Does AVAST Anti-Virus software detect Keyloggers?

system · 2006-10-15T18:34:01.000Z

Could an AVAST expert explain, whether AVAST Anti-Virus software is able to detect keyloggers like “Perfect Keylogger” or “e-surveiller”, etc.?

In other words if a hacker installs these programs remotely on ones PC, would they be detected and prevented by AVAST?

If not, what else should be done against them?

Thanks in advance!

DavidR · 2006-10-15T19:04:31.000Z

I think a forums search for keylogger might well answer that question as there are many cases of avast detecting a keylogger that was installed by the user. There is no guarantee that avast would detect every keylogger, the same is true of many anti-virus programs (this isn’t strictly a virus but spyware, so an anti-spyware program may give additional protection.

You might also consider proactive protection, in order to place files in the system folders and create registry entries you need permission. Prevention is much better and theoretically easier than cure.

Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.

system · 2006-10-18T14:26:16.000Z

Thank you very much DavidR, for your reply!
I believe somewhere else in the forum, i read a recommendation from you for “a-squared Free”
Virus scanner. I downloaded it and it seems to be very good.

After a scan, it found my ADSLTEST.exe as a heuristic.Dialer .
(I don’t know whether it is a legitimate file or not, but i put it in quarantine, without any problem caused).

But next day by chance i realized that my years old personal IP address (of my PC) has changed, which may be totally unrelated.

my question is: “How could the IP address of a PC suddenly change?” (I am not talking about the Internet IP,which always changes):

Details
LAN or High-Speed Internet
Limited or no connectivity
Modem ADSL USB POTS
IP Address. XXX.XXX.XXX.XXX ««««««« (please note: This is my PC address, which is always the same for years and now is changed)
Subnet Mask: 255.255.0.0
Automatic Private Address

Details
ADSL ISP
Connected
WAN Miniport (PPPOE)
IP Address: XX.XXX.XX.XX «««««« (please note: This is the Internet IP, which changes each time I go online)
Subnet Mask:
255.255.255.255
Assigned by Service Provider

I appreciate any explanation, thanks in advance.

DavidR · 2006-10-18T15:37:59.000Z

A google search for ADSLTEST.exe returns many hits, perhaps there is something there that rings a bell. Since you don’t give the location that it is in there is no way to try and associate it with a program and see if it might just be legit for testing an adsl line.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in quarantine, you will need to move it out.

Your IP address is usually dynamic changing each time you connect to the internet, this can be true if that connection is by dial-up or ADSL. It is possible to request a Static IP address some ISPs offer this, but you usually pay a premium for it. Check your ISP’s support pages or FAQ and see what it says about static and dynamic IP addresses.

Announcements