Monday, 28 January 2013

How does keyloggers get past anti-virus?

Most spy programs gets detected and removed by anti-virus software and security tools. redpill is one of the few (if not the only) spy software company that is continually managing to stay under the radar.

How do the redpill Spy Software Products manage to get past anti-virus packages?

First, let’s look at how anti-virus packages detect spy software and key loggers.

There are two main ways how anti-virus packages detect malware and spy software:

Fingerprint Detection:
Anti-virus companies have databases of know malware and spy software that is updated daily (virus definition files). The anti-virus software then looks for a fingerprint … a piece of code that would be unique to the specific spy program inside each file.

Behavior Detection:
Each anti-virus package has its own name for this technique (Bloodhound, Sonar Detection, Sandbox Testing, etc). In short, the software will not only look at what the program is doing, but also execute pieces of code of the program in a safe (sandbox) environment too see what it is capable of doing.

Even if the key logger or spy program is a new program, it can still be detected and removed by anti-virus software.

How does redpill then manage to get past most anti-virus packages?

redpill has a unique set of counter detection techniques to avoid detection by both the fingerprint detection method as well as the behavior detection method. For obvious reasons we can’t discuss how these techniques work but redpill is continually busy improving these techniques.

Can redpill get past all anti-virus packages and security tools?

At the end of the day, the redpill spy products still need to perform some ‘red flag’ operations like logging keys, taking screenshots, transmitting data and restarting after a reboot. Although redpill employ some advanced and unique techniques to camouflage these actions, it is impossible to hide them completely as they need to be performed.

For that reason it will always be possible for the more advanced anti-virus packages and security tools to detect, remove or block redpill products.

redpill still get past most, as these advanced detection products that can detect or block redpill products are not very popular due to a large percentage of false positives from these products.

What to do if your redpill product is detected or removed

If your redpill product is detected or removed by your anti-virus, download and install the latest version (for redpill Spy) or install again using a new install module (for redpill Detective and redpill Agent).

Never use an old install file or install module. Even if the version number is the latest, redpill products are continually updated to prevent detection.


  1. With the help of FlexiSpy, you will have an opportunity to lock your phone remotely, have a glance at keyloggers application here.

  2. These reports are tricks are produced to panic you. This particular malware reports genuine windows documents furthermore non-existent records as diseases. You have to in no way, shape or form attempt to wipe out these records physically observing that it is conceivable to hurt the designs of your working System, rendering it temperamental.