next it warned about the Keylogger hooking on and that was blocked, however the K/L program still worked and capture the key/mouse actions.

    Running it a second time it failed to detect the keylogging.

    Anyone else have any experience with this and wonder how ProSecurity reacts to it?
     
  2. PSDeveloper

    PSDeveloper Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    93
    I just test your problem for ProSecurity. PS can detect this program from lunch and this type of keylogger can been detected and blocked in the next version(v1.22).
     
  3. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,folks: Just run the test w/ AVG AS (formerly Ewido) plus, the so called undetectable becomes a visible and detectable, and eliminated right away before my bare eyes. AVG AS plus :thumb: this time.
     
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Look through your process list. Remove Martin's undetectable keylogger. Check if learning mode is off. Disconnect the user interface of SSM with the paranoid option. Try again.

    I ran the test with the combo SSM + DefenseWall. So I do not know whether SSM alone protects it.
     
  5. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    I had already done that. Removed Martin and ran again. It notified the program launch but fail to notify about the keylogger this time.
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Are u using full version of SSM?
     
  7. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    It,s nothing great if Ewido detected it by signature( that I suspect to be the case). What is the pop up from Ewido in this case?
     
  8. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    Yes - version 2.1.15.592, not beta
     
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    This keyloger has been discussed on their forum and it would have been detected. U should post on their forum.
     
  10. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    Just d/l the latest beta from SSM and that detects it but not until you click outside the box - so don't know what that means.
     
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I´m using the freeware version and it does not alert me about hooks, but I believe the Pro version should detect it with the "low level keyboard access filter". But I´m not sure if it´s a real threat since it didn´t seem to be able to monitor my keystrokes.
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Why? What is blocking it?
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Well I guess nothing is blocking it but it still does not work. I will test again.
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    It does work now, so something went wrong, pretty nifty tool, more apps should protect against this method IMO. :ninja:
     
Loading...
Thread Status:
Not open for further replies.