Widestep Keyloggers

Discussion in 'other security issues & news' started by gorgelink, Apr 3, 2005.

Thread Status:
Not open for further replies.
  1. gorgelink

    gorgelink Registered Member

    Joined:
    Aug 28, 2004
    Posts:
    49
    Hi, guys,

    Thank you for the best anti-Trojan ever and for the kindliest and friendliest forum.

    A few questions:

    1. Can TDS-3 remove the Widestep family of keyloggers (Quick, Handy, and Elite)? I could not find them in the primaries list.

    The WideStep keyloggers are ALL OVER THE PLACE. If not alreday tackled by TDS, it may be a good idea to add them to the primaries.

    2. Is there an application DEDICATED ONLY to keyloggers (whether trojans or not)? Do spyware removers such as Adaware (Lavasoft) deal with them effectively?

    BTW, how do I know if my computer is infected with a keylogger? Many of them are very stealth! I understand that the newer ones log not only keystrokes but the contents of the clipboard!

    Thank you again and have a spring (or, Down Under, autumn) week.

    Gorgelink
     
    Last edited: Apr 4, 2005
  2. controler

    controler Guest

    Hello and welcome :)

    There are a few good anti-keylogger programs discussed here.
    It might be as easy to do a search here of the word keyloggers or anti-keyloggers.

    Spy1 recommends Spycop I think and I like to recommend Anti-Keylogger
    not AntiKeylogger. found here http://www.anti-keyloggers.com/
    I also aggree it is best if you can install it or any other security program on a new fresh reformatted install with all the updates to Windows first if possiable.

    You will also find almost all the information and links you ever wanted to filter through in the Library on their site.

    I think it funny how the widestep people advertise their software as being
    "WideStep Security Software "

    How is it for security? :rolleyes:

    Bruce
     
  3. controler

    controler Guest

    Shouldn't they be calling it activity spy or spyware? LOL


    Bruce
     
  4. gorgelink

    gorgelink Registered Member

    Joined:
    Aug 28, 2004
    Posts:
    49
    Many thanks, Bruce.

    Only my first question remains:

    Can TDS-3 remove the Widestep family of keyloggers (Quick, Handy, and Elite)? I could not find them in the primaries list.

    Gorgelink

    PS:

    Do Spybot and Lavasoft Adaware remove keyloggers as well? Anyone knows?
     
    Last edited: Apr 4, 2005
  5. controler

    controler Guest

    I will install The Elite and let ya know.

    I know Spybot does do some keyloggers but is not it's specialty.
    It usualy doesn't hurt to install a commercial keylogger on your own system for testing.

    Bruce
     
  6. anti-spy

    anti-spy Guest

    Ad-aware and Spybot are not very good at finding keyloggers. They will find a few, but not nearly enough to be useful in this area.

    No offence to DiamondCS, but I wouldn't rely on TDS-3 for keylogger detection, it is excellent at finding trojans though. Better off to go with either Spycop (which is a top notch anti-keylogger), or if your looking for freebies I would suggest using SnoopFree http://www.snoopfree.com

    Many other anti-spyware programs will find some keyloggers as well, but again they are not the best in this area, and some are better than others. Some are MSAS, X-Cleaner, SpySweeper and Ewido.

    My opinion is that your better off trying to prevent keyloggers than only relying on some product to find them after the fact. Programs like Process Guard excel in this area. Also Prevx, SSM, AntiHook and other IDS software are very helpful in stopping this type of trashware. Best of luck.
     
  7. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Do you not find their price a bit steep considering PG is $ 25-29 ?
     
  8. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi there!
    TDS is very good in finding keyloggers and covers lots of detection even when not in the primaries list.
    But if you have the keyloggers mentioned here, could you please zip and send a sample to submit@diamondcs.com.au just to make sure they'll be added specificly to the databases?

    For your protection the layered approach is fine:
    ProcessGuard (on a clean system preferably),
    a registry protection like RegProtect and/or RegDefend,
    and you have hammered tight your system on kernel level;
    Port Explorer so you can see all connections, including hidden, illegal and trojan ones and act adequately,
    WormGuard is a very nice addition for the worms and scripts and whatever you add to the blocklist,
    of course TDS for the trojans and lots more
    (have all the DiamondCS gems from their site)
    and then you look further for the specific tools like anti-keylogger, SpybotS&D, Ad-aware, etc. the whole lot.
     
  9. gorgelink

    gorgelink Registered Member

    Joined:
    Aug 28, 2004
    Posts:
    49
    Thanks for your help, everyone!

    The upshot is that now, to stay safe, one has to use 5-7 scanners on a weekly basis and at least 1-2 on a daily basis.

    I don't know if computers have much future if it continues like this.

    This is why softwares like TDS are indispensable.

    Well, off my soapbox ...:eek:((

    Take care there and thank you again.

    Gorgelink
     
  10. gorgelink

    gorgelink Registered Member

    Joined:
    Aug 28, 2004
    Posts:
    49
    Hi, Jooske,

    The WideStep keyloggers are commercial software (and pretty expensive, BTW).

    Have a good one there.

    Gorgelink
     
  11. lupus

    lupus Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    22
    Regarding keyloggers, which are without any doubts, the most dangerous nasties i have taken the decision simply not to bother with Windows anymore, i mean, i am a registered user of Process Guard Full and am very interested in security and try to secure my machines as most as possible but no matter how tight i think my PC is i will not take any risks at all, so now when i log onto my bank account or paypal or buy stuff off the internet i boot a knoppix live-cd and have this warm-fuzzy-feeling, to me this is the ONLY way to go.
     
  12. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    It would seem that PG + RegDefend + Prevx would do anything that Anti-Keyloggers might do. Does Anti-Keyloggers do anything more? I tried out the product and it seems decent but as far as I can tell, it monitors the same hooks as these products and also has addititional database of products that can be trusted and allowed through. Am I missing something?

    Rich
     
  13. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Look - the beauty of a program such as SpyCop is that its' results after a scan are un-equivocal - it'll either show that you have a pre-existing keylogger on your computer or you don't - and it'll name which one you've got (with an option that enables you to go to the website the program originates from). If you do have one, SpyCop Technical Support guides you step-by-step in how to get rid of the thing - totally (a custom-tailored removal specific to your computer set-up).

    I've tried to hammer the following point through time and time again:

    You can't pre-suppose that any given user is going to know what the alerts from a program such as PG, RegDefend,PrevX (or any of the others) actually means due to the fact that keyloggers can either tie in to a pre-existing "allowed" program - or, their filenames have been constructed so as to be totally un-related to their function! .

    AFTER you're sure that you don't already have a keylogger present on your computer, then one could go about trusting the above-named (or other) programs to keep you keylogger-free - but even then - only if the computer's owner really knows how to deal intelligently with any and all future alerts.

    What's the recommendation for ProcessGuard?? That it be installed on a known "clean" system! Hello?

    How do you know (in relation to keyloggers) whether you've got a pre-existing one on your system or not?

    You check your system with a dedicated anti-keylogger program!

    This really isn't rocket-science, folks - just plain common sense. Pete
     
  14. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi,

    I guess I was talking more about preventative than first time detection. I certainly agree with what you say and I do run detection scans now and then to see what is happening. My own favorite, in this category is Security Task Manager. The paid version has a Spy Protector that seems to do very well in detecting keyloggers. Better than some of the dedicating keyloggers:

    https://www.wilderssecurity.com/showthread.php?t=50166

    Keyloggers are really nasty and I do monitor for them. For example, I also use Port Explorer, now and then, to see what is happening on my machine.

    Rich
     
  15. memory dude

    memory dude Guest

    SpyCop is now fifty bucks. They sell it like an expensive ebook where you read and read and then read some more before you actually learn the price. And then there's deceptive marketing in that "If you order before Midnight tonight, we'll take off Twenty Dollars!! $69 - $49!!!) Of course, the deal is still good tomorrow (before Midnight!). It's a "garage outfit" with little overhead that could sell three times what they do now at $25. Do the math SpyCop! They also have some shrill supporters at this forum and others that tend to be a little rude. If you can find something better, get it. There's so many reasons not to like Spy Cop. Have I mentioned the lousy coding and clunky interface?
     
  16. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    lol! @ "memory dude" (tell us how you really feel and quit holding back, okay?).

    I really don't believe I was being "rude" in my previous post (it's all in how you read it, I guess) - just truthful.

    Yes, SpyCop is a "garage outfit" (if that's what you want to call it). I have no idea how many people work there, but I do know this:

    If you're going to try to present the small size of their company as a drawback/disadvantage, then we're all going to have to similarly look down our noses at DiamondCS, TrojanHunter, SBS&D, Javacool, Merijn, the makers of BoClean, etc., etc., etc. - IOW, I totally reject the concept that the size of the company has anything to do with the quality of the product! .

    Yeah, their "marketing" side seems kind of brain-dead to me most of the time, too (that's why I ignore it as much as possible) - but likewise the marketing-style of the program has no effect on the quality of the product, either!

    You can either agree or disagree with the price - I happen to believe in paying for top-notch, up-to-date protection regardless of cost. When you consider the fact that a license purchase is lifetime for both definition and program updates, the initial cost gets put into better prospective in a hurry.

    "Technical Support" response time is incredibly quick - it ranges from literally within minutes (I kid you not) of receiving a support request to a couple of hours (including weekends if you've really got a problem).

    "Lousy coding" I wouldn't know about (however, the program works amazingly well in spite of that, if it's even true).

    "Clunky interface"? The interface - to me, anyway - is amazingly simple and straighforward ("eye-of-the-beholder" stuff again).

    You're right though - if SpyCop doesn't appeal to you (for whatever reason), by all means get something else - but do get something.

    But I'll (the real me, not some anonymous poster) continue to heartily endorse and recommend SpyCop - because it works.

    Have a nice day. Pete
     
  17. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    I will agree with ya Pete. Spycop detected every keylogger I threw at it. Very nice.

    You mentioned it but I am not sure what your talking about. Feel free to explain more...

    Thanks,

    Chris
     
  18. controler

    controler Guest

    Heck I haven't tried SpyCop yet Pete but will in the near future.

    I tried installing their Elite Keylogger to test with TDS-3 but Unhackme
    through a fist at it telling me I had a rootkit so this install didn't go well.
    Now I am guessing they used rootkit technology.

    Also on a side note. I downloaded Bitcomet a few weeks ago and wondered
    why I was getting one discrepincy with Rootkitrevealer.

    I know now it was BitComet that thru the registry entry in.
    I had to boot into safe mode to delete the dang thing.

    It shows up under HKLM\software\windows\cryptography\RNG\seed

    None of my other programs detected it. Not even sure if it was all bad but deleted it anyways LOL

    Bruce
     
  19. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    I haven't tried the keylogger apps but Security Task manager, TaskInfo could not pick up "Elite Keylogger" (widestep) unless unhidden. I ran a scan of windows folder with NOD32 but nothing found. However, Unhackme picked it up immediately

    I thought this might be an interesting test. Yes, it's well hidden. Unless you unhide it (windump view), it's hiddden - it already picked up my login password and screenshots. However, Unhackme detected it immediately on boot (Screenshot) while hidden. However this app could not delete it (I tried all options). The only way to rid it was to uninstall it. I am sure about Unhackme's find because I rebooted immediately after uninstalling and Unhackme reported nothing this time.

    *edit - another interesting bit of info was the fact that somehow internet connection was prevented by any means (FTP, browser) something prevented CPU access so that connection was impossible. Upon uninstalling keylogger, connection has been returned to normal

    http://img100.exs.cx/img100/2408/keylog1zm.jpg
     
    Last edited: Apr 7, 2005
  20. wolfpack

    wolfpack Guest

    I also tested the Elite Widestep keylogger, and boy is that a tricky one to detect. Nearly every security program I tested against it, failed to detect it! Including MSAS, Ewido, A2, Pest Patrol, Spybot, Ad-aware, BlackLight, and a few others.

    The only programs that were able to find it were Unhackme (as Lynchknot posted) and Rootkit Revealer 1.32 (I haven't downloaded the latest version of RR yet).

    I would have liked to test Spycop against it but I don't have the $50. to do so. They really should have a trial version available of Spycop. But anyway at least we have some free tools available to detect this junk. :D
     
  21. highsecurity

    highsecurity Guest

    Good work Lynch and Wolf. It's good to know there's something available to find these newer keyloggers. To me it really isn't so important if the apps actually remove the keloggers because if your aware that you have one, you can always just reformat to get rid of it, if nothing else works. But just knowing you have a keylogger is always the most important part. Thanks for your efforts.

    As for Spycop, I completely agree there should be a free trial of the program, and I would never buy any program from some company who thinks they're too good to offer a free trial of their product, especially at 50 bucks!

    How are we supposed to know if the program works good, we like the program and if it is compatible with our systems ect... We're just supposed to take their word for it that the program works as good as they claim it does? Yeah right! And I have some Real Estate for sale on the moon if anyone's interested. ;) :D

    That's ok we don't need Spycop anyway there are plenty of other decent and fair anti-keylogger companies around that do offer free trials of their products. :)
     
  22. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    <g> One paragraph of actual response to the thread - and three bashing SpyCop?? lol! And all from an anonymous non-member calling itself "highsecurity"? How utterly quaint (not to mention - transparent)!

    Like I said earlier: "You're right though - if SpyCop doesn't appeal to you (for whatever reason), by all means get something else - but do get something." (By someone not afraid to register and have an actual, verifiable identity). Pete
     
  23. highsecurity

    highsecurity Guest

    You seem to be looking for that which is not there Wilders member Spy1. I was not bashing Spycop. I merely pointed out that charging fifty dollars (overpriced IMO) for a program that can't even be tested first is simply unfair IMHO, and I would never buy from any company that has such pratices.

    How can anyone really determine how good or bad the program is without being able to first test it? Are we just supposed to believe whatever they tell us on the website? Do you automatically believe everything you read on a sellers website?

    Seems more like your the one attempting to do the "bashing" by calling another poster names like "itself" instead of saying themselves, and postulating that somehow your posts are better or more important than other non-members. It clearly obvious that you think very very highly of your own opinion, there's little doubt there.

    Really, who are you trying to impress here? Because after reading your many posts peddling Spycop across the internet, whenever anyone posts anything even slightly negative (or what you perceive to be negative) about Spycop, I don't think anyone should take anything you have to say seriously about the program, due to your extremely high bias in favor of it.

    I would even go so far as to say that you seem to be working for them or perhaps getting some kickback for ALWAYS posting very favorable posts about the program.

    At any rate your opinion is far too skewed in favor of SC to be worth acknowledgement by anyone who is considering the purchase of an antikeylogger program IMO.

    I would consider the other posters (guests and members) opinions here far more valuable than any of yours on SC and they seem like far more honest people than anything I have ever read by you about the program, no insults intended.
     
  24. Pollmaster

    Pollmaster Guest

    No offence highsecurity but Pete is known to be very defensive of all the software he uses (eg Shadowsurfer, TDS, Spycop etc). I highly doubt he is getting kick backs from all those companies.
     
  25. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Quite correct, Pollmaster - Pete (me) doesn't get any "kickbacks" of any sort from anyone.

    All of my recommendations are delivered solidly on the basis of what I know works - and what doesn't.

    Pete's not for sale.

    What you see is what you get when it comes to Pete, because Pete call 'em likes he sees them and damn the torpedoes, anyway! <g>

    I won't even mod anywhere anymore (and God knows I've been asked to enough) simply because I have to be totally independent in my views.

    I haven't lost any sleep due to people's negative opinions of me (quite well-rested, in fact!).

    And unlike a lot of others, I've never been afraid to be totally identifiable (and responsible for) every post I make, every suggestion I give, and every piece of software I endorse.

    I don't need a specific "tag", "title" or the approbation of anyone - I've got a secure computer sitting here in front of me that'll give me all the "applause" I'll ever need.

    Y'all have a great weekend! It surely is beautiful outside here! Pete
     
Thread Status:
Not open for further replies.