I ran a scan after I had my current employer's IT guy put all the software/platform I'll be using on my pc. I don't generally let anyone mess with my hard drive, but it is a requirement for the IT guy to make sure that everything is working properly and set up right. My bad, I know.

Anyway, this is the fix log from the scan that found NiceSpy.XPKeylogger on my pc. Can anyone give me more information on this? Is this the same NiceSpy that is made by NiceSoft Studio? From what I understand on this website

http://www.tenebril.com/src/info.php?id=4899336

You have to actually manually download it like any other paid for program. Is this true? What I mean is you don't pick it up from hitting on an infected link or site, like most.

Here is another site that talks about it.

http://research.sunbelt-software.com/threatdisplay.aspx?name=NiceSPY&threatid=29346

I also contacted Dell and they told me it didn't look like a virus but looked like a program that I or someone else had to download! :mad:


NiceSpy.XPKeylogger: [SBI $735EC972] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{08B9999C-DAD2-4353-B25B-8CCAFFCA4D16}

NiceSpy.XPKeylogger: [SBI $4B06E03D] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{23E86816-772B-4B28-A924-A135CFF6469A}

NiceSpy.XPKeylogger: [SBI $176BC7C0] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{41DBA1FA-44F6-4BD5-82DF-1A7FDEA0475D}

NiceSpy.XPKeylogger: [SBI $97D5A818] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{E05AEA1E-BCB1-473A-8B2A-4829D9E1AD23}


--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

TIA! I appreciate any and all info on this as I work from home on my pc!

One more thing, how can I make sure that it is completely removed from my registry and all traces are off?

Sha

hello,

thank you for reporting this.
The registry key you reported are part of JMail which is used by the keylogger to submit its logged data.
Since JMail is a legit email application we will treat these findings as false positives and adjust our detection rules accordingly.
If you do use JMail please recover these registry keys to make sure that JMail is working properly.

So, I have recovered the items and am now running a scan which shows the 4 entries of NiceSpy. I am going to have SpyBot ignore these, if that is what you are saying to do, but can you please elaborate on what jmail is and why Spybot is showing these entries as a keylogger.

I really appreciate any information you can give me because the company/staff I just started working for are extremely nice and I enjoy the work. This had me really shocked that it might be something they did, but paranoid none the less. ;)

Is this something the IT guy should be made aware of so others don't freak out like me?:clown:

TIA!:)

Sha

hi,

JMail (http://sourceforge.net/projects/javamailclient), is a java (http://java.sun.com/products/javamail/) based email client. The links may give you more information. Since it is open source, it could be included in an another software , for instance as an optional email/messaging function.

Should I make IT aware of the issue with it showing up as a keylogger?

Thank you very much for setting my mind at ease! You've been very helpful!:)

Sha