There are a few mentions of Vulcan by name in McAfee Labs database: http://www.mcafee.com/apps/search/threat.aspx?q=vulcan&v=malware and a couple of references in the forums: https://community.mcafee.com/community/security/search.jspa?peopleEnabled=true&userID=&containerType... but from what I gather on Google Vulcan is genuine software albeit something that most malware defences would react to as it's a keylogger.Message was edited by: Ex_Brit on 15/07/12 4:26:50 EDT PM
The Vulcan keylogger ought to be detected by McAfee (according to the person I asked) although I can't find an account of it in the Threats database. Perhaps it's a fairly recent arrival on the scene.
If you have it on your system and McAfee isn't detecting it, I suppose the checklist runs something like this :
- Make sure you've downloaded the latest McAfee DAT
- If it's still not detected run Stinger or GetSusp. GetSusp might detect it but won't try to delete it (lots of false positives from this tool).
- If you have an executable file you can upload it to the Labs for checking (see here)
- Try running Malwarebytes, which might pick it up.
Thanks Hayton for your respons and feedback.
The strange thing is that the keylogger stoped reporting after I run McAfee.
However on the scan itself it did not report an detection neither an report of the removal itself.
AVG dedetected the ´not executed keylogger file' (sended to victems computer), but i am not sure if it dedected the executed keylogger file (after victem opened the keylogger file).
Well it's a fuzzy business.
Thanks for your help.
The mentions in the McAfee database may or may not refer to products from the website that is responsible for this keylogger. Vulcanbot is nothing to with this, it was specifically directed against targets in Vietnam.
but from what I gather on Google Vulcan is genuine software
I beg to differ. I've been to the site, and it's a hacker's supply centre. I've added reviews to WOT and SiteAdvisor, and requested the WOT community review that site's clean rating. Pity I can't do the same for SiteAdvisor.
Right now I can't say whether McAfee specifically detects this keylogger. There are no other threads on it in these forums.
If it's not detected on your machine, I'm wondering why you want to know if McAfee can detect and remove it. Has another AV program flagged it as malware, and if so which one?
It's indeed a hacker's supply centre like you mentioned.
The case is. A friend of my sended this keylogger to me for testing purpose.
And I know the computer is infected by the keylogger. I run McAfee, but McAfee could not trace and remove it. Even a deeper scan did not work.
I thought McAfee could also detect some malware.
I am surprised that a keylogger as Vulcan is not dedected, because it´s a quite known keylogger.
So that´s why i posted it on this form.