Through the Eyes of a Keylogger versus HIPS

Discussion in 'other anti-malware software' started by aigle, Mar 12, 2009.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    http://www.aplin.com.au/?page_id=531

    It seems interesting. Tried it with CFP.

    Keys logging -- CFP Passed
    Logging of Applications launched n web sites visited --- CFP Failed
    Clipbpard logging ---- CFP failed
    Screen capture ---- CFP PASSED

    1.jpg
    2.jpg
    3.jpg
     
  2. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    GesWall

    Keys logging -- GW Passed
    Logging of Applications launched n web sites visited --- GW Failed
    Clipbpard logging ---- GW failed
    Screen capture ---- GW Passed
     

    Attached Files:

    • GW.jpg
      GW.jpg
      File size:
      69.8 KB
      Views:
      1,932
  3. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    DefenseWall:
    Keys logging -- Passed (inform about this event, but if you don't click Terminate button - then failed (keys still will be logging)
    Logging of Applications launched n web sites visited --- Failed
    Clipboard logging ---- Passed (DW inform about this event, and again you have to press Terminate button on notification to close rogue application)
    Screen capture ---- Passed


    Online Armor (paid v.3.1.0.26):
    Keys logging -- Passed
    Logging of Applications launched n web sites visited --- Failed
    Clipboard logging ---- Passed/Failed (OA only shows an information about that the running software will be able to record what you type - no any information about Clipboard logging)
    Screen capture ---- Passed
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks for adding this.
     
  5. NoIos

    NoIos Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    607
    Thank you for the infos.
     
  6. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    You are wecome :)

    BTW i sent this file to Jotti and 3 AV found this file as a malicious software:
    F-Secure Anti-Virus Found Trojan.Win32.VB.kll
    Kaspersky Anti-Virus Found Trojan.Win32.VB.kll
    Sophos Antivirus Found Mal/VB-G

    I wonder if thats FP or not :D
     
    Last edited: Mar 12, 2009
  7. chris1341

    chris1341 Guest

    Not exactly HIPS but Zemana is supposedly designed to prevent exactly these type of things.

    Results:

    Keys logging -- Passed
    Logging of Applications launched and web sites visited --- Failed
    Clipbpard logging ---- Failed
    Screen capture ---- Passed

    Cheers
     
  8. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    703
    Zemana Antilogger stops this, the one pop-up - blocked, cannot get it to run anymore, simply won't start:
     

    Attached Files:

  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Allow it once and see if u get more alerts about clipboard and screen logging?
     
  10. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    703
    Will do in a little while when I have a spare minute.
     
  11. MeFer

    MeFer Registered Member

    Joined:
    Dec 16, 2008
    Posts:
    89
    1-OPFW

    Pop-up for all but failed all also.
    Keys logging Passed
    Screen capture Failed
    Clipbpard logging Failed

    2-ZEMANA

    Pop-up for all but;
    Keys logging Passed
    Screen capture Passed
    Clipbpard logging Failed
     
    Last edited: Mar 12, 2009
  12. chris1341

    chris1341 Guest

    I think it depemnds on settings. I had set it to

    nnn.gif

    This I think lets the application launch but should alert on potentially harmful actions. Basically I wanted to see whether Zemana recognised the applications activities as 'potentially harmful'.

    Got this which I blocked:

    ppp.jpg

    But result still this

    qqq.gif

    Cheers
     
  13. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Can any of you confirm if what I am experiencing corresponds to the reality of things or not.

    I tested this, and after that, I noticed something odd with some keys of my keyboard.

    I've noticed that now, everytime I press ~~ ^^ ´´ ``, they appear twice. I'm not sure whether or not all of you have these same keys on your keyboard, because some languages may not have such accents, or all of them.

    Can you tell me if you're also experiencing it?


    Thanks
     
  14. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I thought Zemana prevented clipboard logging. Are there any programs that do?
     
  15. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    703
    Allowed it once and it runs, allows everything. Also tried it with different settings in Zemana and it was blocked without any pop-up at all. Screenshot of settings below. PrevxEdge also blocked it. Needless to say DefenseWall blocks it with a Terminate option.
     

    Attached Files:

  16. chris1341

    chris1341 Guest

    Yes, I see. It's these we have different, hence the different results

    rrr.gif

    I set it like this as I wanted to see how it performed on all 4 areas. Wheras I think on your settings if it recognises even 1 of the 4 it will permanantly block the application.

    cheers
     
  17. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    703
    When I tested first time I had Zemana in default settings, it looks as though yours are in Expert Mode. I tried the 'Custom settings' the second time to see what would happen :)
    Perhaps have a go in Expert settings tomorrow.
     
  18. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Tested with Malware Defender 2.1.0 beta.
    Got an alert every time in all 4 tests.

    Through the Eyes of a Keylogger screenshot.png

    MD alert 1.png

    MD alert 2.png


    Chose deny and kill process on each alert.
    MD passed with flying colors. :thumb:
     
  19. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
  20. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    m00nbl00d - I confirm they appear twice ; it is normal ...
     
  21. chris1341

    chris1341 Guest

    Can anyone confirm. No doubt I've done something wrong but I did as LoneWolf and sure enough MD passed all. Used deny and kill but not create rule. I the ran the app again and chose the combined test. This is what I got. No pop ups from MD.

    mmm.gif

    Rule looks like this

    ppp.gif

    As I say I'm sure its me and something to do with my original decisions but but some confirmation that others see MD passing would be nice.

    Cheers
     
  22. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Edge wont even let it run. Also disable Edge and it still grabs it.
     

    Attached Files:

  23. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Prevx disabled and still nabs it.
     

    Attached Files:

  24. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    I tried Netchina and EQSecure (default ruleset) and both would kill the app initially and then let it run after that. I didn't create any rules either.
     
  25. Iam_me

    Iam_me Registered Member

    Joined:
    Feb 6, 2009
    Posts:
    89
    Are some in here crazy blocking the app from running does not mean a pass.. :rolleyes: :rolleyes:


    Comodo passes then as well.. and so does most HIPS probably.
     
Loading...
Thread Status:
Not open for further replies.