LMT AntiMalware

LeMinhThanh

From LMT AntiMalware
Thread author
Verified
Developer
Well-known
Apr 11, 2020
305
Hi!
LMT Anti Logger 4.9.5 released
Changelog:
  • Now LMT Anti Logger supports boot into Safe Mode to handle files that the software cannot handle in the normal environment.
  • Improved Anti Exploit for Browsers.
  • Fixes some minor bugs and contains small improvements.
Homepage: LMT Anti Logger - A software helps protect you from malware

 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,600
Hi, LeMinhThanh

I have read an interesting article about detecting user-mode keyloggers. What do you think about this method?
(PDF) A Novel Approach of Unprivileged Keylogger Detection (researchgate.net)

Can your software protect against Mouse Underlaying technique?
Mouse Underlaying: Global Key and Mouse Listener Based on an Almost Invisible Window with Local Listeners and Sophisticated Focus (eudl.eu)

Are the other techniques included (from the above article)?
  1. Kernel-based Keyboard Filter Driver
  2. Windows Keyboard Hook Method
  3. Keyboard State Table Method
What do you think about the in-the-wild danger of GPU-based keyloggers (require high privileges)?
gpumemscan2013eurosec.pdf (forth.gr)
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,600
I installed the application and saw information about the anti-hook methods: GetKeyState, GetAsyncKeyState, GetKeyboardState, DirectX, SetWindowsHookEx, GetRawInputData.

I f I correctly understand this short info, then LMT Anti Logger can monitor the Windows Keyboard Hook Method but not Kernel-based Keyboard Filter Driver Method or Keyboard State Table Method (they do not apply an API for hooking keystrokes).
Of course, the known keyloggers (and many known keylogging methods) can be prevented by AI, YARA rules, Virus Total, etc.

Edit1.
I am really impressed how one person could make an application (in a short time) with so many features that require wide knowledge about Windows and coding.:)(y)

Edit2
I wonder how many well-known (old) techniques are seen in the wild nowadays?
:rolleyes:
 
Last edited:

LeMinhThanh

From LMT AntiMalware
Thread author
Verified
Developer
Well-known
Apr 11, 2020
305
Hi @Andy Ful, thanks for the interesting articles, I will read them when I have time, I am currently on Tet holidays in Vietnam🎆
And yes, I think my app cannot prevent advanced keyloggers from stealing keyboard data, so I added Realtime Protection, hope it can block keyloggers and malwares.
If I remember correctly, I have tested with
Refog keylogger free, Best-free keylogger, IwantSoft keylogger, Actual
keylogger, Revealer Keylogger and my app can prevent them from reading keyboard data, look like they all are using keyboard hooking :ROFLMAO:
 

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
@LeMinhThanh

What are you going to give back to the VT-community? Dan from Voodooshield only used the VT-results and was cut off last year. Lucky for Dan was that he developed a cloud whitelist to compensate for this missing executable evaluation. I can remember in 2019 one of the new AI based antivirus solutions was also cut off from VT-results.

Regards L
 

LeMinhThanh

From LMT AntiMalware
Thread author
Verified
Developer
Well-known
Apr 11, 2020
305
@LeMinhThanh

What are you going to give back to the VT-community? Dan from Voodooshield only used the VT-results and was cut off last year. Lucky for Dan was that he developed a cloud whitelist to compensate for this missing executable evaluation. I can remember in 2019 one of the new AI based antivirus solutions was also cut off from VT-results.

Regards L
Sorry but I don't really understand what you mean :rolleyes:
 

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Virus Total changed their policy in 2016 (link), so anti-malware programs could not use the results of VT (and benefit of the hard work of all the AV-companies on VT). In the past VT-blocked AI based AV-products to use their VT-scanner. In 2020 VoodooShield also was not allowed to use their API any more. As soon as your program gets some audience reach and you would launch a commercial version, you are probably no longer allowed to use VT.

cruelsister said:
In short, a company must have a native (their own) scanner that has been approved by the AMTSO BEFORE they can leech VT data to add to their scanners

I'm not a big fan of any AV, but it always seemed outrageous to me that any person could set up a Cloud with a VT API hook and create your own Malware-B-Gone product without any actual research department, whereas those AV-companies spend millions on new detections

took the liberty of changing a few words in CS explanation to make it friendlier to read for you
 
Last edited:

LeMinhThanh

From LMT AntiMalware
Thread author
Verified
Developer
Well-known
Apr 11, 2020
305
Virus Total changed their policy in 2016 (link), so anti-malware programs could not use the results of VT (and benefit of the hard work of all the AV-companies on VT). In the past VT-blocked AI based AV-products to use their VT-scanner. In 2020 VoodooShield also was not allowed to use their API any more. As soon as your program gets some audience reach and you would launch a commercial version, you are probably no longer allowed to use VT.



took the liberty of changing a few words in CS explanation to make it friendlier to read for you
Wow, thanks for your infomation!
 

LeMinhThanh

From LMT AntiMalware
Thread author
Verified
Developer
Well-known
Apr 11, 2020
305
Hi!
LMT Anti Logger 5.1 released, please uninstall version 5.0, then install ver 5.1
Changelog:
  • Added Web Protection, block your connection to malicious websites. Currently only supports Chrome, MS Edge, Firefox and Opera. Best compatible with Firefox.
  • Port from .NET 5 to .NET Framework to make sure the Web Protection feature is working properly :))
  • Fixes some minor bugs.
Homepage: LMT Anti Logger - A software helps protect you from malware
Link filtering is done on your computer, the database from Urlhaus. I am also building a api to use for filtering url on my server, it will be added in the next version.
Video:



You can add your custom rules like this:

1616308948918.png
 
Last edited:

LeMinhThanh

From LMT AntiMalware
Thread author
Verified
Developer
Well-known
Apr 11, 2020
305
Hi!
LMT Anti Logger 5.1.1 released
Changelog:
  • Web Protection feature will automatically filter the internet connection of all browsers on your computer. You can add the browser you want to exclude to Whitelist.
  • Fixed a bug that could not return the line when adding custom rules on Web Protection.
Homepage: LMT Anti Logger - A software helps protect you from malware
 

LeMinhThanh

From LMT AntiMalware
Thread author
Verified
Developer
Well-known
Apr 11, 2020
305
Hi!
LMT Anti Logger 5.1.2 released
Changelog:
Homepage: LMT Anti Logger - A software helps protect you from malware
---------------------
When installing LMT Anti Logger, but meet this error, please turn off LMT Anti Logger's Self-defense, then restart the computer and install LMT Anti Logger again.
1617197496150.png

When installing LMT Anti Logger and meet this error, please click Skip:
1617197528316.png
 
Last edited:

LeMinhThanh

From LMT AntiMalware
Thread author
Verified
Developer
Well-known
Apr 11, 2020
305
Hi,
It seems that the network driver (WinDivert.sys) that I use in my software is reported to be malicious. WinDivert is safe.
1617323613664.png


1617323591772.png

I will submit false positive to those antivirus software. If you still want to use my software please add it to your Antivirus software exclusions until the problem is resolved.
1617323708559.png

Regards,
Thanh
---------------------------
Updated: It will be fixed soon
1617328590204.png
 

LeMinhThanh

From LMT AntiMalware
Thread author
Verified
Developer
Well-known
Apr 11, 2020
305
Hi!
LMT Anti Logger 5.1.3 released
Changelog:
  • Fixed a bug prevent Chromium browsers unable to display media content when Web Protection is enabled.
Homepage: LMT Anti Logger - A software helps protect you from malware
Web Protection will scan HTTP/HTTPS so it may affect your web-surfing experience, if you have any problems with Web Protection please email me!
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top