Unhackme & Anti-Keylogger

I don't know if anyone else has this issue but Unhackme detects Anti-Keylogger
as a rootkit because of the way Anti-Keylogger works.
I think Dimirty is going to ad an exclusion feature in the near future.
What I find odd is that Unhackme detects it for a few days, then stops untill
I install a new beta version. Unhackme then detects Anti-Keylogger again as a root kit ofr a few days , then stops.
Wierd huh?

Bruce

 

Hi Bruce,

Thank you for your help!
I can said that AntiKeylogger works similar to rootkits.
It runs Anti-keylogger.exe (interface module) as hidden process.
A user have no way to stop this process.
It also installed the driver "scrambler.sys" to the %SysDir%\Drivers.
Drivers starts automatically with Windows and you can see "Computer is protected by Anti-Kekylogger" message during log-on.
The scrambler.sys driver is vnot hidden.
RegRun will warn you when the driver is loaded.
UnHackMe detects the hidden process. But it doesn't warn to the driver.
Scrambler.sys works automatically without Anti-keylogger.exe.
Scrambler.sys prevents the change of its startup mode.
It hooks several API functions.
I think Anti-keylogger works as rootkit.

I'm working with exclusion list.
I'm testing Anti-keylogger because I don't understand why it detects only once.
I removed "scramber.sys" using RegRun Anti Replacement feature.
But I need restart computer two times.

Best wishes,
Dmitry

 

Thank you Dmitry


I am sure you will figure it out.
The computer I run Anti-Keylogger on, HAs Regdefend on it and It does show the drivers loading but at first I thought it was Regdefend stoping it without telling me. but if you are using RegRun, I dought it would be the same problem.
I could ad Anti-Keylogger and Unhackme to my laptop which has RegDefend and ProcessGuard installed.
It appears you are seeing Unhackme not detecting Anti-Keylogger after a few days also on your system?
I think alot of other security software loads their driver before we log on
at the Kernel level.
I only know of RootKit Revealer and Anti-Keylogger changing the name of their process at startup.
I am thinking if Raytown uses rootkit technology for the Anti-Keylogger, they are most likely using it for their computer monitoring software too.

Like you say, in the new version, they don't allow you to completly shut the program down, they only give you a button to click to stop the process.

I was thinking Tiny Firewall uses some rootkit technology also.
If alot of security software start using this technlogy, Then it get hard to make anti-rootkit tools because now we start detecting other ligit software that uses it. So yes an exclusion list should work. This is what Anti-Keylogger did and BoClean.

Bruce

 

The problem is you have alot of people playing on both sides of the fence ... so called security experts (including AV company's) and websites that create a problem so they can turn around and fix it and look like hero's.

The AV industry was worth over 4 BILLION dollars last year alone, and is expected to far exceed that this year ... anyone who thinks they actually want all PC's to be infection free - (which would eventually shut down there business and force them to sell their sports cars and summer homes) needs their head examined.

Did all these security company's pop up because of the amount of destructive programs? or are all these destructive programs here because of all these security companys?

Be a realist for a few minutes and not a dreamer and give it some serious thought.

 

Oh yes I love to dream
But yes I am a realist also.

I have tested software for alot of years and have always been interested in
security apps.
You may be right though. Maybe some day MS will get it right and there won't be any more exploits haha

Besides all that. Does it matter where the nasties come from?
You still need software to find them. Why? don't be fooled into thinking it is only script kiddies and AV-AT makers spreading this doom. It is also country agains country for warfare reasons. I for one don't like the thought of being caught in the middle either way. Try to focus on the reality of say China against the USA or India for that matter.
It doesn't always come down to your personal info, credit card SS number
being stolen. Corporations will use rootkits if they can gain an edge on another competitor ect.
So you see, I do not look at it with narrow vision at all.

Bruce

 

It kind of does to me ... i don't like helping make these guys rich - i would rather get my hands around their necks and start applying some pressure.

Any industry (i don't care what it is) worth millions let alone billions is going to do whatever it takes to not only survive but to flourish. I have yet to hear any of them say "Damn i wish i didn't have all this money" , or " I don't care about making money i just love to help others". You won't be hearing any of that in the near future either ... if ever.

Your right on the mark there ... there is no bigger spyware/trojan alive than the U.S. Government.

I don't spend much on security though, I use a firewall, AV, and one spyware scanner. I can buy a new 120gb Maxtor hard drive from Newegg for $80.00 if things get bad enough - why spend $200 or $300 on software that just gets you on the dole for yearly subscriptions (not to mention upgrading to new versions) that in the end may total $400 or $600 (for that i could by a new CPU and videocard as well) ... It just doesn't make any since to me.

 

I'll be darned if that particular thought shouldn't be cause for concern all by itself. Pete

 

Jumping Jack

Yes I aggree with your thinking if you are just a ome user but we also need to look at companies that have alot to lose or countries.

I for one have always enjoyed helping others rather then always getting.
I am however happy when someone bakes me a frsh apple pie or gives me a free lic for beta testing software>


Pete, I hope we hear more bcak from Dmirty on this issue

Bruce

 

I have seen a few folks speculate as to how anti key logger works or could work. The best idea that I have seen for defeating key loggers is an on screen keyboard generated by the financial website. There would be no interaction of either the keyboard API or clipboard. Just mouse movements. Perhaps a a screen capture program that triggers with each mouse click could defeat it, but that would require sending a lot of data home.

 

Diver

Anti-Keylogger is not a program that captures keylogs but rather a program that stops keyloggers.
Yes your idea of using the handicap keyboard might work but is is not that easy to always use.

Bruce

 

Not the handicap keyboard, that only works to defeat a hardware key logger. A software keylogger will pick up the handicap keyboard because it feeds into the same keyboard API. Rather the mouse keyboard is built into the web page so the Windows keyboard API is not accessed.

I am aware of what anti keylogger claims to do. What I have seen is speculation as to whether these claims can be backed up.

 

Diver

Yes the virtual keyboard sounds interesting but since keyloggers still capture
mouse clicks you would need to use a mouse over virtual keyboard.(hovering mouse over a number or letter for a few sec. ) BUT since
keyloggers also capture screen shots, I am wondering if the screen shots would still capture what your mouse is hovering over?


Bruce