Littlebits

Retired Staff
The only advantage to using an anti-logger is if your system is already infected by a Trojan that is stealing passwords and personal info.
They will not remove Trojan infections they will only block the logging. Your main certain would be to remove the Trojan infection not block its logging ability.

On a clean system anti-loggers are completely unnecessary. What if you don't know if your system is clean or not? Think to yourself did you download any suspicious files after your scanned your system and verified it was clean?, did you approve any files on UAC prompts without digital certificates? if the answer is yes then your need to do a complete system scan with several AV products or removal tools to verify your system is clean making sure that you don't remove false positives.

Enjoy!! :D
 

TechHelper

Level 2
The only advantage to using an anti-logger is if your system is already infected by a Trojan that is stealing passwords and personal info.
They will not remove Trojan infections they will only block the logging. Your main certain would be to remove the Trojan infection not block its logging ability.

On a clean system anti-loggers are completely unnecessary. What if you don't know if your system is clean or not? Think to yourself did you download any suspicious files after your scanned your system and verified it was clean?, did you approve any files on UAC prompts without digital certificates? if the answer is yes then your need to do a complete system scan with several AV products or removal tools to verify your system is clean making sure that you don't remove false positives.

Enjoy!! :D
Thank you for clearing this up. Masking the virus won't fix the problem but detecting it & removing it will.
 

Solarquest

Moderator
Staff member
Malware Hunter
Verified
I thought anti-keyloggers would scan files and detect keyloggers before they are installed or at least beofore they could log all what is done and I'm happy to have learned this was false!
Do AVs normally block keyloggers or do they need a separate/additional program?
For example, does Emsisoft antimalware protect against keyloggers or just EMSI IS with online armor?
What about other AV where it's not specified if they protect against keyloggers?
I just read Littlebits post, what about a keylogger that is not classified as a trojan (do they exist)? Will AV detect it without an antikeylogger module?
 
Last edited:

Cowpipe

New Member
I thought anti-keyloggers would scan files and detect keyloggers before they are installed or at least beofore they could log all what is done and I'm happy to have learned this was false!
Do AVs normally block keyloggers or do they need a separate/additional program?
For example, does Emsisoft antimalware protect against keyloggers or just EMSI IS with online armor?
What about other AV where it's not specified if they protect against keyloggers?
I just read Littlebits post, what about a keylogger that is not classified as a trojan (do they exist)? Will AV detect it without an antikeylogger module?
Keyloggers are considered 'Spyware' sometimes called Trojan.Spy and in any sense they are no different to normal malware that AV detects, there is nothing really special about them, they just call specific functions and have certain types of code which again, any competent antivirus will easily deal with in the same way as normal trojans ;)
 
Last edited:

Cowpipe

New Member
Hey Cowpipe hope your okay! Yes Emsisoft Anti-Malware does protect against keyloggers

Tony :)
Hey Tony, I've been a little worse for wear the last few days but y'know, such is life :p How are you anyway? Haven't seen you around the forums for a while (maybe I'm reading all the wrong threads) ;)
 
  • Like
Reactions: Tony Cole

Littlebits

Retired Staff
Not all keyloggers are malicious, Windows keeps tracks of recent used documents, programs, search results, etc. to help you quickly launch programs or open files. Many safe programs like browsers also will keep logs to help the user of coarse all of these safe program only keep logs locally. Malicious keyloggers steal your private info and upload to their servers where they can get your passwords, credit card details, private documents used to steal your identity or even blackmail you into giving the malware writers money.

Most malicious keyloggers are Trojans or Trojan downloaders, they may also be detected as spyware by some AV vendors.
They are commonly bundled with illegal cracks and keygens to paid software, they usually will install silently in the background not wanting to give themselves away to the user because they want to be able to keep logging and stealing more info.

Most of the respectful AV's will detect most malicious keyloggers in the wild except for the zero-day keyloggers.

The best option to avoid them is never download suspicious files from unknown sources especially crack and keygen websites.
They are also distributed by fake alert websites like fake flash player, fake codec packs, fake malware scanners or fake AV's, fake Java plugin, etc. Remember Trojans appear to be a legitimate software to fool users into downloading and running them. Trojans are the most common form of malware that infects home users. All Trojans are not keyloggers they can do other damage like encrypt user files, display fake alerts to get you to buy a fake product, lock down your system where you can not do anything, disable your real-time AV, firewall where other infections can easily come in as well, disable Windows features and cause all types of other problems.

Before running any suspicious files upload them to VirusTotal and pay attention to UAC prompts to make sure the file has a digital certificate. If you still don't know then do not run the file, delete it and move on. If you know how to use Sandboxie, it can be an excellent tool to check the file for suspicious behavior. Just run the file sandboxed and then Explore Contents in Windows Explorer to look for malicious files or processes created. If you know what to look for then you can tell if the file is safe to run on your system out of the sandbox.

As our good member n.nvt stated in this post "Your Mouseclick Matters". No AV or security product will protect you if you are reckless with your mouseclicks.

Enjoy!! :D

 

Solarquest

Moderator
Staff member
Malware Hunter
Verified
Hey Cowpipe hope your okay! Yes Emsisoft Anti-Malware does protect against keyloggers

Tony :)
so the detection of keyloggers is not provided by online armor but already "included" in Emsisoft Anti-Malware (through detection of spyware, trojans etc)? Online Armor does not offer an additional protection against these threats? just to be sure....thank you
 

Tony Cole

Level 27
The new Emsisoft Anti-Malware version 9 provides protection against keyloggers, version 8 relies on online armor
 

Littlebits

Retired Staff
How do you do that?
You have to have experience working with malware, some of the common areas to look for files created or changed in Windows system directions, anything created in other then program files or temp directions, registry hives changes in system areas (you will have to view registry hives in Sandboxie).

Enjoy!! :D
 
  • Like
Reactions: WinXPert

WinXPert

Level 24
Trusted
Malware Hunter
Verified
How do you do that?
Use something like System Explorer to snoop around the system processes. Mostly the name is a giveaway. A process with a random name (kdg565sger.exe), or mis-spelled one (cssrs.exe instead of csrss.exe, etc) right named process located on a wrong folder (alg.exe located at windows\system folder). Even with explorer it's possible to do manual malware hunting. Just be familiar to where these critters usually hide (root dir, windir, system32, appdata, temp, etc.) Even CCleaner will suffice with it's Tools | Startup tab. Most worms I encounter disables taskman, regedit and CMD, because sometimes those three are enough to disable and delete a malware. It takes practice.
 
  • Like
Reactions: Littlebits