Hi - I have a keylogger to keep an eye on my childrens’ computer usage and to help ensure they do not give personal information online, but Avast free home addition keeps on detecting it and asking if I want to delete/bin it!
On the free edition can I exclude the keylogger so it is not detected? If so, how do I do it - I cannot see an option, only an option to exclude a path/folder and even this does not work to exclude from Resident Protection. HELP!!
Thanks.
I suspect that it is the suspicious activity or possibly because even though you are using it for a reasonable purpose, others have used it for evil. So it is very hard for avast to differentiate between the two.
When it it being detected, when you start it up or when it starts automatically?
Have you tried adding it to the list of files that won’t be scanned by standard shield? This would also need to be done in the Program Settings, Exclusions, to stop it being scanned on on-demand scans.
You have to totally sure that this is totally benign as you are introducing a loophole into your system for future updates of this keylogger.
For the Standard Shield provider (on-access scanning):
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button…
For the other providers (on-demmand scanning):
Right click the ‘a’ blue icon, click Program Settings.
Go to Exclusions tab and click on Add button…
Hi
I’m having a similar problem, but have been unable to fix it using the methods suggested above. I’m using FamilyKeylogger (demo version) to see if it is any use monitoring my son’s internet activity without him knowing. Whenever I boot up my PC avast warns that the exe (ctfmon.exe) contains a trojan virus. Obviously this isn’t very secretive!
I have followed the instructions above, i.e. in “Program Settings\Exclusions” I have added both the path to the installation directory of FamilyKeylogger and the to the exe itself. In the “Standard Shield\Customise…\Advanced” tab I have also added the path of the installation of FamilyKeylogger. After doing this avast still warns that “ctfmon.exe” contains a trojan virus when I re-boot my PC.
The only way I have been able to get avast to not report the problem is to switch off scanning of all executed programs in the “Standard Shield\Customise…\Scanner(Basic)” tab. Obviously, this leaves my system somewhat exposed (although I use a hardware firewall and NAT with a software firewall to control outbound application activity and still have the other AV scanners running so am not overly worried).
Does anyone have any suggestions to stop avast recognising FamilyKeylogger at bootup?
So to suggestions, after you have checked out the above, find out what the executable file for FamilyKeylogger is, check the link or other means of launching it to find the executable file name and location.
Can you post the full long and short path of this program?
Something like:
C:\Program files\FamilyKeylogger\FamilyKeylogger.exe
C:\Progra~1\Family~1\Family~1.exe
Sure… you almost disable the antivirus protection…
Wow? :o
I suppose their are not resident or you’ll get a conflict with avast…
Which ones you’ve referring to?
Instead of using a keylogger, which most av’s will find bad since these are too often used for malicious reasons, why not use something like the free Naomi that can be found here:
I raised an eyebrow myself when I saw the exe was called ctfmon, but wondered whether, pehaps, this was the authors way of making the exe look innocuous. The program is supposed to be hidden and so the name “ctfmon” makes it look harmless to the half-trained eye. Of course, I understand that virus authors use the same techniques. I am happy that this particular “ctfmon.exe” on my system has come from the install of FamilyKeylogger (its the file linked to by the shortcut in the start menu) and is not a virus in a rogue version of the Microsoft program. All of the key loggers that I tried to download gave virus warnings, presumably because they all contain code to scan and record keyboard activity, which anti-virus software detects as some form of Trojan.
The full path to the exe is:
c:\windows\system32\CTF\ctfmon.exe
I’m not sure what the short path is - I use windows XP so everything is described in full path terms as far as I can see.
The other AV scanners I’m referring to are the other providers in Avast such as the e-mail scanner, web scanner, etc. Whilst I’m currently not scanning any exe’s at run-time for viruses, my system is behind a hardware firewall and running NAT (which I understand makes it virtually impregnable to hackers) and all incoming files/data via e-mail, web or chat-client are being scanned for viruses. My software firewall (which I use to control all outbound traffic) has not reported ctfmon.exe trying to send any data to the outside world - another reason to assume the file is not a virus. A loophole here might be that the program could send the log file as an e-mail to someone and (presumably?) there are ways to do this without me seeing it. I suppose as a safeguard I should add my passwords/bank details, etc. to my firewall to warn of any outbound transmission of this data…?
I think the main problem is that whilst I’ve been able to tell avast to ignore FamilyKeylogger in system (HD) scans for viruses there is no way to tell avast to ignore it when scanning exe’s at run-time or, presumably, when scanning memory for resident programs. Does anyone know of any way to do this?
As for internet filtering programs - I don’t really want to censor what my son sees (we have an open relationship with regards to what we discuss) and rather I want to have a sense of what he is looking at so that I can discuss things with him in general terms and steer him as appropriate. A key logger probably seems like quite a draconian solution, but I know if I ask him what he is looking at his response will be “nothing” or “whatever” because a) he’s a boy and b) he’s almost a teenager. :
If anyone has any further tips they would be most welcome.
Ok, I’ve checked the short cut to make sure it is running “ctfmon.exe” - I’ve added both ctfmon.exe and ctfmon.dll (the thing avast says has a Trojan in it) to the standard shield and the program settings and when I re-run the Key Logger avast still gives a warning if I switch on exe scanning.
I’ve taken some screen shots to show what I’ve done and what is going on - I’m attaching these in a jpg which should be ok to read (not done this before so fingers crossed). Am I missing something…?
Can you show the screen shot of the avast detection or get that information from the avast Log Viewer, Warnings section, give the exact file name and path of the detected file.
Personally I would kick the key logger into touch, as something that tries to hide itself by calling its module after a common file name only causes the kind of confusion here.
Plus a key logger works after the fact and you have to monitor the activity logs, etc. once you mention anything about their browsing habits, your busted too, they know your invading their space. There are parental guidance programs, which block rather than simply log key strokes, etc.
A search for ctfmon.dll http://www.google.com/search?q=ctfmon.dll will give you a shock as there are potential virus risks associated with this file, so is it part of key logger ?
Again every part of my instinct is screaming get rid of this key logger.
Success! I checked the LogViewer as DavidR suggested and after throwing warnings for ctfmon.exe and ctfmon.dll there was a fresh warning for ctfs.dll. Once I added this to the exclusions the program executed without avast giving any warnings with exe scanning switched on. So, for future reference, anyone installing FamilyKeylogger needs to add the following exclusions:
DavidR - I understand your concerns about this program given the problems I’ve had with avast, but this is a genuine download from the originating site and I’ve checked their support pages and the exe is supposed to be called “ctfmon”. I suspect this is just a programmers way of “hiding” the exe - I used to be a programmer and I’d probably do the same thing. As for whether to use a logger or a blocker - we could debate the relative merits for ever, but (to use a military analogy) my mindset is more United Nations than United States. Hope that makes sense.
Thanks to everyone for the suggestions, support and concern especially Tech and DavidR. We got there in the end! 8)
I don’t doubt its a legitimate program, I never said it wasn’t, just that the use of file names associated with system or regular/common program files can and does cause confusion (not just for the intended target, who you are logging).
As a result of this file name usage (obscure) some of those common file names these tactics are also used to confuse about viruses using those names also. There have got to be better ways, I too was an analyst programmer in my distant past.
But all’s well that ends well, glad we could help.