Keystroke Logger, No disinfected

AVG doesn't see anything. Trend Micro doesn't see anything, Spybot and ad-aware don't see anything eather. When I scan for virus's useing Panda, it says I have a "Keystroke logger." After I try to get rid of it, It says status as, "No disinfected. "



Virus is: "Application/Restart" and is in, "C:\WINDOWS\system32\Tools\Restart.exe "

What should I do? Who is logging my keystrokes? Thank you,
Chris.

 

Hello Chris,

Until someone else chimes in, this sounds like a Panda false positive.

Some references: http://delphi.about.com/cs/adptips2001/a/bltip0601_2.htm

http://docs.hp.com/en/T1396AA/ch03.html

You can do further research by googling on Application/Restart

To get 2nd and 3rd opinions, try RAV online scanner
at the Quick Links > Recommended links at the top of this page and download/install Ewido anti-trojan (free scanner version) here http://www.ewido.net/en/?section=downloads

Regards - Charles

 

That is a legitimate file, but there is a twist to it. Right click on it, and select Properties, then click on the Version tab. Mine (XP SP2) is "1.0.1.3 ", the twist about it is down where it says 'Other version information' click on Language, it should say Chinese (Taiwan). The copyright belongs to "Copyright(C) Liter Liu 2002 ".
I would say it is a false positive if you have the above info.

 

Everything checks out just like yours. Wonder if Panda does this so people think there's is better? How does it do a false positive? Eather it's infected or it isn't? Thank you for the help. Chris.

 

Hi Chris,

How does it do a false positive? Eather it's infected or it isn't?
AV's use heuristics not just malware signitures and sometimes that will lead to false positives.

Regards - Charles

 

Ewido looks like a good program. Do I need ewido, spybot, ad-aware on the same machine?
I got a new HD and will do a clean install on everything. I'm wondering what programs I should load on my new drive. Thanks,
Chris.

 

Hi Chris,

I certainly would and do.

I don't run the resident parts of these programs - just the scanners. For someone that plans to run any of the realtime blockers that all three offer (Spybot is free - Teatimer), then that becomes more complicated. At the very least, it'll slow you if runing more than one and always the chance for conflicts. In that case, one resident and the rest as on-demand scanners.

One program that complements Spybot's resident teatimer is Spywareblaster by Javacool http://www.javacoolsoftware.com/spywareblaster.html and the forum here: http://www.wilderssecurity.com/forumdisplay.php?f=23

One more app: MS AntiSpyware http://www.microsoft.com/downloads/...a8bd-dbf62eda9671&displaylang=en&Hash=5BMW635 Also has a resident option. Based on current tests, this program is currently the best of the freeware anti-malware apps.

None of the programs mentioned replace ewido, which is a dedicated anti-trojan.

Regards - Charles