avast pro missing keylogger ?

Hello,

I am new here and I am trialling avast pro.I like the av because it is light but I am worried because it missed a keylogger.

I went to this site http://www.winsite.com/bin/Info?26000000037599 downloaded martin’s undetectable keylogger and executed it to see if avast would catch it.

It missed it. I am not sure I did not configure avast right.

Any of you gurus willing to help ?

Thanks

Welcome to the forum!

Test the file at Jotti Multi engine on-line virus scanner or Virus Total Multi engine on-line virus scanner…just to see if other scanners would catch it

You can find links to the multi engine-sites in this post by David:

http://forum.avast.com/index.php?topic=24265.msg199255#msg199255

To test Avast you can try the eicar test-file:

http://www.eicar.org/anti_virus_test_file.htm

Bluesman,

Avast catches eicar…but then again all avs catch eicar ?

Have a look at this…

http://forum.avast.com/index.php?action=post;topic=24813.0;num_replies=1

Of course I know that :smiley: I was just thinking you wanted to test that your avast works ok, eicar is a good test to see if avast is correct installed. Sorry to have misunderstood you.

And the thing about the multiengines, that was just for you to see if the keylogger really is dangerous and other scanners catch it. If other sees it and not avast, send the file in a password-protected zip-file to virus@avast.com , and tell them your story and write the password in the mail.

I submitted the keylogger to viruscan…
here are the results:

Complete scanning result of “Keylog.zip”, processed in VirusTotal at 11/10/2006 12:38:00 (CET).

[ file data ]

  • name: Keylog.zip
  • size: 136464
  • md5.: 8935a514da0aac5d8828c4afa37a6c08
  • sha1: 886a6b1b9875edf850471f183af938ce55c204a8

[ scan result ]
AntiVir 7.2.0.39/20061110 found [TR/Spy.KeyLogger.LF]
Authentium 4.93.8/20061110 found nothing
Avast 4.7.892.0/20061109 found nothing
AVG 386/20061109 found [PSW.Generic2.LFE]
BitDefender 7.2/20061110 found nothing
CAT-QuickHeal 8.00/20061110 found nothing
ClamAV devel-20060426/20061110 found nothing
DrWeb 4.33/20061110 found nothing
eTrust-InoculateIT 23.73.51/20061110 found nothing
eTrust-Vet 30.3.3186/20061110 found nothing
Ewido 4.0/20061110 found [Logger.KeyLogger.lf]
F-Prot 3.16f/20061110 found nothing
F-Prot4 4.2.1.29/20061109 found nothing
Fortinet 2.82.0.0/20061110 found [Spy/KeyLogger]
Ikarus 0.2.65.0/20061109 found nothing
Kaspersky 4.0.2.24/20061110 found [Trojan-Spy.Win32.KeyLogger.lf]
McAfee 4892/20061109 found nothing
Microsoft 1.1609 /20061110 found nothing
NOD32v2 1861/20061110 found nothing
Norman 5.80.02/20061110 found [W32/Keylog.BAM]
Panda 9.0.0.4/20061109 found [Suspicious file]
Sophos 4.11.0/20061107 found nothing
TheHacker 6.0.1.116/20061109 found [Trojan/Spy.KeyLogger.lf]
UNA 1.83/20061109 found [Trojan.Spy.Win32.KeyLogger.2021]
VBA32 3.11.1/20061109 found [Trojan-Spy.Win32.KeyLogger.lf]
VirusBuster 4.3.15:9/20061109 found nothing

[ notes ]
packers: ASPACK
packers: Aspack

I guess one could argue (as VLK has ) that an AV gains no credibility from increasing its detection of simulated malware. Which is probably why so many miss on this item.

Well, not a software is perfect and you need layered defense. You’ve done the right thing, helping avast to improve detection.

Most probably it’s not a problem of configuration… but, anyway, you can ask for help in any configuration you need/want :wink:

Well, avast is not exactly the only av that missed this keylogger.Nod32 missed it!

Maybe avast should add heuristics and become more like kaspersky ? :stuck_out_tongue:

Key loggers are also used as tols, avast does detect and report a number of keyloggers, but the problem is also is the tool being used for good or evil.

Heuristics has been frequently discussed in the forums and responses have been made by Alwil members, perhaps a forum search is in order.

Yes I did run a search but looks like that if I want a top notch antivirus my only choice would be kaspersky…at least ur safe…and…better safe than sorry 8)

If you want to pay for Kaspersky, that is entirely up to you and good luck. However, Kaspersky isn’t the be all and end all of AVs it is about what suits your needs and avast is one of the most flexible and configurable out there. Not to mention the other shields and functions not often found in other AVs.

You downloaded a keylogger and installed it on your system that requires a degree of co-operation that isn’t forthcoming if an attempt is made to install this without your permission. That would require another element, trojan downloader or backdoor, etc. those to can be combated, by avast and other anti-spyware/trojan software and a firewall that provides protection against unauthorised outbound connection.

By applying a multi-layer/application approach to your defences you go a long way to improve your protection stopping this sort of thing getting installed in the first place.

Hello David,

I already had kaspersky, SSM, Ewido,Spybot,Spyware Terminator,Comodo fw, (outpost but not installed), sandboxie and Acronis True Image.

I wanted to try avast because I heard it was decent/good.I knew it does not even come close to kaspersky but still I like to try different software.

However, Kaspersky isn’t the be all and end all of AVs it is about what suits you needs and avast is one of the most flexible and configurable out there.

I think Kaspersky is the best AV out there. yet.Yes avast is flexible but I need an antivirus to catch viruses… the higher the detection rate the better

By applying a multi-layer/application approach to your defences you go a long way >to improve your protection stopping this sort of thing getting installed in the first >place.

I agree with you ,that is why I have the progs I listed above. If the AV is strong like kaspersky so much the better.

Each to his own I guess.

Thanks for answering

No problem, your system and your choice.

David,

Yes, my choice.But.I would like to add that I do not think that Kaspersky is a magic wand.I have been using it for the longest time and I feel safe with it because it does perform well.I know it stuffs up.like any other AV.If you read one of my previous posts you can see that even a top tier like Nod32 didn’t catch the keylogger.

So a layered a approach is a must…even if u have nod or kav.

I think that with avast+ewido+spybot+ssm and sandboxie u’d have a hard time getting infected.One needs to be careful tho because a fool with a tool is still a fool :wink:

Thanks all for your input and help.

Your welcome, your input will also be very useful for those also reading the topic now and in the future.

I have been waiting for SSM to mature a little more, when I last tried it there was no help file and it was somewhat difficult to work out how to configure it, too much like a black art (I like to know what is going on in the programs I use) and I didn’t find the forum too hot. Perhaps time to take another look.

I looked at sandboxie and even went as far as downloading it, I still haven’t got around to installing and trying it. I like the concept, but as a dial-up user (I need all the help a cache provides), I didn’t like the fact that you lose the cache and bookmarks, etc. unless you set it up to save them to the real location. So I wasn’t sure if this breaking out of the sand box might not be a weakness.

As you will see from my signature, DropMyRights is a very useful proactive tool to limit user rights in certain programs that access the internet and stop malware writing to the registry and placing files in the system folders limiting any potential damage, should you catch a cold. This is more convenient that running on a limited user account. This is what the Vista UAC is about restricting rights even if you are logged on to an account with admin privileges.

Hi David,

I have been waiting for SSM to mature a little more, when I last tried it there was no help file and it was somewhat difficult to work out how to configure it, too much like a black art (I like to know what is going on in the programs I use) and I didn’t find the forum too hot. Perhaps time to take another look.

SSM did improve a lot.They update it on a regular basis.You have help files now :slight_smile: and it is not a black art anymore.You just need to go through the help files once or 2ce and you’ll get the hang of it.Basically what you do is install it,reboot and protect the programs you use.If you are sure ur pc is clean u can use the learning mode, launch all ur fav applications…reboot and untick learning mode.After that ssm will throw a popup at you, with all the details u need to decide if u want to allow or block, only when needed. If you are not sure and you don’t want to use the learning mode, u simply launch your applications u use most, allow and after that “disconnect user interface”.What this does is…block everything you did not allow…kinda like “block most” in outpost.


I looked at sandboxie and even went as far as downloading it, I still haven’t got around to installing and trying it. I like the concept, but as a dial-up user (I need all the help a cache provides), I didn’t like the fact that you lose the cache and bookmarks, etc. unless you set it up to save them to the real location. So I wasn’t sure if this breaking out of the sand box might not be a weakness.

Sandboxie comes handy when you want to surf the net and don’t want no worries.You sandbox your browser…surf ur “rear” off and then delete the contents of the sandbox.whatever u downloaded (malware,cookies and nasties will be stuck in the sandbox) :slight_smile:

With sandboxie you can do without dropmyrights and ur os will thank you for it ;D

Thanks for the update.

:slight_smile: Hi Arsenic :

 A "keylogger" is NOT a "virus", so it should be no surprise that AV's did NOT detect it;
 that is why there are antiSPYWARE/antiTROJAN programs . You never did say if your
"keylogger" was "detected" by your existing Ewido, Spybot, or "Spyware Terminator" !?
 This would be a more appropiate "test" . I would NOT have the last 2 programs on my
 computer; much more reliable is the FREE ver of "SUPERantispyware" from :
 www.superantispyware.com .

Hi,

A “keylogger” is NOT a “virus”, so it should be no surprise that AV’s did NOT detect it;

A Keylogger is a "potential"nastie.Avast does detect some keyloggers.Other Avs,not so many, caught it.


You never did say if your
“keylogger” was “detected” by your existing Ewido, Spybot, or “Spyware Terminator” !?

I turned off ewido because I wanted to see if avast could catch it.

Ewido does catch that keylogger.

Anyway it was sandboxed and dealt with :slight_smile: