Protexis.MOD

**dooleda** · 2007-12-19, 21:47

Spybot detected Protexis.MOD on my computer. I let Spybot fix it, but can someone give me any more details about this keylogger? Where does it come from? What does it do besides capture keystrokes ( I assume for banking websites, etc)? How can I tell if it got anything off my computer?

**seekaybee** · 2007-12-21, 00:13

I have no idea but I second your question. The directories in question -- C:\ProgramData\Protexis , C:\ProgramData\Protexis\DL and C:\ProgramData\Protexis\State -- were all empty. A Google search returned only a small number of hits -- none very enlightening.

**vsparky** · 2007-12-21, 00:46

Originally Posted by seekaybee

I have no idea but I second your question. The directories in question -- C:\ProgramData\Protexis , C:\ProgramData\Protexis\DL and C:\ProgramData\Protexis\State -- were all empty. A Google search returned only a small number of hits -- none very enlightening.

me too ...exactly

anyone?

**honda12** · 2007-12-21, 00:48

hmm this may just be a coincidence, but spybot just happened to detect the same keylogger today when I scanned!

Merry Christmas

**tashi** · 2007-12-21, 01:26

As the topic is getting longer, I have moved it to the false positives forum (just in case), and will bring to the attention of a detective.

**Yodama** · 2007-12-21, 08:37

hello,

it appears that Protexis is the publisher of the qwertystudio MOD Keylogger while qwertystudio is the actual vendor. Since it is safe to assume that Protexis also publishes other software we will consider the Protexis folders as false positives. The Keylogger will also be renamed to Qwertystudio.MOD . This will take effect with the update scheduled for next wednesday .

**Needlenose** · 2007-12-24, 23:34

Spybot detected this virus on my computer as well...

**Yodama** · 2007-12-28, 07:38

@darkblitz

your Hijackthis log does not show any items that are related to the keylogger.

The detection update from 2007-12-26 should not flag the protexis folders anymore.

**bunnyhero** · 2008-01-03, 18:34

spybot s&d reported detection of qwertystudio.MOD, but i think it's a false positive.

OS: Windows XP Home, SP2
Browsers: Firefox 2.0.0.11, Internet Explorer 7
Spybot S&D Version: 1.4.
Latest update: 2008-01-02
False positive occurred in a Scan Result

Qwertystudio.MOD: Web page (File, nothing done)
C:\Documents and Settings\bunnyhero\Local Settings\Application Data\Protexis\UserSettings.xml

i looked inside the reported file. the contents of UserSettings.xml are:

<USER_SETTINGS><PROXY><SERVER IP="" Port="" /><AUTHENTICATION UserName="" Password="" /></PROXY></USER_SETTINGS>

and that's it.

**Buster** · 2008-01-04, 07:29

Hello bunnyhero,

thanks for reporting this. Looks like we missed this file. This will be fixed by the next update.

Thread: Protexis.MOD

Thread Tools

Display

Hybrid View

Protexis.MOD

Seconded

false positive for qwertystudio.MOD?

Posting Permissions