Results 1 to 2 of 2

Thread: Perfect keylogger false positive

  1. 2010-09-05, 06:50 #1
    jamper
    jamper is offline
    Member
    Join Date
    Mar 2010
    Posts
    90

    Default Perfect keylogger false positive

    Hello, I recently had Spybot say it found "Perfect Keylogger" on my laptop and after Posting on the Maleware forum and after going through all the steps that the security expert said to do he concluded it was a false positive and said I should post here.

    Thanks

    RESIDENT Log:

    8/26/2010 6:08:51 PM Allowed (based on user decision) value "SpybotDeletingB6883" (new data: "command.com /c del "C:\WINDOWS\SchedLgU.Txt"") added in System Startup user entry!
    8/26/2010 6:09:06 PM Allowed (based on user decision) value "SpybotDeletingD4656" (new data: "cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"") added in System Startup user entry!
    8/26/2010 6:09:06 PM Allowed (based on user decision) value "SpybotDeletingA9970" (new data: "command.com /c del "C:\WINDOWS\SchedLgU.Txt"") added in System Startup global entry!
    8/26/2010 6:09:23 PM Allowed (based on user decision) value "SpybotDeletingC4716" (new data: "cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"") added in System Startup global entry!
    8/26/2010 8:41:44 PM (based on ) value "Malwarebytes Anti-Malware (reboot)" (new data: ""C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript") in System Startup global entry!
    8/26/2010 8:46:02 PM Allowed (based on user decision) value "SpybotDeletingB6883" (new data: "") deleted in System Startup user entry!
    8/26/2010 8:46:04 PM Allowed (based on user decision) value "SpybotDeletingD4656" (new data: "") deleted in System Startup user entry!
    8/26/2010 8:46:11 PM Allowed (based on authenticode whitelist) value "Adobe ARM" (new data: ""C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"") added in System Startup global entry!
    8/26/2010 8:46:21 PM Allowed (based on lassh blacklist) value "Apoint" (new data: "C:\Program Files\Apoint\Apoint.exe") added in System Startup global entry!
    8/26/2010 8:46:31 PM Allowed (based on lassh blacklist) value "ISUSPM Startup" (new data: "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup") added in System Startup global entry!
    8/26/2010 8:46:44 PM Allowed (based on lassh blacklist) value "ISUSScheduler" (new data: ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start") added in System Startup global entry!
    8/26/2010 8:46:57 PM Allowed (based on lassh blacklist) value "Dell QuickSet" (new data: "C:\Program Files\Dell\QuickSet\quickset.exe") added in System Startup global entry!
    8/26/2010 8:47:02 PM Encountered and terminated PerfectKeylogger in C:\WINDOWS\system32\lsass.exe!
    8/26/2010 8:47:03 PM Allowed (based on user decision) value "ZoneAlarm Client" (new data: ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"") added in System Startup global entry!
    8/26/2010 8:47:13 PM Allowed (based on lassh blacklist) value "igfxtray" (new data: "C:\WINDOWS\system32\igfxtray.exe") added in System Startup global entry!
    8/26/2010 8:47:29 PM Allowed (based on user decision) value "igfxhkcmd" (new data: "C:\WINDOWS\system32\hkcmd.exe") added in System Startup global entry!
    8/26/2010 8:47:45 PM Allowed (based on lassh blacklist) value "igfxpers" (new data: "C:\WINDOWS\system32\igfxpers.exe") added in System Startup global entry!
    8/26/2010 8:47:55 PM Allowed (based on authenticode whitelist) value "Adobe Reader Speed Launcher" (new data: ""C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"") added in System Startup global entry!
    8/26/2010 8:48:05 PM Allowed (based on user decision) value "AVG9_TRAY" (new data: "C:\PROGRA~1\AVG\AVG9\avgtray.exe") added in System Startup global entry!
    8/26/2010 8:48:14 PM Allowed (based on authenticode whitelist) value "SunJavaUpdateSched" (new data: ""C:\Program Files\Common Files\Java\Java Update\jusched.exe"") added in System Startup global entry!
    8/26/2010 8:48:24 PM Allowed (based on user decision) value "QuickTime Task" (new data: ""C:\Program Files\QuickTime\QTTask.exe" -atboottime") added in System Startup global entry!
    8/26/2010 8:48:24 PM Allowed (based on user decision) value "SpybotDeletingA9970" (new data: "") deleted in System Startup global entry!
    8/26/2010 8:48:24 PM Allowed (based on user decision) value "SpybotDeletingC4716" (new data: "") deleted in System Startup global entry!
    Reply With Quote Reply With Quote
  2. 2010-09-13, 10:23 #2
    Buster
    Buster is offline
    Member of Team Spybot Buster's Avatar
    Join Date
    Oct 2005
    Location
    Bochum/Germany
    Posts
    389

    Default

    Hello Jamper,

    I guess you are referring to a problem which has already been fixed by a previous update. Please download the latest definition files and try again.
    "The advantage of wisdom is that you can always act the fool. The opposite is quite tough."

    K. Tucholsky

    _______________________________________________________________

    Please help us improve Spybot and download our distributed testing client.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules