Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Keylogger issue

19 May 2011   #1
MRValiant

Windows 8 Pro
 
 
Keylogger issue

Hi I just got a replacement hardrive through RMA. After I initialize the drive I shut the computer off. Later on when I got back on this came up.


behavior similar to keylogger detected. Now I read where Kaspersky is giving people who use this anti-virus some problems with this. So far im running a bunch of scans. But in the mean time I put the word keylogger in the search thingy by the all programs and this came up.

Report=notepad

Code:
;--------------------------------------------

[MainReport]
@       = $DlgAttrBase mg(0,0) alias(taskview) at(resizable,minimizable,a_close) sz(720,570) oninit(l_currep=ctl.defList) h($IsKAT ? 15761 : 15765)
Header  = [MainReport_Header]
Body    = [MainReport_Body]
defList = t(list) visible(0)

[MainReport_Header]
@       = sz(p,53) at(singleline,fixstyle) ta(lc) bg("MainWindowHeader") f("Header1") extprm(1)
hdr     = [ProductHeader] sz(p,p)
Save    = [BtnGlass] sz($Button_Medium_CX,$Button_CY) a(rc) xy(28) onclick(l_currep.savereport()) use(!$IsKAT)

[MainReport_Body]
@               = sz(p,p) alias(navigator) at(enum,loadpages) btns(Task) a(la) mg(7,7) xy(,,,$DialogPanelSizeY)
Navigator       = [MainReport_Body_Navigator]
_client_area    = a(la) sz(p,p)

[MainReport_Body_Navigator]
@           = sz(p,a) xy(,,,7) oninit(ctl.Statistic.value=1)
Task        = [MainReport_Body_Navigator_Task]
Group       = $Combo sz(a,a) a(at) xy(,,7) v(l_currep.curview()) items(vector(l_currep.getview()) text(ViewName) v(ViewId))
Filter      = [MainReport_Body_Navigator_Filter]
Warn        = $Link a(as) xy(7,3) i("warning") visible(ctl.Filter.All.selected && !global.FullReport) onclick(window("OptionsWindow:Reports")) use(!$IsKAT)
Statistic   = $ToolButton a(rt) ia(cc) i("Toolbox,0,0,0,0,0,0") enable(s_IsStatisticsEnabled(ctl.Task.value)) use(!$IsKAT)

[MainReport_Body_Navigator_Task]
$ReportNavTask = at(radiolike) text(switch(ctl.id, "ProfileName")) use(f_isInstalled(ctl.id))
@               = $Combo sz(a,a) dl(20) rs(0,0) xy(,,7)
Protection      = text($Protection) at(radiolike) use(!$IsProtectionNotInstalled)
Hips            = $ReportNavTask
File_Monitoring = $ReportNavTask
Mail_Monitoring = $ReportNavTask
Web_Monitoring = $ReportNavTask
IM_Monitoring = $ReportNavTask
Firewall    = $ReportNavTask
pdm         = $ReportNavTask
ids         = $ReportNavTask
;OnlineSecurity  = text($ids) at(radiolike) use(f_isInstalled(ctl.id))
Anti_Spam   = $ReportNavTask
AdBlocker   = $ReportNavTask
ParCtl      = $ReportNavTask
;ContentFilter   = text($ContentFilter) at(radiolike) use(f_isInstalled(ctl.id))
Scan            = text($Scan_Objects) at(radiolike)
Updater         = text($Updater) at(radiolike) use(f_isInstalled(ctl.id))
AVZ_Scan        = text($AVZ_Scan) at(radiolike) use(f_isInstalled(ctl.id))



[MainReport_Body_Navigator_Filter]
@           = $Combo sz(a,a) rs(0,0) at(rememberdata) onchange(l_currep.setfilter(ctl.value,3)) a(at)
Critical    = v("Severity <= #eNotifySeverityError")
Important   = v("Severity <= #eNotifySeverityImportant") at(default)
All         = v("")

[ProfileReport]
@       = t(splitter) at(rememberdata) sz(p,p) ext(1) v(65000)
Group1  = extprm(1) sz(p,p)
Stat    = [ProfileReportStat]

[ProfileReportStat]
@       = extprm(1) sz(p,p) visible(ctl.Statistic.value)
Group2  = extprm(1) sz(p,p) visible(!ctl.EnableChart.value || !$GVF_HAS_STAT )
Group3  = extprm(1) sz(p,p) visible(!ctl.Group2.visible) b(System) mg(10,10,10,10) bg("ColorWindow")

[Product_Events]
@       = ext(1) sz(p,p)
Report  = [Product_Events_Report]

[Product_Events_Report]
@           = $List at(rememberdata) alias(taskevents) refresh(100) a(la) extprm(1) onshow(l_currep=ctl.Report;ctl.Group.reinit();ctl.setfilter(ctl.Filter.value,3))
Time        = sz(150) text(datetimeDT(Timestamp)) group(date,dategroupDT(Timestamp),default) sort(index,sortup) filter(auto,s_date(dategroupDT(Timestamp))) extprm(1)
Application = [Product_Events_Report_Application]
Task        = sz(80,a) text($TaskText) extprm(1) group(task,TaskID) filter(auto)
Verdict     = [Product_Events_Report_Verdict]
Action      = sz(160) text($ActionText) group(Action) extprm(1) filter(auto,$ActionText,Product_Events_Report_Action_Filter) use(f_isInstalled("HipsTask"))
InSandbox    = sz(a) text($ObjectInSandboxText) at(nosort) use(f_isInstalled("SandBox"))
Object      = [Product_Events_Report_Object]
OldObject   = [Product_Events_Report_OldObject]
Size        = sz(a,a) use(0) extprm(1) text($ObjectSizeText) sort(ExtraInfoSub2)
Reason      = sz(80,a) text($ReasonText) filter(custom,,Product_Events_Report_Reason_Filter) extprm(1)
row         = at(clickable) i($RepEventIcon) bg($RepEventBg) onrclick(menu("Product_Events_Report_Menu"))
views       = extprm(1)

[Product_Events_Report_Application]
@           = sz(280) text($AppName) group(AppGroup,AppID) extprm(1) i($AppIcon)
Name        = sz(a) text($AppModule) i($AppIcon)
Path        = sz(a) text($AppPath)
PID         = sz(a) text($hasNativePID ? $AppNativePID : "") group(PIDGroup,PID)
CommandLine = sz(a) text($AppCmdLine)

[Product_Events_Report_Verdict]
@               = sz(p) rs(40) text($VerdictText) group(Verdict) filter(auto,$VerdictDescrText,Product_Events_Report_Verdict_Filter) extprm(1)
Descr           = sz(a) text($VerdictDescrText) extprm(1)
DetectType      = sz(a) text($DetectTypeText) group(DetectType) filter(auto) extprm(1)
DetectName      = sz(a) text($DetectNameText) group(DetectName) filter(auto) extprm(1)
DetectDanger    = sz(a) text($DetectDangerText) group(DetectDanger) filter(auto) extprm(1)
Exact           = sz(a) text($ExactText) group(IsExact) filter(auto) extprm(1)

[Product_Events_Report_Object]
@       = sz(p) rs(60) text($ObjectText) i($ObjectIcon) group(ObjectType) filter(auto,$ObjectTypeText,Product_Events_Report_Object_Filter) extprm(1)
Type    = sz(60) text($ObjectTypeText) i($ObjectIcon) group(ObjectType) filter(auto) extprm(1)
Path    = sz(a) text($ObjectPathText)
Name    = sz(a) text($ObjectNameText)

[Product_Events_Report_OldObject]
@       = sz(p) rs(60) text($OldObjectText) at(nosort) i($OldObjectIcon) group(ObjectType) filter(auto,$ObjectTypeText,Product_Events_Report_Object_Filter) use(0) extprm(1)
Type    = sz(60) text($ObjectTypeText) i($OldObjectIcon) group(ObjectType) filter(auto) extprm(1)
Path    = sz(a) text($OldObjectPathText) at(nosort)
Name    = sz(a) text($OldObjectNameText) at(nosort)

[Product_Events_Report_Ex]
@       = sz(p,p) ext(1)
Report  = [Product_Events_Report]

[Product_Events_Report_Save]
@ = [EditSimpleItem] onok(l_combo.add(ctl.Name.value,ctl.Name.value)) subst(Example(use(0))) ext(1)

[Product_Events_Report_Menu]
$ForASMail      = TaskID==#eTASK_AS && ObjectType==#eMailMessage
$ForAB          = TaskID==#eTASK_AB && ObjectType==#eURL
$GotoFileVirt = exec(env("ProductRoot").addPath("sbstart.exe"), f_getSandboxIdFromPath($ObjectRealText) + " \"iexplore\" -new -e " + objdir($ObjectText))
$GotoFileReal = if(!gotofile($ObjectText), msg("CantOpenFolder"))
@               = t(menu) bg("MenuIconBg")
ASDetails       = at(default) use($ForASMail) onclick(dialog("AntiSpam_MailDetails"))
ASMarkAsSpam    = use($ForASMail) onclick(ctl.Report.antispam_action(0))
ASMarkAsHam     = use($ForASMail) onclick(ctl.Report.antispam_action(1))
ASAddToWL       = use($ForASMail) onclick(ctl.Report.antispam_action(2))
ASAddToBL       = use($ForASMail) onclick(ctl.Report.antispam_action(3))
ABAllow         = use($ForAB) enable(DetectName) onclick(ctl.Report.antibanner_allow())
sep
MakeFilter
MakeGroup
sep
ClearFilters
ClearGroup
sep
Expand          = visible(isNode && !isExpanded)
Collapse        = visible(isNode && isExpanded)
CollapseAll     = visible(isNode)
sep
Copy
SelectAll
sep
GotoFile        = enable(ObjectType==#eFile) onclick( if(PID && PID != #PIDProduct && PID != #PIDSystem && f_isSandboxed(PID),$GotoFileVirt,$GotoFileReal) ) use(!$IsRD)

;all events see in 'enVerdict'
[Product_Events_Report_Verdict_Filter]
CLEAN               = v(#eCLEAN)     use($GVF_AV)
ARCHIVED            = v(#eARCHIVED)  use($GVF_AV)
PACKED              = v(#ePACKED)      use($GVF_AV)
;ENCRYPTED             = v(#eENCRYPTED) use($GVF_AV)
CORRUPTED           = v(#eCORRUPTED) use($GVF_AV)
DETECTED            = v(#eDETECTED)
ALLOWED             = v(#eALLOWED)   use($GVF_NOT_SCAN)
DENIED              = v(#eDENIED)    use($GVF_NOT_SCAN)
REJECTED            = v(#eREJECTED)  use($GVF_NOT_SCAN)
NOT_PROCESSED       = v(#eNOT_PROCESSED)      use($GVF_AV)
PASSWORD_PROTECTED  = v(#ePASSWORD_PROTECTED) use(!($GVF_NOT_SCAN))
PROCESSING_ERROR    = v(#ePROCESSING_ERROR)   use($GVF_AV)
ADDEDTOEXCLUDE      = v(#eADDEDTOEXCLUDE)     use($GVF_NOT_CF)
Cure                = [Product_Events_Report_Verdict_Filter_Cure] use($GVF_NOT_CF)
Task                = [Product_Events_Report_Verdict_Filter_Task] use($GVF_NOT_SCAN)
ProdState           = [Product_Events_Report_Verdict_Filter_Prod] use(ctl.Report.value == #eTASK_GROUP_PROTECTION)

;see s_ProdState
[Product_Events_Report_Verdict_Filter_Prod]
ProdState1               = v(#ePROTECTION + #ProdStateProductNotActivated)
ProdState2               = v(#ePROTECTION + #ProdStateProductNotProtected)
ProdState3               = v(#ePROTECTION + #ProdStateKeyAboutExpiration)
ProdState4               = v(#ePROTECTION + #ProdStateKeyExpired)
ProdState5               = v(#ePROTECTION + #ProdStateKeyWillBeExpired)
ProdState6               = v(#ePROTECTION + #ProdStateKeyTrialExpired)
ProdState7               = v(#ePROTECTION + #ProdStateKeyBlocked)
ProdState8               = v(#ePROTECTION + #ProdStateNoKeys)
ProdState9               = v(#ePROTECTION + #ProdStateKeyWaitActivation)
ProdState10               = v(#ePROTECTION + #ProdStateKeyInvalid)
ProdState11               = v(#ePROTECTION + #ProdStateKeyLimited)
ProdState12               = v(#ePROTECTION + #ProdStateKeyGracePeriod)
ProdState13               = v(#ePROTECTION + #ProdStateKeyUpdateFailed)
ProdState14               = v(#ePROTECTION + #ProdStateKeySuspended)
ProdState15               = v(#ePROTECTION + #ProdStateHighRiskTasksNotRunning)
ProdState16               = v(#ePROTECTION + #ProdStateTasksNotRunning)
ProdState17               = v(#ePROTECTION + #ProdStateTasksMalfunction)
ProdState18               = v(#ePROTECTION + #ProdStateHighRiskTasksDisabled)
ProdState19               = v(#ePROTECTION + #ProdStateTasksDisabled)
ProdState20               = v(#ePROTECTION + #ProdStateProtectionSafeMode)
ProdState21               = v(#ePROTECTION + #ProdStateProtectionNotInstalled)
ProdState22               = v(#ePROTECTION + #ProdStateBasesNotValid)
ProdState23               = v(#ePROTECTION + #ProdStateBasesOutOfDate)
ProdState24               = v(#ePROTECTION + #ProdStateBasesNotActual)
ProdState25               = v(#ePROTECTION + #ProdStateUpdateNeedReboot)
ProdState26               = v(#ePROTECTION + #ProdStateBasesCorrupted)
ProdState27               = v(#ePROTECTION + #ProdStateOnDemandTaskRunning)
ProdState28               = v(#ePROTECTION + #ProdStateProtectionNotRunning)
ProdState29               = v(#ePROTECTION + #ProdStateProtectionDisabled)
ProdState30               = v(#ePROTECTION + #ProdStateThreatsMalwareUntreated)
ProdState31               = v(#ePROTECTION + #ProdStateThreatsRiskwareUntreated)
ProdState32               = v(#ePROTECTION + #ProdStateBasesCacheResizeFail)


[Product_Events_Report_Verdict_Filter_Cure]
DISINFECTED                 = v(#eDISINFECTED) use($GVF_AV)
DELETED                     = v(#eDELETED)     use($GVF_AV)
OVERWRITED                  = v(#eOVERWRITED)  use($GVF_AV)
QUARANTINED                 = v(#eQUARANTINED)
TERMINATED                  = v(#eTERMINATED)  use($GVF_HIPS)
RESTORED                    = v(#eRESTORED)    use($GVF_AV)
RENAMED                     = v(#eRENAMED)     use($GVF_AV)
BACKUPED                    = v(#eBACKUPED)    use($GVF_AV)
REPARED                     = v(#eREPARED)     use($GVF_AV)
ROLLBACKED                  = v(#eROLLBACKED)  use($GVF_HIPS)
NOT_DISINFECTED             = v(#eNOT_DISINFECTED)  use($GVF_AV)
NOT_DELETED                 = v(#eNOT_DELETED)      use($GVF_AV)
NOT_QUARANTINED             = v(#eNOT_QUARANTINED)
NOT_RENAMED                 = v(#eNOT_RENAMED)      use($GVF_AV)
TERMINATE_FAILED            = v(#eTERMINATE_FAILED) use($GVF_HIPS)
ROLLBACK_FAILED             = v(#eROLLBACK_FAILED)  use($GVF_HIPS)
BACKUP_FAILED               = v(#eBACKUP_FAILED)    use($GVF_AV)
REPAIR_FAILED               = v(#eREPAIR_FAILED)    use($GVF_AV)
DISINFECTED_ON_REBOOT       = v(#eDISINFECTED_ON_REBOOT) use($GVF_AV)
DELETED_ON_REBOOT           = v(#eDELETED_ON_REBOOT)     use($GVF_AV)
QUARANTINED_ON_REBOOT       = v(#eQUARANTINED_ON_REBOOT) use($GVF_AV)
DISINFECT_ON_REBOOT_FAILED  = v(#eDISINFECT_ON_REBOOT_FAILED) use($GVF_AV)
DELETE_ON_REBOOT_FAILED     = v(#eDELETE_ON_REBOOT_FAILED)    use($GVF_AV)

[Product_Events_Report_Verdict_Filter_Task]
DISABLED        = v(#eDISABLED) use(!ctl.Report.value)
TASK_STARTED    = v(#eTASK_STARTED)
TASK_STOPPED    = v(#eTASK_STOPPED)
TASK_FAILED     = v(#eTASK_FAILED)
TASK_COMPLETED  = v(#eTASK_COMPLETED)

[Product_Events_Report_Action_Filter]
Open    = v(#evtOpen)
Create  = v(#evtCreate)
Read    = v(#evtRead)
Write   = v(#evtWrite)
Delete  = v(#evtDelete)
Rename  = v(#evtRename)
Process = [Product_Events_Report_Action_Filter_Process]
Data    = [Product_Events_Report_Action_Filter_DataAccess]
System  = [Product_Events_Report_Action_Filter_System]

[Product_Events_Report_Reason_Filter]
User                            = v(#eUSER)
ReportOnly                      = v(#eREPORTONLY)
Postponed                       = v(#ePOSTPONED)
TaskStopped                     = v(#eTASKSTOPPED)
Error                           = v(#eERROR)
Database                        = v(#eDATABASE)                                    use($GVF_UC)
WhiteList                       = v(#eWHITE_LIST)                                use($GVF_UC)
UserBlackList                   = v(#eUSER_BLACK_LIST)                            use($GVF_UC)
UserWhiteList                   = v(#eUSER_WHITE_LIST)                            use($GVF_UC)
Emulator                        = v(#eEMULATOR)
BB                              = v(#eBB)
Heuristic                       = v(#eHEURISTIC)                                use($GVF_UC)
Bayes                           = v(#eBAYES)                                    use($GVF_UC)
GSG                             = v(#eGSG)                                        use($GVF_UC)
PDB                             = v(#ePDB)                                        use($GVF_UC)
RecentTerms                     = v(#eRECENTTERMS)                                use($GVF_UC)
SFDB                            = v(#eSFDB)                                        use($GVF_AV)
ISWIFT                          = v(#eISWIFT)                                    use($GVF_AV)
UNCHANGED                       = v(#eUNCHANGED)                                use($GVF_AV)
KSN                             = v(#eKSN)                                        use($GVF_AV)
AllowedSender                   = v(#eALLOWED_SENDER)                            use($GVF_UC)
BlockedSender                   = v(#eBLOCKED_SENDER)                            use($GVF_UC)
AllowedPhrase                   = v(#eALLOWED_PHRASE)                            use($GVF_UC)
BlockedPhrase                   = v(#eBLOCKED_PHRASE)                            use($GVF_UC)
DetectByHash                    = v(#eDETECT_BYHASH)
DetectInformation               = v(#eDETECT_INFORMATION)
Size                            = v(#eSIZE)
Type                            = v(#eTYPE)
Exclude                         = v(#eEXCLUDE)
Time                            = v(#eTIME)
NoRights                        = v(#eNORIGHTS)                                    use($GVF_AV)
NotFound                        = v(#eNOTFOUND)                                    use($GVF_AV)
Locked                          = v(#eLOCKED)                                    use($GVF_AV)
Noncurable                      = v(#eNONCURABLE)                                use($GVF_AV)
WriteProtect                    = v(#eWRITEPROTECT)                                use($GVF_AV)
Nonoverwritable                 = v(#eNONOVERWRITABLE)                            use($GVF_AV)
CopyFailed                      = v(#eCOPYFAILED)                                use($GVF_AV)
WriteError                      = v(#eWRITEERROR)
OutOfSpace                      = v(#eOUTOFSPACE)
ReadError                       = v(#eREADERROR)
DeviceNotReady                  = v(#eDEVICENOTREADY)
WriteNotSupported               = v(#eWRITENOTSUPPORTED)
CannotBackup                    = v(#eCANNOTBACKUP)                                use($GVF_AV)
AddedToWhiteRecipient           = v(#eANTISPAM_AddedToWhiteRecipient)            use($GVF_UC)
HasBeenTrained                  = v(#eANTISPAM_HasBeenTrained)                    use($GVF_UC)
Training                        = v(#eANTISPAM_Training)                        use($GVF_UC)
NeedTraining                    = v(#eANTISPAM_NeedTraining)                    use($GVF_UC)
WhiteAddress                    = v(#eANTISPAM_WhiteAddress)                    use($GVF_UC)
BlackAddress                    = v(#eANTISPAM_BlackAddress)                    use($GVF_UC)
WhiteString                     = v(#eANTISPAM_WhiteString)                        use($GVF_UC)
BlackString                     = v(#eANTISPAM_BlackString)                        use($GVF_UC)
AntiFishing                     = v(#eANTISPAM_AntiFishing)                        use($GVF_UC)
WhiteAddressNotFound            = v(#eANTISPAM_WhiteAddress_NOTFOUND)            use(0)
WhiteStringNotFound             = v(#eANTISPAM_WhiteString_NOTFOUND)            use(0)
MailDispatcher                  = v(#eANTISPAM_MailDispatcher)                    use($GVF_UC)
Eicar                           = v(#eANTISPAM_Eicar)                            use($GVF_UC)
Banner                          = v(#eANTISPAM_Banner)                            use($GVF_UC)
InvalidHTML                     = v(#eANTISPAM_InvalidHTML)                        use($GVF_UC)
ExternalObj                     = v(#eANTISPAM_ExternalObj)                        use($GVF_UC)
InternalObj                     = v(#eANTISPAM_InternalObj)                        use($GVF_UC)
EmptyMessage                    = v(#eANTISPAM_EmptyMessage)                    use($GVF_UC)
NotForMe                        = v(#eANTISPAM_NotForMe)                        use($GVF_UC)
NotEnglish                      = v(#eANTISPAM_NotEnglish)                        use($GVF_UC)
RecipLimit                      = v(#eANTISPAM_RecipLimit)                        use($GVF_UC)
RecipLimitNotFound              = v(#eANTISPAM_RecipLimit_NOTFOUND)                use($GVF_UC)
InvalidHTML_UnknownDefsCount    = v(#eANTISPAM_InvalidHTML_UnknownDefsCount)    use($GVF_UC)
InvalidHTML_SeemsColors         = v(#eANTISPAM_InvalidHTML_SeemsColors)            use($GVF_UC)
InvalidHTML_SmallText           = v(#eANTISPAM_InvalidHTML_SmallText)            use($GVF_UC)
InvalidHTML_InvisibleCharCount  = v(#eANTISPAM_InvalidHTML_InvisibleCharCount)    use($GVF_UC)
InvalidHTML_Scripts             = v(#eANTISPAM_InvalidHTML_Scripts)                use($GVF_UC)
InvalidHTML_HiddenElements      = v(#eANTISPAM_InvalidHTML_HiddenElements)        use($GVF_UC)
CannotBeSpam                    = v(#eANTISPAM_CannotBeSpam)                    use($GVF_UC)
SpamTest                        = v(#eANTISPAM_SPAMTEST)                        use($GVF_UC)

[Product_Events_Report_Action_Filter_Process]
ProcessStart    = v(#evtProcessStart)
ProcStart       = v(#evtProcStart)
ProcessStop     = v(#evtProcessStop)
ProcStop        = v(#evtProcStop)
ImageLoad       = v(#evtImageLoad)
ImageUnload     = v(#evtImageUnload)
Terminate       = v(#evtTerminate)
ReadProcMem     = v(#evtReadProcMem)
SetHook         = v(#evtSetHook)
CodeInject      = v(#evtCodeInject)
Suspend         = v(#evtSuspend)
AddAppToGr      = v(#evtAddAppToGr)

[Product_Events_Report_Action_Filter_DataAccess]
Send                = v(#evtSend)
Receive             = v(#evtReceive)
WMSend              = v(#evtWMSend)
LLDiskAccess        = v(#evtLLDiskAccess)
LLFSAccess          = v(#evtLLFSAccess)
ADSAccess           = v(#evtADSAccess)
DirectMemAccess     = v(#evtDirectMemAccess)
ClipBoardAcceess    = v(#evtClipBoardAcceess)

[Product_Events_Report_Action_Filter_System]
SelfStart           = v(#evtSelfStart)
WindowsShutDown     = v(#evtWindowsShutDown)
HiddenRegistry      = v(#evtHiddenRegistry)
KeyLogger           = v(#evtKeyLogger)
SetHardLink         = v(#evtSetHardLink)
SchedulerStart      = v(#evtSchedulerStart)
DrvStart            = v(#evtDrvStart)
ServiceStart        = v(#evtServiceStart)
ScreenShots         = v(#evtScreenShots)
CriticalCOMAccess   = v(#evtCriticalCOMAccess)
UseBrowserCL        = v(#evtUseBrowserCL)
UseBrowserAPI       = v(#evtUseBrowserAPI)
UseDNS              = v(#evtUseDNS)
UseBITS             = v(#evtUseBITS)
SetDbgPrivilege     = v(#evtSetDbgPrivilege)
ChangeObjPrivilege  = v(#evtChangeObjPrivilege)
ShellWindowsAcceess = v(#evtShellWindowsAcceess)
UserAccountAccess   = v(#evtUserAccountAccess)

[Product_Events_Report_Object_Filter]
File        = v(#eFile)
Directory   = v(#eDirectory)   use($GVF_HIPS)
RegKey      = v(#eRegKey)      use($GVF_HIPS)
RegValue    = v(#eRegValue)    use($GVF_HIPS)
Process     = v(#eProcess)     use($GVF_HIPS)
Thread      = v(#eThread)      use($GVF_HIPS)
Module      = v(#eModule)      use($GVF_HIPS)
LogSector   = v(#eLogSector)   use($GVF_AV)
PhysSector  = v(#ePhysSector)  use($GVF_AV)
Memory      = v(#eMemory)      use($GVF_AV)
MailMessage = v(#eMailMessage) use($GVF_AV)
MailAttach  = v(#eMailAttach)  use($GVF_AV)
PagerData    = v(#ePagerData)   use($GVF_AV)
URL         = v(#eURL)         use($GVF_NOT_SCAN)
Script      = v(#eScript)      use($GVF_NOT_SCAN)
Port        = v(#ePort)        use($GVF_HIPS)
Connection  = v(#eConnection)  use($GVF_HIPS)
Packet      = v(#ePacket)      use($GVF_HIPS)
DialStr     = v(#eDialStr)     use($GVF_OS)
Task        = v(#eTask)        use($GVF_NOT_SCAN)

;--------------------------------------------

[Product_Scan_Statistics_List]
$ObjectPath = c_object(ObjectId, object(ObjectId))
@           = $List alias(scanstat) refresh(100) a(la) ext(1) extprm(1)
Object      = at(fixedpos) text(ObjectType == #eFile ? objfile($ObjectPath) : s_ObjectType(ObjectType)) ia(lc) i(s_ObjectTypeIcon(ObjectType, $ObjectPath, #true, #true)) sz(150) extprm(1)
Time        = text(timestamp(TimeSpend/1000)) sz(a) a(r) sort(TimeSpend)
Scaned      = [Product_Scan_Statistics_List_Scaned]
Detected    = text(Detected) sz(a) a(r)
row         = bg(if(Flags & 1,"EventWarn")) f(((Flags & 2) && isExpanded) ? "Normal_Bold" : "Normal")

[Product_Scan_Statistics_List_Scaned]
@               = text(Scaned) sz(a) a(r)
Scaned          = text(Scaned) sz(a) a(r)
Archived        = text(Archived) sz(a) a(r)
Packed          = text(Packed) sz(a) a(r)
PswProtected    = text(PswProtected) sz(a) a(r)
Corrupted       = text(Corrupted) sz(a) a(r)
ScanErrors      = text(ScanErrors) sz(a) a(r)

[Product_Statistics_List]
@       = $List alias(blstat) at(nosearch) prm(#dbStatistics) refresh(500) a(la) group(dateonly,dategroup(Date),default) ext(1) extprm(1)
Counter = at(fixedpos) ia(lc) sz(240) group(CounterItem,Counter,default) sort(s_RepDetectType(Counter),sortdown) extprm(1)
Blocked = text(Blocked) a(r) sz(60) extprm(1)
Total   = text(Total) a(r) sz(60) extprm(1)
row     = f(depend(!level) ? "Normal_Bold" : "Normal")

;--------------------------------------------

Can someone tell me what this is.


My System SpecsSystem Spec
.
19 May 2011   #2
Xhi

Windows 7 Ultimate 64-bit / Ubuntu Linux 11.04
 
 

This might be a false positive from Kaspersky. Just to make sure, could you try a second opinion scanner? Try downloading Malwarebytes : Free anti-malware, anti-virus and spyware removal download and see what it says. Make sure to do a full scan.
My System SpecsSystem Spec
20 May 2011   #3
MRValiant

Windows 8 Pro
 
 

Yes I did these scans also.

Malwarebytes full scan

SUPERAntiSpyware full scan


Kaspersky full scan and nothing came up.

I did download and ran a Keylogger detector and this came up lol


Attached Thumbnails
-keylogger.png  
My System SpecsSystem Spec
.

20 May 2011   #4
mickey megabyte

ultimate 64 sp1
 
 

i think the key word in "behavior similar to keylogger detected" is similar.

i've noticed kaspersky doing this when i start certain games.

i forget now exactly, but if you click on the arrow and select 'hide this notification' (or something like that) then you won't get bothered by that particular warning for that particular 'problem' software again.

looks like you're clean!
My System SpecsSystem Spec
20 May 2011   #5
MRValiant

Windows 8 Pro
 
 

Thanks guys
My System SpecsSystem Spec
20 May 2011   #6
MRValiant

Windows 8 Pro
 
 

I am running ESET Online scanner and so far its showing 3 infections (Win32/ ADWARE. ADON ). Just have to wait till its done to see what else comes up.
My System SpecsSystem Spec
Reply

 Keylogger issue




Thread Tools




Similar help and support threads
Thread Forum
Keylogger detection
This hasn't come up for me in a very long time so I'm looking for a little input. I have a client whose email and a online account of another nature were both hacked. I am fairly sure whoever did it simply compromised the hotmail account password somehow. I have been scanning the machine...
System Security
PDM.keylogger.... A serious threat?
Hello, A full system kaspersky scan shows a PDM.Keylogger threat Object: kernel mode memory patch Status inactive I was told that this is not a threat and it Is a system device (safe item) and that I should include it in exclusions. Is it safe to do so?? Or should I delete it? And if I...
System Security
Detecting keylogger
Hi, I am not sure whether a keylogger is installed on my pc. I suspect so because the settings on my KIS 12 were not set to detect keyloggers ( not sure how, but I'm not the one who chaned the settings?). my laptop was hacked a while ago, though I formatted my pc, the hackers still have info...
System Security
Spyware, keylogger?
Can someone please explain how spyware and keylogger be put in some software you downloaded? Can they steal your credit card #? Is it done through programming please? Thanks for your advice.
System Security
stop the keylogger
my bro installed a keylogger i think its ascp monitor or sumthin.. can i disable it while using it?? or can i use internet in safe mode. wil it be still accessible to the keylogger?? need help?
Software
Keylogger question.
Hey, Does anyone know if it is possible for a keylogger to survive/persist a complete hard drive wipe using DBAN? Darik's Boot And Nuke | Hard Drive Disk Wipe and Data Clearing I ran the program with DoD short wipe and 3 passes from a bootable DVD. The system only contains one drive.
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:10.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App