Windows 10 TP Contains Keylogger

Discussion in 'Windows 10' started by JBenal, Oct 6, 2014.

  1. JBenal

    JBenal MDL Addicted

    Nov 2, 2009
    521
    209
    30
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. EFA11

    EFA11 Avatar Guru

    Oct 7, 2010
    8,719
    6,741
    270
    Thanks for the heads up, but this has been talked to death already lol

    Appreciate the effort though.
     
  3. Jazz

    Jazz MDL Senior Member

    Jun 7, 2014
    341
    89
    10

    Attached Files:

    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    16,141
    84,322
    340
    Lazy Boy indeed :D
     
  5. JBenal

    JBenal MDL Addicted

    Nov 2, 2009
    521
    209
    30
    I've read all the threads pertaining to Windows 10 on MDL and have not seen a specific reference to a keylogger. Perhaps I missed it. I'm sure this will be news to some people. Those who said they were using this as their primary OS probably haven't seen this or given it a lot of thought. I'll continue testing it, but will set Windows Firewall to block all outbound traffic.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Chibi ANUBIS

    Chibi ANUBIS MDL Chibi Developer

    Apr 28, 2014
    1,235
    910
    60
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Myrrh

    Myrrh MDL Expert

    Nov 26, 2008
    1,511
    627
    60
    Over-paranoid. The legal agreement to me sounds like it's describing the touch keyboard, you know "autocorrect" - it has to know what you are typing before it can suggest something else.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. LiteOS

    LiteOS Windowizer

    Mar 7, 2014
    2,198
    974
    90
  9. Myrrh

    Myrrh MDL Expert

    Nov 26, 2008
    1,511
    627
    60
    That service would only be useful on a device with cellular radio. Not likely many of those would be servers.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. westwind

    westwind MDL Novice

    Oct 4, 2014
    2
    2
    0
    I just managed to disable the dmwappushsvc service.

    Just open the registry and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmwappushsvc
    There you just have to look for the "Start" entry. Double click it and change the value to "4".
    This will disable the dmwappushsvc service after a restart.
     
  11. murphy78

    murphy78 MDL DISM Enthusiast

    Nov 18, 2012
    7,394
    11,615
    240
    It's just something people aren't used to. People aren't used to anybody capturing their keystrokes in any fashion.
    We've all been told how bad keylogging is since they became a thing.
    I honestly don't think this is the same thing.
    I'm pretty sure that they're just having an addon for Internet Explorer to copy the data you input into text fields where auto-fill would normally work.
    Yes, this is a huge issue if you're doing banking or any other sorts of things on IE, but as long as the "keylogging" program is not running, it wouldn't do anything.

    I'm pretty sure that if you use chrome or firefox, this is a non-issue.
     
  12. bambamtusa

    bambamtusa MDL Member

    Jul 18, 2011
    105
    117
    10
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. Smorgan

    Smorgan Glitcher

    Mar 25, 2010
    1,855
    1,051
    60
  14. EFA11

    EFA11 Avatar Guru

    Oct 7, 2010
    8,719
    6,741
    270
    not sure what the encryption is. Wild guess, something like blowfish and that has yet to be broken (afaik). I would also assume its better encryption than the esd's since this is data coming from users, not just an esd.

    anyway, a lot of assumptions in this post lol
     
  15. Smorgan

    Smorgan Glitcher

    Mar 25, 2010
    1,855
    1,051
    60
    #19 Smorgan, Oct 7, 2014
    Last edited: Oct 7, 2014
    Actually no longer assumptions as that is the wireshark report that notes all the communication that goes over the eth0.

    Now we just need to see what exactly is being sent.

    In other words sift through it.

    This is what we know right now:

    111 74.737974000 192.168.138.140 65.55.108.23 TLSv1.2 4219 Application Data
    23 19.158727000 192.168.138.140 192.168.138.2 DNS 85 Standard query 0x818b A statsfe2.ws.microsoft.com
    84 73.855487000 192.168.138.140 192.168.138.2 DNS 85 Standard query 0xb40e A vortex.data.microsoft.com

    We can close the Application reporting using host blocking.

    Normally you don't have to do this for an operating system as its kinda used with software cracking.

    In other words block IP of 65.55.108.23 to disable Application Data reporting.
     
  16. EFA11

    EFA11 Avatar Guru

    Oct 7, 2010
    8,719
    6,741
    270
    #20 EFA11, Oct 7, 2014
    Last edited by a moderator: Apr 20, 2017
    to add to your collection

    Code:
    131.253.34.30 - settings-sandbox.data.microsoft.com
    131.253.34.23 - vortex-sandbox.data.microsoft.com
    This seems to have something going with Metro Apps, at least in part.
    Code:
    vortex.data.microsoft.com/collect/v1