KGB Keylogger

Writing and using PopTray plug-ins

Moderators: KY Dave, jojobear99, Rdsok

Locked
azulmarino
First Timer
Posts: 2
Joined: Fri Nov 09, 2007 6:55 pm

KGB Keylogger

Post by azulmarino » Fri Nov 09, 2007 7:01 pm

The anti-spyware program SpyCatcher[1] says the ssleay32.dll file installed by PopTrayPlugins_beta6.exe is a KGB Keylogger. Is this a false-positive detection or is it really a malware? Any suggestion?
[1]http://www.tenebril.com/downloads/

User avatar
Rdsok
PopTray Family
Posts: 1352
Joined: Fri Mar 19, 2004 11:36 pm
Location: Norman, Oklahoma USA
Contact:

Post by Rdsok » Fri Nov 09, 2007 7:57 pm

As usual, this is a false positive being made by your protection program. This often happens with many antivirus/antispyware programs and the main cause is from the fact that the malware authors are also using the very same compilers and file libraries of code that normal programs use so when a new malware detection is added to the antivirus definition files... it can have enough common code with normal programs that the normal program gets misdetected as a malware threat.

Before you do anything else... update your antivirus or other protection program and test the file again. Most of the companies will update their definitions often and may have already corrected the issue... so always test with the latest updates before you do anything else.

I can also tell you how to double check all of the above by doing additional testing. Before you even run anything... disable your On Access scanner for your protection program and then test the file or files in question at either http://virusscan.jotti.org/ or at http://www.virustotal.com . If you don't disable your protection you won't be able to upload the file because your protection software will block access to it. You will be safe in doing this with any suspected threat as long as you don't also run the suspected file/program... a malware that is not running can't do anything... so you can test safely like this as long as you don't run the suspect program also.

Once you have tested and proven to yourself that it truely is a false positive... report the detection to your antivirus/antispyware program's company so they can correct the issue. Don't get mad at them and switch for this type of reason alone... you would only switch one set of false detections for another that another program would have... so work with the company directly to get the issue resolved and you will help all users of the antivirus program.

If they want you to email them a copy of the file being detected... remember to archive the file ( arc, cab, tar, zip etc ) using a password and then send the archive file, tell them the password and tell them what it is being reported as along with any other info they may request.

azulmarino
First Timer
Posts: 2
Joined: Fri Nov 09, 2007 6:55 pm

Post by azulmarino » Fri Nov 09, 2007 8:21 pm

Rdsok, thank you for the tips and advice. Cheers!

Locked

Who is online

Users browsing this forum: No registered users and 3 guests