What might a keylogger’s attempt to access the Internet look like in a Comodo firewall warning? Would it be difficult to identify it as malware activity?

A keylogger doesn’t necessarily access the Internet itself & is not necessarily bad either. As the name suggests, a keylogger monitors the keyboard to capture the keystrokes. If I remember correctly, CFP 2.4 identifies that as a process wanting to monitor the keyboard, like a “keylogger”.

I recently had a trojandownloader.zlob.bfl attack and shortly thereafter had “SC_Keylog” appear in a Counterspy scan. Why would it be on my computer if not to acquire information and transmit it out. I’m just wondering what kind of alert I would receive from the firewall if such a transmission was attempted.


this are virus descriptions, but what dlls, exe, com files it been.

this important, and did comodo did oversee them?

where hijacked as plugin to browser?


or were just installed did none?

not to hammer on you, keyloggers ceck each doing, but dont transmit imediate, they store in a file,
and might make a connection once a week, month,

this might a item for devirus coders, notify which files rise size over a day,

good input!

Download Spybot S&D. Zlob is one of the trojans it detects and removes.

But to protect yourself against keyloggers and the like, enable CTRL+ALT+DEL on bootup (assuming you have Win XP). This suspends all applications while you logon. To enable it, go Control Panel → Administrative Tools → Local Security Settings → find the option called “Interactive logon: Do not require CTRL+ALT+DEL” and set it to “Disabled”. The next time you bootup, you’ll have to press that key combination yourself in order to logon.

Some trojans run as a service. You can check which services are loading on startup by running this command from a command prompt: wmic /output:C:\services.htm service get /format:hform
The file in HTML format will be saved to the root (C:) and will open in whichever browser you use by default.


If you have a keylogger that is trying to gain internet access, it will in some way “hijack” your browser or other internet-connecting application. You will see a warning to that effect. Presuming that you would not recognize the name of the application doing the hijack, you would Deny the connection and begin investigating.

If you have a keylogger that tries to interact with your browser or some other internet-connected application (such as to monitor for passwords on websites, etc), you will receive a warning to that effect. Same as above…

The specific warning you get in either scenario would depend on the action the keylogger takes. It would be good to be familiar with Application Behavior Analysis, and what it monitors - Security/Advanced/Application Behavior Analysis.

Hope that helps,


Be very careful with Spybot Search & Destroy 1.5. It does not get along with Symantec or Webroot SpySweeper and can cause a catastrophic crash. Both of the programs look at 1.5 as an intruder and start to block all of SSD’s wesites and worms. Meanwhile, it shut off Norton Antivirus, and SpySweeper was able to keep up with the porn websites so as I said, until these problems are worked out with 1.5, don’t use it. 1.4 installed was all right, SSD got a very bad review from a tech who called it “antiquated” and not of this present world, which probably ticked off the creator of SSD into a premature release.

There’s been a workaround posted on the Spybot forums to address the problem with Webroot Spy sweeper, details here


how safe is comodo if police enters your door at home and make changes?

what logs, features i have see that?


Hi Mike

I split your post off that topic because I couldn’t see what it had to do with that topic. If you can demonstrate to me otherwise, I’ll put it back.

I don’t really understand what you mean… but, taking your post at face value…

As far as I know, you are perfectly safe. It is not illegal to use CFP. The Police will not touch you. :slight_smile:


ok we discussed the possible leak police can place a keylogger online.

now i ask, what if the police install a logger locally in pc, when im away at home.

dear kali, often i think we mean the same but dont get together,

yes plse make a new thread: can police trick out comodo if install a logger on a pc while broke door when comodo user was in a bar.




Keyloggers: No they cannot. CFP 2.4 would detect it in an instant. Then, depending on where you live, all the law enforcement officers involved would a) get fired & b) go to prison, the government would fall and, in general, there would be lots of tears before bedtime. Oh… and you’d probably be famous (for awhile) & fairly rich… with the compensation & selling your story to the papers. OR… you’ll get a letter saying “sorry”. But, it would still be glorious.

Misunderstandings: I am doing my best. Honest! But, as long as good humor prevails… we shall be just fine I believe.

PS You’ve demonstrated to me that this was indeed on topic. I apologise unreservedly & without any further messing around restore this topic back to its rightful place.