Page 1 of 3 123 LastLast
Results 1 to 15 of 32

Thread: Keylogger detection

  1. #1
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899

    Keylogger detection

    Anyone know any good programs for detecting keyloggers?
    I'm using Windows 7 - you got a problem with that?

  2. #2
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    TDS-3 and Process Guard - a few top AV's are doing a much better job now

    (I'm sure you already know) Process guard coverage (bold is free version)

    Control application execution
    Protect applications from unwanted termination
    Protect applications from unwanted modification & injection
    Protect applications from unwanted viewing

    Block new and changed programs
    Protect physical memory (prevent operating system vulnerabilities)
    Block Global Hooks (stops keyloggers and password stealers)
    Block unwanted driver/service installation (stops rootkit trojans)
    Block registry DLL injection (stops spyware such as CoolWebSearch)
    Secure Message Handling (protects applications from messages)
    Interface Lock (protects from malicious changes and other users)

    For possible existing keyloggers ~ anti-keylogger programs:
    SpyCop (signature based)
    X-Cleaner will find some keyloggers - http://www.xblock.com/download-freeware.shtml
    Snoopfree - http://www.snoopfree.com/default.htm
    Pest patrol's Keypatrol (not sure how well but Pest patrol sure has a lot of false positives) - http://www.pestpatrol.com/KeyPatrol/

    Then there's: http://www.privacykeyboard.com/anti-keyloggers.html
    The PrivacyKeyboard™ for Microsoft® Windows® NT/2000/XP Workstations is the FIRST product of its kind in the world that can provide every computer with strong protection against ALL types of keylogging programs (keyloggers) and keylogging hardware devices (hardware keyloggers), both known and unknown, currently in use or presently being developed worldwide.
    TaskInfo shows hidden processes: http://www.softpedia.com/get/System/...TaskInfo.shtml


    current info about keyloggers themselves can be found here: http://keylogger.org/reviews.cgi?null=1
    Last edited by lynchknot; March 20th, 2005 at 16:52 PM.

  3. #3
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899
    TDS-3 is useless I tried it on a few and it didn't flag any of them same with Ewido. I'm not looking for something that stops them installing I am looking for something that will find them on an infected system. X-Cleaner and MS AntiSpyware seem to detect a few but generally this seems an untapped market, perhaps there has not been a demand but I'm sure I could stir one up. SpyCop sounds like it might be worth a try do you know if they do a Try&Buy.

    SnoopFree apparently only runs on Windows XP - well that's what it said when I tried to install it, but I don't think it's a scanner as such anyway.
    Last edited by Curio; March 20th, 2005 at 19:00 PM.
    I'm using Windows 7 - you got a problem with that?

  4. #4
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    http://www.topshareware.com/SpyCop-download-1889.htm

    I think there will always be a try and buy. If not, someone, out there, will force it into a try and buy.

  5. #5
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899
    Bummer..... SpyCop proved equally worthless. On the brighter side Symantec Antivirus got some. It's quite surprising how poor detection really is - I think I'll go down the internet cafe and surf on the internet a bit swapping between machines on a regular basis to install... I mean check for malicious software
    I'm using Windows 7 - you got a problem with that?

  6. #6
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536

  7. #7
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899
    Tried Counter-Spy this is obviously a thinly veiled re-pack of Giant Anti-Spyware, lots of files start with the prefix gcASxxxx - what are the chances? Quite a few have identical names - what are the chances? The GUI is almost identical - what are the chances?

    Anti-Keylogger is not a detection proggy either plus there is misleading advertising on the product homepage (5cows on the tucows icon it only got 3 - similar discrepancies down that list) I don't like that. There are others out there that are pay only but previous experience of that kind of deal tells me it's likely to be rubbish they won't let you try it cos you would never buy it if you could.

    I downloaded 7 random keyloggers today and have been trying to detect them with various progs all day long unfortunately I haven't gone about it in a very scientific way so I may have to start over using Virtual PC or VMWare. Anyone using Blazing Tools PerfectKeylogger you have done your money - it's about the only one that everything in the world detects instantly.
    I'm using Windows 7 - you got a problem with that?

  8. #8
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    How about this 4 cow: http://www.tucows.com/preview/195832.html

    Are keyloggers able to hide from "Security task manager"?

    **edit - a little dated but here's 13 anti-keyloggers tested: http://www.wilderssecurity.com/showt...t=50166&page=1

    Keyloggers used for tests:

    1. 007 keylogger
    2. PC Bloodhound 1.1
    3. PC spy 2.4.1
    4. Actmon computer monitor v 5.11
    5. Auto keylogger v 5.2
    6. Pal computer surveillance system 3.2
    7. Desktop spy agent
    8. Blazing tools perfect keylogger lite v 2.80
    9. Family keylogger v 2.80
    10. Ghost keylogger v 3.80
    11. Invisible keylogger 1.1
    12. In the know 1.17
    13. Home keylogger v 1.70
    14. Key key 2000 professional 1.22
    15. Keyboard logger 1.3
    16. Looxee keylogger v 5.0.1.4
    17. Real spy monitor build 2.13
    18. Personal inspector v 400b
    19. Computer monitor keylogger 1.0
    20. Spy anytime pcspy 2.3
    21. Sc-Keylog 2.25
    22. Orvell monitoring 2004
    23. Pal keylogger 1.01
    24. Spyanywhere 3.01
    25. Spybuddy 3.1
    26. Spy-keylogger 1.0
    27. Win-Spy stealth window monitor 7.1
    28. XPC spy pro 2.02
    29. Wintective keylogger and screen capture 2.2
    30. Keylogger Express 1.01
    31. Advanced Keylogger 1.0
    32. Quick keylogger 2.1
    33. Handy keylogger 3.24
    34. NS keylogger 3.24
    35. Ghost keylogger lite v 3.8
    Last edited by lynchknot; March 21st, 2005 at 00:53 AM.

  9. #9
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899
    Latest Snooper Definitions updated on December 27, 2002
    From Who's Watching me website - fills you with confidence.

    In your Wilders link it actually states STM picked them all up - that's cool and I am going to look into it, in the main those results just prove my point that it's an untapped market. STM certainly looks good value and I like the interface it could just be 'the ONE'.
    I'm using Windows 7 - you got a problem with that?

  10. #10
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    OK how about this. I installed it yesterday - http://www.iarsn.com/taskinfo.html
    Home: http://www.iarsn.com/taskinfo.html
    TaskInfo shows information about all running processes and threads including ring0 VxD threads. Information about each process includes:

    * Most of the Processes that want to be invisible like worms, keyloggers and other spy software
    * All threads (with details including Thread Start Address and Call Stack with Symbolic Information if possible)
    * CPU usage (multiple CPU supported)
    * Memory usage
    * Scheduling rate
    * Path



    * Opened files and handles
    * Loaded modules (DLLs etc.)
    * Command line
    * Environment variables
    * Version information
    * Connections
    * and more!

    TaskInfo also shows detailed system information:

    * Total CPU usage (multiple CPU supported)
    * Total memory usage (physical, virtual etc.)
    * Total number of processes and threads
    * Thread switches and interrupts rate
    * Read/write data rates on disks
    * Modem connection speed (if present)

  11. #11
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899
    STM looks completely awesome at the moment, it has features which are exactly what I need and it flags potential threats - I believe at this early stage of testing it is going on my essential software list. It has flawlessly flagged 6 keyloggers and screen capture progs so far, it doesn't really remove them but there is an old saying that goes something like 'if someone is in your computer it isn't your computer anymore' which basically translates to 'Hacked? Then wipe and reload dude'. I am buying it some flowers and a box of chocolates later.

    I will certainly check out your other suggestion - have you run any bad things at it yet?
    I'm using Windows 7 - you got a problem with that?

  12. #12
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    I don't purposely install bad apps. I do have a CD full of live viruses though.
    Here's the latest Spycop (but perhaps useless)



    Here's a screenshot of TaskInfo:



    I don't understand this message because there is no indication in the normal window (top rated is 57 which is considered "harmless"

    Last edited by lynchknot; March 22nd, 2005 at 19:21 PM.

  13. #13
    Precision Processor Super Moderator egghead's Avatar
    Join Date
    May 2002
    Location
    In Your Monitor
    Posts
    3,546
    here is a link to stm

    Security Task Manager Security Task Manager displays detailed information about all running processes (applications, DLL's, BHO's and services). For each process, it improves on Windows Task Manager, providing:
    • file name and directory path
    • security risk rating
    • description
    • start time
    • CPU usage graph
    • embedded hidden functions
      e.g. keyboard monitoring, browser supervision or manipulation
    • type of process
      e.g. visible window, systray program, DLL, IE-plugin, service
    The Security Task Manager recognizes also virtual driver software, services, BHO and other processes hidden from the Windows task manager.

    http://www.neuber.com/taskmanager/index.html


    I hace added this valuable program to my essentials as well.


    ------------------------------------------------------------



  14. #14
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899
    The best bit in STM is down the bottom it gives you all the info you need to sift the good ones from the bad ones and combined with HijackThis, RegSeeker and a good working knowledge of Windows it is awesome.

    It won't tell you what you got but it will highlight what needs examining - you can then comment each one. Nod32 antivirus that looks malicious to me, only joking it weighs up positives and negatives derived from the properties of the process and give you a nice little round-up. It also reveals the strings inside the app which can uncover hidden command line options and internal commands like 'net share hackme$ c:\'.

    The rating number doesn't mean it's necessarily harmful it is more an indication of the abilities of the app. One that is hidden, logs keystrokes, takes screen captures and is hidden in startup will only rate 33 or so (I tried some that do exactly that) but the abilities are listed so you can say to yourself "hmmmm.... I don't remember trying to spy on myself". Nod32 probably has high priority, lots of hidden windows, intercepts email, intercepts disk reads and injects global hooks all over the gaff (only guessing) so will score high.
    I'm using Windows 7 - you got a problem with that?

  15. #15
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    Nod only rates a 57 on my pc

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •