Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Keylogger issue


19 May 2011   #1

Windows 8 Pro
 
 
Keylogger issue

Hi I just got a replacement hardrive through RMA. After I initialize the drive I shut the computer off. Later on when I got back on this came up.


behavior similar to keylogger detected. Now I read where Kaspersky is giving people who use this anti-virus some problems with this. So far im running a bunch of scans. But in the mean time I put the word keylogger in the search thingy by the all programs and this came up.

Report=notepad

Code:
;--------------------------------------------

[MainReport]
@       = $DlgAttrBase mg(0,0) alias(taskview) at(resizable,minimizable,a_close) sz(720,570) oninit(l_currep=ctl.defList) h($IsKAT ? 15761 : 15765)
Header  = [MainReport_Header]
Body    = [MainReport_Body]
defList = t(list) visible(0)

[MainReport_Header]
@       = sz(p,53) at(singleline,fixstyle) ta(lc) bg("MainWindowHeader") f("Header1") extprm(1)
hdr     = [ProductHeader] sz(p,p)
Save    = [BtnGlass] sz($Button_Medium_CX,$Button_CY) a(rc) xy(28) onclick(l_currep.savereport()) use(!$IsKAT)

[MainReport_Body]
@               = sz(p,p) alias(navigator) at(enum,loadpages) btns(Task) a(la) mg(7,7) xy(,,,$DialogPanelSizeY)
Navigator       = [MainReport_Body_Navigator]
_client_area    = a(la) sz(p,p)

[MainReport_Body_Navigator]
@           = sz(p,a) xy(,,,7) oninit(ctl.Statistic.value=1)
Task        = [MainReport_Body_Navigator_Task]
Group       = $Combo sz(a,a) a(at) xy(,,7) v(l_currep.curview()) items(vector(l_currep.getview()) text(ViewName) v(ViewId))
Filter      = [MainReport_Body_Navigator_Filter]
Warn        = $Link a(as) xy(7,3) i("warning") visible(ctl.Filter.All.selected && !global.FullReport) onclick(window("OptionsWindow:Reports")) use(!$IsKAT)
Statistic   = $ToolButton a(rt) ia(cc) i("Toolbox,0,0,0,0,0,0") enable(s_IsStatisticsEnabled(ctl.Task.value)) use(!$IsKAT)

[MainReport_Body_Navigator_Task]
$ReportNavTask = at(radiolike) text(switch(ctl.id, "ProfileName")) use(f_isInstalled(ctl.id))
@               = $Combo sz(a,a) dl(20) rs(0,0) xy(,,7)
Protection      = text($Protection) at(radiolike) use(!$IsProtectionNotInstalled)
Hips            = $ReportNavTask
File_Monitoring = $ReportNavTask
Mail_Monitoring = $ReportNavTask
Web_Monitoring = $ReportNavTask
IM_Monitoring = $ReportNavTask
Firewall    = $ReportNavTask
pdm         = $ReportNavTask
ids         = $ReportNavTask
;OnlineSecurity  = text($ids) at(radiolike) use(f_isInstalled(ctl.id))
Anti_Spam   = $ReportNavTask
AdBlocker   = $ReportNavTask
ParCtl      = $ReportNavTask
;ContentFilter   = text($ContentFilter) at(radiolike) use(f_isInstalled(ctl.id))
Scan            = text($Scan_Objects) at(radiolike)
Updater         = text($Updater) at(radiolike) use(f_isInstalled(ctl.id))
AVZ_Scan        = text($AVZ_Scan) at(radiolike) use(f_isInstalled(ctl.id))



[MainReport_Body_Navigator_Filter]
@           = $Combo sz(a,a) rs(0,0) at(rememberdata) onchange(l_currep.setfilter(ctl.value,3)) a(at)
Critical    = v("Severity <= #eNotifySeverityError")
Important   = v("Severity <= #eNotifySeverityImportant") at(default)
All         = v("")

[ProfileReport]
@       = t(splitter) at(rememberdata) sz(p,p) ext(1) v(65000)
Group1  = extprm(1) sz(p,p)
Stat    = [ProfileReportStat]

[ProfileReportStat]
@       = extprm(1) sz(p,p) visible(ctl.Statistic.value)
Group2  = extprm(1) sz(p,p) visible(!ctl.EnableChart.value || !$GVF_HAS_STAT )
Group3  = extprm(1) sz(p,p) visible(!ctl.Group2.visible) b(System) mg(10,10,10,10) bg("ColorWindow")

[Product_Events]
@       = ext(1) sz(p,p)
Report  = [Product_Events_Report]

[Product_Events_Report]
@           = $List at(rememberdata) alias(taskevents) refresh(100) a(la) extprm(1) onshow(l_currep=ctl.Report;ctl.Group.reinit();ctl.setfilter(ctl.Filter.value,3))
Time        = sz(150) text(datetimeDT(Timestamp)) group(date,dategroupDT(Timestamp),default) sort(index,sortup) filter(auto,s_date(dategroupDT(Timestamp))) extprm(1)
Application = [Product_Events_Report_Application]
Task        = sz(80,a) text($TaskText) extprm(1) group(task,TaskID) filter(auto)
Verdict     = [Product_Events_Report_Verdict]
Action      = sz(160) text($ActionText) group(Action) extprm(1) filter(auto,$ActionText,Product_Events_Report_Action_Filter) use(f_isInstalled("HipsTask"))
InSandbox    = sz(a) text($ObjectInSandboxText) at(nosort) use(f_isInstalled("SandBox"))
Object      = [Product_Events_Report_Object]
OldObject   = [Product_Events_Report_OldObject]
Size        = sz(a,a) use(0) extprm(1) text($ObjectSizeText) sort(ExtraInfoSub2)
Reason      = sz(80,a) text($ReasonText) filter(custom,,Product_Events_Report_Reason_Filter) extprm(1)
row         = at(clickable) i($RepEventIcon) bg($RepEventBg) onrclick(menu("Product_Events_Report_Menu"))
views       = extprm(1)

[Product_Events_Report_Application]
@           = sz(280) text($AppName) group(AppGroup,AppID) extprm(1) i($AppIcon)
Name        = sz(a) text($AppModule) i($AppIcon)
Path        = sz(a) text($AppPath)
PID         = sz(a) text($hasNativePID ? $AppNativePID : "") group(PIDGroup,PID)
CommandLine = sz(a) text($AppCmdLine)

[Product_Events_Report_Verdict]
@               = sz(p) rs(40) text($VerdictText) group(Verdict) filter(auto,$VerdictDescrText,Product_Events_Report_Verdict_Filter) extprm(1)
Descr           = sz(a) text($VerdictDescrText) extprm(1)
DetectType      = sz(a) text($DetectTypeText) group(DetectType) filter(auto) extprm(1)
DetectName      = sz(a) text($DetectNameText) group(DetectName) filter(auto) extprm(1)
DetectDanger    = sz(a) text($DetectDangerText) group(DetectDanger) filter(auto) extprm(1)
Exact           = sz(a) text($ExactText) group(IsExact) filter(auto) extprm(1)

[Product_Events_Report_Object]
@       = sz(p) rs(60) text($ObjectText) i($ObjectIcon) group(ObjectType) filter(auto,$ObjectTypeText,Product_Events_Report_Object_Filter) extprm(1)
Type    = sz(60) text($ObjectTypeText) i($ObjectIcon) group(ObjectType) filter(auto) extprm(1)
Path    = sz(a) text($ObjectPathText)
Name    = sz(a) text($ObjectNameText)

[Product_Events_Report_OldObject]
@       = sz(p) rs(60) text($OldObjectText) at(nosort) i($OldObjectIcon) group(ObjectType) filter(auto,$ObjectTypeText,Product_Events_Report_Object_Filter) use(0) extprm(1)
Type    = sz(60) text($ObjectTypeText) i($OldObjectIcon) group(ObjectType) filter(auto) extprm(1)
Path    = sz(a) text($OldObjectPathText) at(nosort)
Name    = sz(a) text($OldObjectNameText) at(nosort)

[Product_Events_Report_Ex]
@       = sz(p,p) ext(1)
Report  = [Product_Events_Report]

[Product_Events_Report_Save]
@ = [EditSimpleItem] onok(l_combo.add(ctl.Name.value,ctl.Name.value)) subst(Example(use(0))) ext(1)

[Product_Events_Report_Menu]
$ForASMail      = TaskID==#eTASK_AS && ObjectType==#eMailMessage
$ForAB          = TaskID==#eTASK_AB && ObjectType==#eURL
$GotoFileVirt = exec(env("ProductRoot").addPath("sbstart.exe"), f_getSandboxIdFromPath($ObjectRealText) + " \"iexplore\" -new -e " + objdir($ObjectText))
$GotoFileReal = if(!gotofile($ObjectText), msg("CantOpenFolder"))
@               = t(menu) bg("MenuIconBg")
ASDetails       = at(default) use($ForASMail) onclick(dialog("AntiSpam_MailDetails"))
ASMarkAsSpam    = use($ForASMail) onclick(ctl.Report.antispam_action(0))
ASMarkAsHam     = use($ForASMail) onclick(ctl.Report.antispam_action(1))
ASAddToWL       = use($ForASMail) onclick(ctl.Report.antispam_action(2))
ASAddToBL       = use($ForASMail) onclick(ctl.Report.antispam_action(3))
ABAllow         = use($ForAB) enable(DetectName) onclick(ctl.Report.antibanner_allow())
sep
MakeFilter
MakeGroup
sep
ClearFilters
ClearGroup
sep
Expand          = visible(isNode && !isExpanded)
Collapse        = visible(isNode && isExpanded)
CollapseAll     = visible(isNode)
sep
Copy
SelectAll
sep
GotoFile        = enable(ObjectType==#eFile) onclick( if(PID && PID != #PIDProduct && PID != #PIDSystem && f_isSandboxed(PID),$GotoFileVirt,$GotoFileReal) ) use(!$IsRD)

;all events see in 'enVerdict'
[Product_Events_Report_Verdict_Filter]
CLEAN               = v(#eCLEAN)     use($GVF_AV)
ARCHIVED            = v(#eARCHIVED)  use($GVF_AV)
PACKED              = v(#ePACKED)      use($GVF_AV)
;ENCRYPTED             = v(#eENCRYPTED) use($GVF_AV)
CORRUPTED           = v(#eCORRUPTED) use($GVF_AV)
DETECTED            = v(#eDETECTED)
ALLOWED             = v(#eALLOWED)   use($GVF_NOT_SCAN)
DENIED              = v(#eDENIED)    use($GVF_NOT_SCAN)
REJECTED            = v(#eREJECTED)  use($GVF_NOT_SCAN)
NOT_PROCESSED       = v(#eNOT_PROCESSED)      use($GVF_AV)
PASSWORD_PROTECTED  = v(#ePASSWORD_PROTECTED) use(!($GVF_NOT_SCAN))
PROCESSING_ERROR    = v(#ePROCESSING_ERROR)   use($GVF_AV)
ADDEDTOEXCLUDE      = v(#eADDEDTOEXCLUDE)     use($GVF_NOT_CF)
Cure                = [Product_Events_Report_Verdict_Filter_Cure] use($GVF_NOT_CF)
Task                = [Product_Events_Report_Verdict_Filter_Task] use($GVF_NOT_SCAN)
ProdState           = [Product_Events_Report_Verdict_Filter_Prod] use(ctl.Report.value == #eTASK_GROUP_PROTECTION)

;see s_ProdState
[Product_Events_Report_Verdict_Filter_Prod]
ProdState1               = v(#ePROTECTION + #ProdStateProductNotActivated)
ProdState2               = v(#ePROTECTION + #ProdStateProductNotProtected)
ProdState3               = v(#ePROTECTION + #ProdStateKeyAboutExpiration)
ProdState4               = v(#ePROTECTION + #ProdStateKeyExpired)
ProdState5               = v(#ePROTECTION + #ProdStateKeyWillBeExpired)
ProdState6               = v(#ePROTECTION + #ProdStateKeyTrialExpired)
ProdState7               = v(#ePROTECTION + #ProdStateKeyBlocked)
ProdState8               = v(#ePROTECTION + #ProdStateNoKeys)
ProdState9               = v(#ePROTECTION + #ProdStateKeyWaitActivation)
ProdState10               = v(#ePROTECTION + #ProdStateKeyInvalid)
ProdState11               = v(#ePROTECTION + #ProdStateKeyLimited)
ProdState12               = v(#ePROTECTION + #ProdStateKeyGracePeriod)
ProdState13               = v(#ePROTECTION + #ProdStateKeyUpdateFailed)
ProdState14               = v(#ePROTECTION + #ProdStateKeySuspended)
ProdState15               = v(#ePROTECTION + #ProdStateHighRiskTasksNotRunning)
ProdState16               = v(#ePROTECTION + #ProdStateTasksNotRunning)
ProdState17               = v(#ePROTECTION + #ProdStateTasksMalfunction)
ProdState18               = v(#ePROTECTION + #ProdStateHighRiskTasksDisabled)
ProdState19               = v(#ePROTECTION + #ProdStateTasksDisabled)
ProdState20               = v(#ePROTECTION + #ProdStateProtectionSafeMode)
ProdState21               = v(#ePROTECTION + #ProdStateProtectionNotInstalled)
ProdState22               = v(#ePROTECTION + #ProdStateBasesNotValid)
ProdState23               = v(#ePROTECTION + #ProdStateBasesOutOfDate)
ProdState24               = v(#ePROTECTION + #ProdStateBasesNotActual)
ProdState25               = v(#ePROTECTION + #ProdStateUpdateNeedReboot)
ProdState26               = v(#ePROTECTION + #ProdStateBasesCorrupted)
ProdState27               = v(#ePROTECTION + #ProdStateOnDemandTaskRunning)
ProdState28               = v(#ePROTECTION + #ProdStateProtectionNotRunning)
ProdState29               = v(#ePROTECTION + #ProdStateProtectionDisabled)
ProdState30               = v(#ePROTECTION + #ProdStateThreatsMalwareUntreated)
ProdState31               = v(#ePROTECTION + #ProdStateThreatsRiskwareUntreated)
ProdState32               = v(#ePROTECTION + #ProdStateBasesCacheResizeFail)


[Product_Events_Report_Verdict_Filter_Cure]
DISINFECTED                 = v(#eDISINFECTED) use($GVF_AV)
DELETED                     = v(#eDELETED)     use($GVF_AV)
OVERWRITED                  = v(#eOVERWRITED)  use($GVF_AV)
QUARANTINED                 = v(#eQUARANTINED)
TERMINATED                  = v(#eTERMINATED)  use($GVF_HIPS)
RESTORED                    = v(#eRESTORED)    use($GVF_AV)
RENAMED                     = v(#eRENAMED)     use($GVF_AV)
BACKUPED                    = v(#eBACKUPED)    use($GVF_AV)
REPARED                     = v(#eREPARED)     use($GVF_AV)
ROLLBACKED                  = v(#eROLLBACKED)  use($GVF_HIPS)
NOT_DISINFECTED             = v(#eNOT_DISINFECTED)  use($GVF_AV)
NOT_DELETED                 = v(#eNOT_DELETED)      use($GVF_AV)
NOT_QUARANTINED             = v(#eNOT_QUARANTINED)
NOT_RENAMED                 = v(#eNOT_RENAMED)      use($GVF_AV)
TERMINATE_FAILED            = v(#eTERMINATE_FAILED) use($GVF_HIPS)
ROLLBACK_FAILED             = v(#eROLLBACK_FAILED)  use($GVF_HIPS)
BACKUP_FAILED               = v(#eBACKUP_FAILED)    use($GVF_AV)
REPAIR_FAILED               = v(#eREPAIR_FAILED)    use($GVF_AV)
DISINFECTED_ON_REBOOT       = v(#eDISINFECTED_ON_REBOOT) use($GVF_AV)
DELETED_ON_REBOOT           = v(#eDELETED_ON_REBOOT)     use($GVF_AV)
QUARANTINED_ON_REBOOT       = v(#eQUARANTINED_ON_REBOOT) use($GVF_AV)
DISINFECT_ON_REBOOT_FAILED  = v(#eDISINFECT_ON_REBOOT_FAILED) use($GVF_AV)
DELETE_ON_REBOOT_FAILED     = v(#eDELETE_ON_REBOOT_FAILED)    use($GVF_AV)

[Product_Events_Report_Verdict_Filter_Task]
DISABLED        = v(#eDISABLED) use(!ctl.Report.value)
TASK_STARTED    = v(#eTASK_STARTED)
TASK_STOPPED    = v(#eTASK_STOPPED)
TASK_FAILED     = v(#eTASK_FAILED)
TASK_COMPLETED  = v(#eTASK_COMPLETED)

[Product_Events_Report_Action_Filter]
Open    = v(#evtOpen)
Create  = v(#evtCreate)
Read    = v(#evtRead)
Write   = v(#evtWrite)
Delete  = v(#evtDelete)
Rename  = v(#evtRename)
Process = [Product_Events_Report_Action_Filter_Process]
Data    = [Product_Events_Report_Action_Filter_DataAccess]
System  = [Product_Events_Report_Action_Filter_System]

[Product_Events_Report_Reason_Filter]
User                            = v(#eUSER)
ReportOnly                      = v(#eREPORTONLY)
Postponed                       = v(#ePOSTPONED)
TaskStopped                     = v(#eTASKSTOPPED)
Error                           = v(#eERROR)
Database                        = v(#eDATABASE)                                    use($GVF_UC)
WhiteList                       = v(#eWHITE_LIST)                                use($GVF_UC)
UserBlackList                   = v(#eUSER_BLACK_LIST)                            use($GVF_UC)
UserWhiteList                   = v(#eUSER_WHITE_LIST)                            use($GVF_UC)
Emulator                        = v(#eEMULATOR)
BB                              = v(#eBB)
Heuristic                       = v(#eHEURISTIC)                                use($GVF_UC)
Bayes                           = v(#eBAYES)                                    use($GVF_UC)
GSG                             = v(#eGSG)                                        use($GVF_UC)
PDB                             = v(#ePDB)                                        use($GVF_UC)
RecentTerms                     = v(#eRECENTTERMS)                                use($GVF_UC)
SFDB                            = v(#eSFDB)                                        use($GVF_AV)
ISWIFT                          = v(#eISWIFT)                                    use($GVF_AV)
UNCHANGED                       = v(#eUNCHANGED)                                use($GVF_AV)
KSN                             = v(#eKSN)                                        use($GVF_AV)
AllowedSender                   = v(#eALLOWED_SENDER)                            use($GVF_UC)
BlockedSender                   = v(#eBLOCKED_SENDER)                            use($GVF_UC)
AllowedPhrase                   = v(#eALLOWED_PHRASE)                            use($GVF_UC)
BlockedPhrase                   = v(#eBLOCKED_PHRASE)                            use($GVF_UC)
DetectByHash                    = v(#eDETECT_BYHASH)
DetectInformation               = v(#eDETECT_INFORMATION)
Size                            = v(#eSIZE)
Type                            = v(#eTYPE)
Exclude                         = v(#eEXCLUDE)
Time                            = v(#eTIME)
NoRights                        = v(#eNORIGHTS)                                    use($GVF_AV)
NotFound                        = v(#eNOTFOUND)                                    use($GVF_AV)
Locked                          = v(#eLOCKED)                                    use($GVF_AV)
Noncurable                      = v(#eNONCURABLE)                                use($GVF_AV)
WriteProtect                    = v(#eWRITEPROTECT)                                use($GVF_AV)
Nonoverwritable                 = v(#eNONOVERWRITABLE)                            use($GVF_AV)
CopyFailed                      = v(#eCOPYFAILED)                                use($GVF_AV)
WriteError                      = v(#eWRITEERROR)
OutOfSpace                      = v(#eOUTOFSPACE)
ReadError                       = v(#eREADERROR)
DeviceNotReady                  = v(#eDEVICENOTREADY)
WriteNotSupported               = v(#eWRITENOTSUPPORTED)
CannotBackup                    = v(#eCANNOTBACKUP)                                use($GVF_AV)
AddedToWhiteRecipient           = v(#eANTISPAM_AddedToWhiteRecipient)            use($GVF_UC)
HasBeenTrained                  = v(#eANTISPAM_HasBeenTrained)                    use($GVF_UC)
Training                        = v(#eANTISPAM_Training)                        use($GVF_UC)
NeedTraining                    = v(#eANTISPAM_NeedTraining)                    use($GVF_UC)
WhiteAddress                    = v(#eANTISPAM_WhiteAddress)                    use($GVF_UC)
BlackAddress                    = v(#eANTISPAM_BlackAddress)                    use($GVF_UC)
WhiteString                     = v(#eANTISPAM_WhiteString)                        use($GVF_UC)
BlackString                     = v(#eANTISPAM_BlackString)                        use($GVF_UC)
AntiFishing                     = v(#eANTISPAM_AntiFishing)                        use($GVF_UC)
WhiteAddressNotFound            = v(#eANTISPAM_WhiteAddress_NOTFOUND)            use(0)
WhiteStringNotFound             = v(#eANTISPAM_WhiteString_NOTFOUND)            use(0)
MailDispatcher                  = v(#eANTISPAM_MailDispatcher)                    use($GVF_UC)
Eicar                           = v(#eANTISPAM_Eicar)                            use($GVF_UC)
Banner                          = v(#eANTISPAM_Banner)                            use($GVF_UC)
InvalidHTML                     = v(#eANTISPAM_InvalidHTML)                        use($GVF_UC)
ExternalObj                     = v(#eANTISPAM_ExternalObj)                        use($GVF_UC)
InternalObj                     = v(#eANTISPAM_InternalObj)                        use($GVF_UC)
EmptyMessage                    = v(#eANTISPAM_EmptyMessage)                    use($GVF_UC)
NotForMe                        = v(#eANTISPAM_NotForMe)                        use($GVF_UC)
NotEnglish                      = v(#eANTISPAM_NotEnglish)                        use($GVF_UC)
RecipLimit                      = v(#eANTISPAM_RecipLimit)                        use($GVF_UC)
RecipLimitNotFound              = v(#eANTISPAM_RecipLimit_NOTFOUND)                use($GVF_UC)
InvalidHTML_UnknownDefsCount    = v(#eANTISPAM_InvalidHTML_UnknownDefsCount)    use($GVF_UC)
InvalidHTML_SeemsColors         = v(#eANTISPAM_InvalidHTML_SeemsColors)            use($GVF_UC)
InvalidHTML_SmallText           = v(#eANTISPAM_InvalidHTML_SmallText)            use($GVF_UC)
InvalidHTML_InvisibleCharCount  = v(#eANTISPAM_InvalidHTML_InvisibleCharCount)    use($GVF_UC)
InvalidHTML_Scripts             = v(#eANTISPAM_InvalidHTML_Scripts)                use($GVF_UC)
InvalidHTML_HiddenElements      = v(#eANTISPAM_InvalidHTML_HiddenElements)        use($GVF_UC)
CannotBeSpam                    = v(#eANTISPAM_CannotBeSpam)                    use($GVF_UC)
SpamTest                        = v(#eANTISPAM_SPAMTEST)                        use($GVF_UC)

[Product_Events_Report_Action_Filter_Process]
ProcessStart    = v(#evtProcessStart)
ProcStart       = v(#evtProcStart)
ProcessStop     = v(#evtProcessStop)
ProcStop        = v(#evtProcStop)
ImageLoad       = v(#evtImageLoad)
ImageUnload     = v(#evtImageUnload)
Terminate       = v(#evtTerminate)
ReadProcMem     = v(#evtReadProcMem)
SetHook         = v(#evtSetHook)
CodeInject      = v(#evtCodeInject)
Suspend         = v(#evtSuspend)
AddAppToGr      = v(#evtAddAppToGr)

[Product_Events_Report_Action_Filter_DataAccess]
Send                = v(#evtSend)
Receive             = v(#evtReceive)
WMSend              = v(#evtWMSend)
LLDiskAccess        = v(#evtLLDiskAccess)
LLFSAccess          = v(#evtLLFSAccess)
ADSAccess           = v(#evtADSAccess)
DirectMemAccess     = v(#evtDirectMemAccess)
ClipBoardAcceess    = v(#evtClipBoardAcceess)

[Product_Events_Report_Action_Filter_System]
SelfStart           = v(#evtSelfStart)
WindowsShutDown     = v(#evtWindowsShutDown)
HiddenRegistry      = v(#evtHiddenRegistry)
KeyLogger           = v(#evtKeyLogger)
SetHardLink         = v(#evtSetHardLink)
SchedulerStart      = v(#evtSchedulerStart)
DrvStart            = v(#evtDrvStart)
ServiceStart        = v(#evtServiceStart)
ScreenShots         = v(#evtScreenShots)
CriticalCOMAccess   = v(#evtCriticalCOMAccess)
UseBrowserCL        = v(#evtUseBrowserCL)
UseBrowserAPI       = v(#evtUseBrowserAPI)
UseDNS              = v(#evtUseDNS)
UseBITS             = v(#evtUseBITS)
SetDbgPrivilege     = v(#evtSetDbgPrivilege)
ChangeObjPrivilege  = v(#evtChangeObjPrivilege)
ShellWindowsAcceess = v(#evtShellWindowsAcceess)
UserAccountAccess   = v(#evtUserAccountAccess)

[Product_Events_Report_Object_Filter]
File        = v(#eFile)
Directory   = v(#eDirectory)   use($GVF_HIPS)
RegKey      = v(#eRegKey)      use($GVF_HIPS)
RegValue    = v(#eRegValue)    use($GVF_HIPS)
Process     = v(#eProcess)     use($GVF_HIPS)
Thread      = v(#eThread)      use($GVF_HIPS)
Module      = v(#eModule)      use($GVF_HIPS)
LogSector   = v(#eLogSector)   use($GVF_AV)
PhysSector  = v(#ePhysSector)  use($GVF_AV)
Memory      = v(#eMemory)      use($GVF_AV)
MailMessage = v(#eMailMessage) use($GVF_AV)
MailAttach  = v(#eMailAttach)  use($GVF_AV)
PagerData    = v(#ePagerData)   use($GVF_AV)
URL         = v(#eURL)         use($GVF_NOT_SCAN)
Script      = v(#eScript)      use($GVF_NOT_SCAN)
Port        = v(#ePort)        use($GVF_HIPS)
Connection  = v(#eConnection)  use($GVF_HIPS)
Packet      = v(#ePacket)      use($GVF_HIPS)
DialStr     = v(#eDialStr)     use($GVF_OS)
Task        = v(#eTask)        use($GVF_NOT_SCAN)

;--------------------------------------------

[Product_Scan_Statistics_List]
$ObjectPath = c_object(ObjectId, object(ObjectId))
@           = $List alias(scanstat) refresh(100) a(la) ext(1) extprm(1)
Object      = at(fixedpos) text(ObjectType == #eFile ? objfile($ObjectPath) : s_ObjectType(ObjectType)) ia(lc) i(s_ObjectTypeIcon(ObjectType, $ObjectPath, #true, #true)) sz(150) extprm(1)
Time        = text(timestamp(TimeSpend/1000)) sz(a) a(r) sort(TimeSpend)
Scaned      = [Product_Scan_Statistics_List_Scaned]
Detected    = text(Detected) sz(a) a(r)
row         = bg(if(Flags & 1,"EventWarn")) f(((Flags & 2) && isExpanded) ? "Normal_Bold" : "Normal")

[Product_Scan_Statistics_List_Scaned]
@               = text(Scaned) sz(a) a(r)
Scaned          = text(Scaned) sz(a) a(r)
Archived        = text(Archived) sz(a) a(r)
Packed          = text(Packed) sz(a) a(r)
PswProtected    = text(PswProtected) sz(a) a(r)
Corrupted       = text(Corrupted) sz(a) a(r)
ScanErrors      = text(ScanErrors) sz(a) a(r)

[Product_Statistics_List]
@       = $List alias(blstat) at(nosearch) prm(#dbStatistics) refresh(500) a(la) group(dateonly,dategroup(Date),default) ext(1) extprm(1)
Counter = at(fixedpos) ia(lc) sz(240) group(CounterItem,Counter,default) sort(s_RepDetectType(Counter),sortdown) extprm(1)
Blocked = text(Blocked) a(r) sz(60) extprm(1)
Total   = text(Total) a(r) sz(60) extprm(1)
row     = f(depend(!level) ? "Normal_Bold" : "Normal")

;--------------------------------------------

Can someone tell me what this is.

My System SpecsSystem Spec
.

19 May 2011   #2
Xhi

Windows 7 Ultimate 64-bit / Ubuntu Linux 11.04
 
 

This might be a false positive from Kaspersky. Just to make sure, could you try a second opinion scanner? Try downloading Malwarebytes : Free anti-malware, anti-virus and spyware removal download and see what it says. Make sure to do a full scan.
My System SpecsSystem Spec
20 May 2011   #3

Windows 8 Pro
 
 

Yes I did these scans also.

Malwarebytes full scan

SUPERAntiSpyware full scan


Kaspersky full scan and nothing came up.

I did download and ran a Keylogger detector and this came up lol


Attached Thumbnails
Keylogger issue-keylogger.png  
My System SpecsSystem Spec
.


20 May 2011   #4

ultimate 64 sp1
 
 

i think the key word in "behavior similar to keylogger detected" is similar.

i've noticed kaspersky doing this when i start certain games.

i forget now exactly, but if you click on the arrow and select 'hide this notification' (or something like that) then you won't get bothered by that particular warning for that particular 'problem' software again.

looks like you're clean!
My System SpecsSystem Spec
20 May 2011   #5

Windows 8 Pro
 
 

Thanks guys
My System SpecsSystem Spec
20 May 2011   #6

Windows 8 Pro
 
 

I am running ESET Online scanner and so far its showing 3 infections (Win32/ ADWARE. ADON ). Just have to wait till its done to see what else comes up.
My System SpecsSystem Spec
Reply

 Keylogger issue




Thread Tools



Similar help and support threads for2: Keylogger issue
Thread Forum
Solved Detecting keylogger System Security
Solved Spyware, keylogger? System Security
stop the keylogger Software
Keylogger question. System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 04:37 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33