Results 1 to 3 of 3

Thread: Scan suggests SmartPCKeylogger involving seemingly old file

  1. #1
    Junior Member
    Join Date
    May 2008
    Posts
    3

    Default Scan suggests SmartPCKeylogger involving seemingly old file

    Code:
    --- Search result list ---
    SmartPCKeylogger: [SBI $52088A00] Shared DLL  (3 apps) (Registry value, nothing done)
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\system32\Memman.vxd
    
    SmartPCKeylogger: [SBI $52088A00]  System file (File, nothing done)
      C:\WINDOWS\system32\Memman.vxd
    
    
    --- Spybot - Search & Destroy version: 1.5.2  (build: 20080128) ---
    
    2008-01-28 blindman.exe (1.0.0.7)
    2008-01-28 SDDelFile.exe (1.0.2.4)
    2008-01-28 SDMain.exe (1.0.0.5)
    2007-10-07 SDShred.exe (1.0.1.2)
    2008-01-28 SDUpdate.exe (1.0.8.8)
    2008-01-28 SDWinSec.exe (1.0.0.11)
    2008-01-28 SpybotSD.exe (1.5.2.20)
    2008-01-28 TeaTimer.exe (1.5.2.16)
    2005-11-06 unins000.exe (51.41.0.0)
    2008-02-09 unins001.exe (51.49.0.0)
    2008-01-28 Update.exe (1.4.0.6)
    2007-08-31 _SpybotSD.exe (1.5.1.15)
    2008-01-28 advcheck.dll (1.5.4.5)
    2007-04-02 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2007-11-17 DelZip179.dll (1.79.7.4)
    2008-01-28 SDFiles.dll (1.5.1.19)
    2008-01-28 SDHelper.dll (1.5.0.11)
    2008-01-28 Tools.dll (2.1.3.3)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2008-04-16 Includes\Adware.sbi
    2008-05-21 Includes\AdwareC.sbi
    2008-05-21 Includes\Beta.sbi
    2007-11-06 Includes\Beta.uti
    2008-05-21 Includes\Cookies.sbi
    2007-12-26 Includes\Dialer.sbi
    2008-05-21 Includes\DialerC.sbi
    2008-05-21 Includes\HeavyDuty.sbi
    2008-04-30 Includes\Hijackers.sbi
    2008-05-21 Includes\HijackersC.sbi
    2008-04-30 Includes\Keyloggers.sbi
    2008-05-21 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi
    2008-05-21 Includes\Malware.sbi
    2008-05-21 Includes\MalwareC.sbi
    2008-03-26 Includes\PUPS.sbi
    2008-05-21 Includes\PUPSC.sbi
    2008-05-21 Includes\Revision.sbi
    2008-01-09 Includes\Security.sbi
    2008-05-21 Includes\SecurityC.sbi
    2008-04-16 Includes\Spybots.sbi
    2008-05-21 Includes\SpybotsC.sbi
    2008-04-16 Includes\Spyware.sbi
    2008-05-21 Includes\SpywareC.sbi
    2007-11-06 Includes\Tracks.uti
    2008-05-21 Includes\Trojans.sbi
    2008-05-21 Includes\TrojansC.sbi
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2008-12-24 Plugins\TCPIPAddress.dll

    My (possibly naive) reasons for skeptism:
    File has a date created and date modified stamp of 22-09-2002
    I was unable to distinguish a startup process that seemed associated
    Online scans from virusscan.jotti.org and Virustotal.com negative

    The above report was shortened to try and keep to the style demonstrated
    in

    http://forums.spybot.info/showthread.php?t=28373
    and
    http://forums.spybot.info/showthread.php?t=18382

    so my apologies if I failed somewhere (I didn't see anything regarding what
    reporting options to use in the sticky).

  2. #2
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Hello,

    since it is a shared library which is in question here, this could be a false positive. Please email the file to detections@spybot.info with a reference to this thread. We will compare your file and the files we encountered with the keylogger and will make adjustments to the detection rules if needed.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  3. #3
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Hello,

    we received a Memman.vxd and analyzed it. The false positive is confirmed and will be corrected with the next update scheduled for this Wednesday.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •