[Review] Ultimate Keylogger (v1.60.21)

{rw_text}Software reviewed in this article:

KRyLacks Software’s Ultimate Keylogger

Version reviewed:

v1.60.21

Supported OS:

Windows 95/98/98SE/ME/NT/2000/XP/2003/Vista/7

Price:

$29.95 (USD) but you can get it for free for a limited time at Giveawayoftheday.com!

Software description as per the developer:

Ultimate Keylogger is the popular all-round monitoring solution. It monitors all activities on computer systems including applications, keyboard, passwords, clipboard, chat, email, and visited websites. To avoid tampering of the software, it features a unique file protection. Ultimate Keylogger is completely undetectable. During monitoring sessions it will not be listed in the task manager. The software can be installed in less than five minutes and runs maintenance free. Ultimate Keylogger displays reports in web format or sends zip-compressed and encrypted activity reports invisibly via Email, FTP or network. Ultimate Keylogger has a password protected interface and hot-key combination for accessing the application. All recorded information is stored in an encrypted file. Ultimate Keylogger does not consume computer resources.

Ashraf’s note:

The developer’s website lists v1.50.18 as being the latest version. However, the program itself says it is v1.60.21. So I am going to assume I am reviewing v1.60.21 and not v1.50.18.

————————-{/rw_text} –>

{rw_good}

  • Logs keystrokes, clipboard activity, and application usage.
  • Can take screenshot automatically at regular, designated intervals.
  • You can password protect the program.
  • You can have the recorded activity logs + screenshots sent automatically to an e-mail address, FTP server, and/or to local/network folder.
  • The logs + screenshots can be password protected and encrypted via AES 256 before they are sent out.
  • You have the ability to warn people that their activity is being monitored.
  • All logged activity is encrypted until you view it and gets re-encrypted automatically.
  • You have the option to hide Ultimate Keylogger’s system tray icon, Windows Task Manager entry, and program files.

{/rw_good} –>

{rw_bad}

  • Ultimate Keylogger opens an outbound connection to the developer’s website every time I view my logs or screenshots. For what possible non-malicious reasons would the developer need to do this?
  • Only text activity in the clipboard is recorded.
  • Activity logs and screenshots are re-encrypted automatically, but they are re-encrypted after you close the main program window. They stay decrypted between the time you stop viewing the logs/screenshots and you have the main program window open.
  • Claims to be able to record URLs visited in Internet Explorer, but does not do this (at least not with IE8).
  • Constantly tries to add itself to Windows’ start-up/boot programs list (no option to tell it to stop).
  • Screenshots are not/cannot be compressed.
  • No way to exit the program except Alt + Ctrl +Delete style.

{/rw_bad} –>

{rw_score}
{for=”Ease of Use” value=”6″}The program is fairly self explanatory and easy to use. However, the Help file is pretty much useless, and the developer needs to improve in that area. Furthermore, the program constantly tries to add itself to the start-up/boot programs lists without giving you an option to tell it “no” and there is no way to exit the program except using Windows Task Manager and forcing it closed. Lastly, screenshots are not compressed so you need to be careful how many you take, otherwise they will fill your hard driver rather quickly.
{/for}
{for=”Performance” value=”8″}In terms of recording activity and taking screenshots, Ultimate Keylogger works well with two exceptions: 1) It is supposed to be able to record visited URLs in Internet Explorer but I found this does not work (at least in IE8) and 2) Only text activity in the clipboard is recorded. Other than that, the only other problem is the activity logs and screenshots are re-encrypted a little later than I would like after you view them.
{/for}
{for=”Usefulness” value=”5″}I am sure everyone has somebody they would like to spy on but in terms of using a keylogger ethically, it is a hit or a miss in terms of usefulness.
{/for}
{for=”Price” value=”7″}$29.95 is not a bad price for a keylogger considering I have seen other keyloggers to go for more. However, if the developer wants to sell more copies, he may consider dropping the price $10.
{/for}
{for=”Arbitrary Equalizer” value=”5″}This category reflects an arbitrary number that does not specifically stand for anything. Rather this number is used to reflect dotTech’s overall rating/verdict of the program in which all the features and alternatives have been considered.
{/for}
{/rw_score} –>

{rw_verdict}[tdown]
{/rw_verdict} –>

Ultimate Keylogger is obviously a program that monitors your activity. More specially, UK (Ultimate Keylogger) monitors and record your keystrokes (it would be monitoring my keystrokes if I had not already removed it), your clipboard activity, what applications/programs you are running. It is also supposed to monitor what URLs you visit in Internet Explorer but as I stated in my “The Bad” list above, I found this feature does not work (at least not in IE8). In addition to all the logging already mentioned, UK has the ability to take screenshots at regular, designated intervals (every X minutes or seconds).

When you run UK for the first time, you are asked to set a few options:

All of these “Security Settings” are changeable later, so no worries if you regret what you set them too. However, if you set a password do not forget it… or else.

After you get past the initial setup window, you get to the main program window of UK:

The program is pretty straightforward. Just be warned that as soon as you run the program it starts recording activity. You do, however, have the option to manually stop it/restart it whenever you want. In the top right you have the “Monitoring Options” from where you choose what you want to monitor:

2009-03-07_014830

For “Log Applications” the program records what is in the title of the program/app you have currently open as opposed to what the program actually is. For example, when visiting dotTech in Firefox, UK records “dotTech.org – Reviews, advice, tips, tricks, and freebies related to the digital world! – Mozilla Firefox” as opposed to just “FireFox”. This recording of the title program is a good and bad thing. It is a good thing in the sense that this helps you keep track of what websites are visited (because UK does not record URLs, or at least the feature that is supposed to record URLs in IE is not working as I already mentioned). It is a bad thing because sometimes the title of a program window does not properly describe what the program is.

When using the automatic screenshotting feature, keep one thing in mind: UK does not compress the screenshots so they can eat your hard drive space very quickly (depending on your resolution of monitor, the interval you set the screenshots to be taken at, .etc). The sad part is the screenshots are in JPG format so they can – and should – be easily compressed.

After “Monitoring Options” you will find “Security”:

The “Password Protection” is for UK – whenever your try to maximize it from the system tray you will have to enter a password if you enable this feature.

If “Hide process from Task Manager” is enabled, UK’s Windows Task Manager entry will no longer show. If it is disabled, you should see something like this in Windows Task Manager:

2009-03-07_024626

“Hide application program files” hides the main essential files of UK in its folder. It doesn’t hide them all though and the folder itself is still there. Just for reference, UK does not install under Program Files folder. UK installs in C:/ProgramData/uklpr.

After “Security”, you will find “Banner”. “Banner” has an interesting feature (“Show message every…”). It allows you to display a custom message every X seconds/minutes that warns the user that his/her activity is being monitored:

2009-03-07_021338

The banner is a simple ballon pop-up from the system tray icon (if you have it enabled), like so:

After “Banner” there are some housekeeping things in “Advanced”:

(I was running the 5 day trial to conduct this review; if you register the software you won’t get the same “UNREGISTERED” etc. message.)

“Make Silent One-Click Install…” is basically a feature which creates a .INI file that allows you to install UK on another computer “silently”:

In regard to the “Uninstall” button, if you go to uninstall UK, you will not find it under Add/Remove Programs. Heck even RevoUninstaller is unable to uninstall UK. To uninstall UK you either hit that  “Uninstall” button or you can go to C:/ProgramData/uklpr and run unukl.exe to uninstall.

Going back up to the top of the program window, there is the “Monitoring Status” section where you can enable/disable logging at your will:

2009-03-07_022821

Under “Monitoring Status” you will find “Logs”:

There can only be one log for your Windows account at a time (i.e. only one “Ashraf” log can exist). The information that is recorded is constantly added to that log. If you want to start over just delete that log and a new one will be created automatically. You don’t have any control over the logs besides deleting them. If you click on “Logs folder…” you will be brought to a folder where you will see your current log as a folder (the logs are stored in C:/ProgramData/ukl). For example, if I clicked on “Logs Folder…” I would see an “Ashraf” folder. You can manually create a new folder in the logs folder. UK will even recognize it and list that new folder under “Logs”. However, if you try to record to that log, nothing will record (‘least I had no success).

It is worth noting here that until you actually click on “View Report” or “View Screenshots” the information that has been recorded so far is in encrypted form so no one can stroll in an access it like it is no body’s business. Once you click on “View Report” and “View Screenshot” the data becomes decrypted. However take note of one possibly critical security hole. Your activity logs/screenshots are automatically re-encrypted; but they are re-encrypted after you close the main program window. So, essentially, your logs/screenshots sit unencrypted between the time you close them after viewing them and the time you close UK’s program window. As I said, possibly a huge security hole.

Lastly, there is the “Send Reports” feature:

2009-03-07_023814

Everything about “Send Reports” is pretty straightforward so there is no much explaining. Do note, though, if you plan on using the “Send by E-mail” feature, be sure to know your e-mail service provider’s SMTP server information because you need to enter it manually. The only exception for this is Gmail; UK has a built in feature that can automatically enter the relevant information for Gmail users – they just need to enter the username/password.

In terms of performance, UK has improved vastly since the last time I reviewed it. While before UK had sketchy recording accuracy, now it records everything it claims to record (aside from the URLs in IE). To view a sample log of what UK records, check this out.

While the performance of UK is fairly good, let me comment on some annoying and suspicious behavior it has that really make it look more like spyware than a legit keylogger:

  • By far the biggest problem I have with Ultimate Keylogger is that it opens an outbound connection to the developer’s website every time I view my activity logs and/or screenshots. How do I know this? Outpost Firewall tells me:

Now the developer’s website clearly is not “gator119.hostgator.com” so initially I was confused as to where UK is opening a connection to. However, after doing a bit more digging (I ran a whois on the developer’s website and learned it was hosted by HostGator, and when accessing the developer’s website via the Help file I got the same outbound connection warning), and running a traceroute, I know for sure UK is opening a connection to the developer’s website.

What I don’t know is why UK is opening a connection and what it is doing with that connection. For the life of me I cannot think of a single, non-malicious reason why the developer has made it so UK opens a connection to his/her website whenever a user views the recorded activity logs/screenshots. I can, however, give a thousand scumbag reasons why a developer would want to do this. I won’t, however, make any accusations since I don’t know what is going on, but just felt I should warn everyone.

Update: The developer of Ultimate Keylogger has contacted me and informed me that this outside connection is being made because “[they] have implemented additional protection to [their] licensing system and Ultimate Keylogger connects to [their] website to update the blacklist of stolen serial numbers. The only thing that happens is that it downloads http://www.ultimatekeylogger.com/dev3/465832/5684.txt  [which] contains hashes of the stolen keys.” (As per the developer, this system is not being used yet but rather only being tested.) The developer also promised to figure out how to “improve” this in future versions of UK.

Assuming what the developer says is true (I am told Softpedia gave UK a “100% clean” rating), my only question now is why in the world would this happen when a user viewing activity logs/screenshots? Why not occur when the program is launched or 10 minutes after launch since program launches at Windows boot automatically? I am still not impressed with this behavior, regardless of what Softpedia says.

  • There is no way to close the program once you have it started outside of Alt + Ctrl + Delete. You can try hitting “X” on the program window but it will just be minimized to system tray. If you right click on the system tray icon you will just be prompted to maximize the program window. I understand the developer may made it like this as a “security feature” but I do honestly feel the developer should add in an option allowing the user to select if they want to enable/disable a “close Ultimate Keylogger” button because, frankly, not being able to close UK is not only annoying but psychologically daunting.
  • This program adds it self to your start up program list, i.e. it will start on Windows boot. Did you notice any option that you could turn off to prevent this from happening? Ya me neither. It is very bad that the developer has this program add its self to start up list yet does not give the user a choice in the matter. Good thing there are free programs like WinPatrol that protect us:

2009-03-07_010646

In conclusion, all things considered, Ultimate Keylogger = big thumbs down. While yes it works well in terms of recording activity, I am not thrilled by the fact that it opens a connection to the developer’s website for no obvious reason.

This review was conducted on a laptop running Windows 7 Professional and Windows XP Professional 32-bit. The specs of the laptop are as follows: 3GB of RAM, a Radeon HD 2600 512MB graphics card, and an Intel T8300 2.4GHz Core 2 Duo processor.

{rw_freea}

Free KGB Key Logger

Imagine you are writing an e-mail message. Then you click a wrong button or your e-mail client hangs and you have to write the same text from scratch. Sounds familiar? With KGB Free Keylogger, you will never lose any of your text, whether it was typed in an e-mail client, a text editor, an on-line form or anywhere else. This free program logs everything you type. Get your passwords, registration keys and other info safely logged.

-Download.com

{/rw_freea} –>

{rw_verdict2}Commercial, non-spyware keyloggers will always have an aura of distrust and suspicion surrounding them because of the nature of their program. To dispell the distrust and suspicion, a developer needs to be open and transparent about their program. Ultimate Keylogger acts too much like spyware for my taste; thumbs down.
{/rw_verdict2} –>

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

42 comments

  1. canada goose outlet store

    Hello just wanted to give you a quick heads up.
    The words in your article seem to be running off the screen in Internet explorer.
    I’m not sure if this is a format issue or something to do with internet browser compatibility but I figured I’d post to let
    you know. The style and design look great though!
    Hope you get the problem solved soon. Cheers

  2. Mark Latimer

    I am sorry for two reasons the first is that I did not take your advice. The second is that I installed the program.

    Just as soon as the program finished installing my machine locked up, then gave me a BSOD. I reboot my machine, but all I could get was the BSOD. I booted into “Safe Mode” and tried to uninstall the program, but it would not let me in “Safe Mode”. Again I rebooted and tried to do “Boot to the Last Good Configuration” and again the BSOD. I rebooted back into “Safe Mode” and did a “System Restore”, which THANKFULLY worked.

    STAY AWAY FROM THIS PROGRAM!!!!!

    Take the advice from Ashraf before you do.

  3. shannon

    @RobCr – could you perhaps post a link to the page you downloaded from? i did a search for refog free keyloader & the download was called “keylogger.exe” & once i installed it, i was told that it was just a free trial…

  4. Akshay S Dinesh

    @help!:
    This happened to me too… But I just went to C:\Documents and Settings\All Users\Application Data\uklpr ran the wmpusrvc.exe file and then tried Ctrl Alt Shift S and it was working. Then it’s just one click to uninstall.

  5. Jim Anderson

    Hi Ashraf and all,

    I’m happy to actually be able to write to all of you, since this program sent my computer to hell and back.

    I downloaded it to my thumb drive, since I wanted the keylogger on my thumb drive in order to catch a particular individual at an Internet cafe, who was trying to steal my data…(long story, but true none-the-less), and it ended in almost total disaster.

    I know, I know…every computer is different…but, there was no problem in the download, and everything went fine after the download. Except for a couple little hitches…I began to notice my system responding a bit slower…then I shut everything down and went to bed.

    I woke up, powered up the computer, and went downstairs for my morning coffee. When I got back to my computer, I noticed my Window’s sidebar had not come up.

    I’m not going to get into a lot of detail here, but suffice it to say nothing was working. Everything was haywire…so, my first inclination was a virus. I set into motion, rebooting in safe mode, and deleting practically everything I thought might have contained a virus, then I ran Avira, AVG, Malware Bytes, and some I’m sure you haven’t ever heard of, which are specific to Asia, where I live.

    Then I rebooted and….same problem. But, it was getting worse.

    I was sure it was a Trojan that was quickly replicating and slowly destroying my system, so I shut everything down and resigned myself to taking the computer into the shop to have them reformat my hard disk for me (No, I don’t have the original…I live in Freaking Thailand, where it’s virtually impossible to get an authentic boot disk…as everything is pirated…and NO, I’m NOT kidding).

    I went to work *issed off as hell over this, but thinking about the issue none-the-less…then suddenly I remembered downloading the keylogger onto my thumb drive, which was still installed in one of my USB ports.

    I got home and promptly powered up the computer. No sense trying to normally remove the Kingston thumb drive via the computer, as everything was locked up and nothing worked, so…..I just ripped the *ucker out. Then I rebooted.

    Same problem. Everything was crap. Nothing worked.

    So then, I rebooted again, but this time hit F1 to bypass into the safe mode…once in safe mode, I simply chose “RETURN TO THAT GLORIOUS MOMENT WHEN LIFE WAS GOOD AND EVERYTHING ON MY WONDERFUL COMPUTER WORKED AS IT WAS SUPPOSED TO WORK…”

    Voila!

    No more problems. Everything working great.

    That thumb drive?

    I went to the nearest Internet Cafe that I hated, installed it on one of their computers, and blanked it out…wiped it out…dumped everything on it and scoured it clean….

    Then I rebooted the Internet Cafe computer I was on, and…..

    Wanna know what happened?

    TRASH & BURN…their computer was starting to exhibit the same problems…and worse…mine had.

    Then, I slithered out of the Internet Cafe because their computer was hash…toast…total English breakfast….disgusting.

    So, perhaps it’s just me???

    Nah, I don’t think so. Any others with this problem?

    Thank you Ashraf for all your selfless work you put into all this stuff!

    -Jeeem-

  6. RobCr

    @shannon:
    I downloaded from their web site.
    The name KGB is no longer mentioned on their site, and the program is now called –
    REFOG Free Keylogger
    I downloaded from a link on their site, and the download was called –
    refog_setup_free_kl_611.exe
    I just tried using the sownload that Ashraf provided above, and it is called –
    refog_setup_free_kl_514.exe

    Perhaps you could try ‘mine’, and let me know if it is still raising a warning ?

  7. shannon

    apparently i’m the only one who’s had a problem with the free alternative that was suggested. i downloaded KGB via the link Ashraf provided, and Avira AntiVir popped up 5 times warning me there was malware. here’s what it said it found “ADSPY/KGBSpy.M [adware]“

  8. MichaelC

    Thank-you, again, for your great reviews. I usually read all the comments on the GOTD page, but today your review covered enough to let me decide NOT to install. It phones home, it won’t uninstall normally, it won’t close normally. No way.

  9. RobCr

    Regarding REFOG Free Keylogger
    If any of you are VB6 developers, and you are using the above, then you may have to suspend the logging, whilst opening your VB6 Projects.
    I get 3 errors during load of my Projects.
    No doubt due to the fact that it is linking itself to the clipboard (or because of extreme monitoring).

  10. sys-eng

    I don’t like any program that thinks it needs to call to its former home without permission. I have seen such programs cause all sorts of problems because something in their calling scheme quit working.

    Any program on my computer should not be sneaking around calling up other people’s computers without my permission. I’m a bit of an old-fashioned protectionist about that but it keeps the other programs safe.

  11. help!

    I set it in stealth mode so I couldn’t access this file

    However, I used a VERY sneaky way to remove it:

    1) Run the setup.exe through Sandboxie
    2) Set it up as normal
    3) Get Sandboxie to recover the files that were created in C:\ProgramData\uklp in this install to my desktop
    4) Ran the unukl.exe that I could access that I grabbed from the installation I could access
    If Ashraf wants then I will give him a email with this file if he needs to assist other users that can’t remove the application because they can’t access the unukl.exe file because it has been hidden!

    Phew! Long comment :)

  12. help!

    I desperately need help!!

    How the hell do I uninstall?

    I installed by accident now I cant open the main window with the Ctrl Alt Shift thing

    Its really slowed my computer down as well, what can I do

  13. blue

    You’re gonna trust the developer of a keylogger to tell you the truth? Why would this occur only when you open the log?

    I don’t know what this program is phoning home with either but I DO know enough not to trust the character that would create a program like this.

    Thanks but no thanks

  14. MikeR

    Er, Adrian: I wouldn’t worry about semantics — life’s too short for anybody (any+body as a compound, same as nobody, where no+body are run together.)

    Your re-written re-write still makes it seem that even a corpse has no business to stroll in and gain access.

    ;)

  15. OutDesigns

    Thanks Ashraf for yet another fantastic review!
    . . . suspicious activity such as you found with this program is great cause for concern.

    In regards to this developer’s response to your discovery: No developer has the right to conduct “license checking” in this manner. There are plenty of safeguarding products available that have been specifically designed for software developers which assure their keys are kept safe.

    “Key-logging your own customers” . . . not a very smart marketing tactic.

  16. Adrian

    “Imagine you are writing an e-mail message. Then you click a wrong button or your e-mail client hangs and you have to write the same text from scratch.”

    This just happened to me today! LOL!

    @Ashraf, “no one can stroll in an access it like it is no body’s business”

    should be

    “no one can stroll in an access it like it is no body’s business”

  17. Ozzie

    @Mordaunt: Not in my experience. KeyScrambler just scrambles the keystrokes, not the actual words that you write (as in, those that appear on the screen in front of you). So no problems in that department. Your spellchecker is checking the actual words that appear on the page. Ergo, no conflict. Hope this helps!

  18. o(o.o)o

    Anyone tested this keylogger vs keyscrambler?

    Sadly I’m not really jumping in joy because of today’s GAOTD. In my country a majority of the population still get connected to the internet via cafes and if cafe owners here see this giveaway they might get tempted to actually install on public pcs. Not that they can’t do it even without this giveaway but if this program works as labeled, then byebye info.

  19. Ashraf
    Author/Mr. Boss

    @Fabian: After I asked the developer why they do their license checking at that particular moment, they told me “that is most probably when the user is online”. No offense to the developer, but huh? How does checking activity logs/screenshots = most probably when user is online? Both the activity logs/screenshots are an offline thing…

    Anyway, they now inform me they will remove this completely in the next versions.

    @Ozzie: Well you said KeyScrambler is a “free alternative”. However, today’s software is a keylogger. KeyScrambler is anti-keylogger, hence counter-free alternative.

  20. Ashraf
    Author/Mr. Boss

    @sean: Ummm someone could use a keylogger to find out who has been using their computer without permission. Parents could use it for their kids (not saying I support this, but its possible).

    @Ozzie: Keyscrambler isn’t a free alternative. It is a counter-free alternatives =P. And I use KeyScrambler too – it rocks (see http://dottech.org/freewaresr/7083). Truth be told, I am going to add it in when I revise my 9 free security software post.

  21. Fabian

    Awesome review. Certainly more in-depth that most slapped-together product reviews I find these days.

    Thanks a stack for the valuable input. Based on this, I’ve decided that this is one giveaway I’d rather avoid.

  22. Ozzie

    Great and thorough review, Ashraf! And exceptionally good work on the trace-back. Wouldn’t touch it with a barge pole. Sounds very suss on a number of different levels, irrespective of the developer’s follow-up explanation of non-malicious intent. Very poor form indeed. Might I suggest another tried and true free alternative, and that is KeyScrambler. I use it and have never had a problem. There is a Firefox plug-in for it as well. Definitely worth adding to the list of freeware alternatives, IM-Humble-O! LOL! The ladies rule!