Results 1 to 5 of 5

Thread: Skype.exe keylogger?

  1. #1
    Junior Member
    Join Date
    Nov 2011
    Posts
    3

    Default Skype.exe keylogger?

    Hi,

    I'm using SpyBot S&D version 1.6.2.46 on Vista x64, and have been using it for a while now. I've never had any problems running Skype, but after Skype updated itself today, TeaTimer popped up a dialog saying it had detected a keylogger on my computer, and the associated process had been terminated. The executable file associated with the terminated process was Skype.exe, from Skype's \Phone directory. As far as I am aware, this is the correct location for Skype.exe. The only other detail mentioned on the TeaTimer dialog was something about identifying the exe as a part of a known malware group, identified as "AllInOneKeylogger". Since this happened immediately after Skype updated (and hence replaced the .exe), I'm suspecting a false positive here. (I'm running Comodo Firewall's Defense+ along with Spybot, and no file access to Skype's data directories was reported by either Comodo or Vista's UAC) Is there any way to verify this?

    Thanks!

  2. #2
    Translator Team bbnetwork's Avatar
    Join Date
    Feb 2012
    Location
    Germany- Saxony
    Posts
    595

    Default

    Hello plonik

    from what you say, i too think it is a false-positiv.
    I would suggest you, to upload the skype.exe on http://www.virustotal.com to check it with a number of different Scanners. If the most show it harmless it might be a false-positiv.

  3. #3
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  4. #4
    Junior Member
    Join Date
    Nov 2011
    Posts
    3

    Default

    Oops, sorry. I thought I had included all that information in the original post, but here it is anyway:

    OS: Windows Vista 64 bit
    Browsers: Firefox 18.0.1, Opera 9.64, Google Chrome 24.0.1312, IE 8.0.6001 (I haven't used IE in years)
    Spybot Version: 1.6.2.46 - I don't think I've ever updated the program, Spybot says the last detection update was 30/11/2011
    TeaTimer report in Spybot Logs:

    04/02/2013 20:50:16 Allowed (based on user decision) value "Skype" (new data: ""C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun") added in System Startup user entry!
    04/02/2013 20:50:18 Encountered and terminated AllInOneKeylogger in C:\Program Files (x86)\Skype\Phone\Skype.exe!
    Complete Log file attached.

  5. #5
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hi Ploink,
    Quote Originally Posted by Ploink View Post
    don't think I've ever updated the program, Spybot says the last detection update was 30/11/2011


    Could you update the definitions please and then run another scan so that when our detectives are on-line they will have the latest information.

    Cheers.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •