Possible false positive, need help

[Nums]

This site: http://dewasoft.com/privacy/i-hate-keyloggers.htm

"I hate Keyloggers" supposedly helps protect your computer from keyloggers. Avast say its a virus, but iv tried it with a few others and some say it is, other say it isnt, pretty much 50/50.

So could anyone please give me any confirmation if its safe or not.

Thanks! :>

[DavidR]

Well DrWeb link checker doesn't find anything on the i-hate-keyloggers.zip file.

The problem with tools like keyloggers is they can be used for good or evil and avast can't determine which.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.

avast is not alone in detecting this, avast and 13 other scanners thought the same but to varying degrees some felt it riskware others recognised it for what it was a monitor/keylogger

File i-hate-keyloggers.exe received on 12.05.2007 15:47:21 (CET)
Antivirus   Version   Last Update   Result
AhnLab-V3   2007.12.5.0   2007.12.05   -
AntiVir   7.6.0.34   2007.12.05   -
Authentium   4.93.8   2007.12.05   -
Avast   4.7.1098.0   2007.12.05   Win32:Trojan-gen {Other}
AVG   7.5.0.503   2007.12.05   -
BitDefender   7.2   2007.12.05   Spyware.Keylogger.W
CAT-QuickHeal   9.00   2007.12.05   Monitor.KeyLogger.w (Not a Virus)
ClamAV   0.91.2   2007.12.05   -
DrWeb   4.44.0.09170   2007.12.05   -
eSafe   7.0.15.0   2007.12.04   Win32.MoSucker.30.f
eTrust-Vet   31.3.5353   2007.12.05   -
Ewido   4.0   2007.12.04   -
FileAdvisor   1   2007.12.05   High threat detected
Fortinet   3.14.0.0   2007.12.05   Keylog/KeyLogger
F-Prot   4.4.2.54   2007.12.05   W32/Monitor.ADA
F-Secure   6.70.13030.0   2007.12.05   -
Ikarus   T3.1.1.12   2007.12.05   Backdoor.Win32.Mosuck.06
Kaspersky   7.0.0.125   2007.12.05   not-a-virus:Monitor.Win32.KeyLogger.w
McAfee   5177   2007.12.04   -
Microsoft   1.3007   2007.12.05   -
NOD32v2   2704   2007.12.05   -
Norman   5.80.02   2007.12.04   -
Panda   9.0.0.4   2007.12.04   Trj/Keylog.LH
Prevx1   V2   2007.12.05   -
Rising   20.21.20.00   2007.12.05   -
Sophos   4.24.0   2007.12.05   I Hate KeyLogger AntiKeylogger
Sunbelt   2.2.907.0   2007.12.05   VIPRE.Suspicious
Symantec   10   2007.12.05   -
TheHacker   6.2.9.150   2007.12.05   Aplicacion/KeyLogger.w
VBA32   3.12.2.5   2007.12.04   -
VirusBuster   4.3.26:9   2007.12.05   -
Webwasher-Gateway   6.6.2   2007.12.05   Riskware.KeyLogger.W.1
Additional information
File size: 195584 bytes
MD5: d35dcf2476d8ef4d1f570bfc04f74701

If nothing else the malware name given for it could be different rather than just trojan-gen, one that has [tool] at the end perhaps. I think you should submit it to avast.

Send the sample to virus@avast.com zipped and password protected with the password in email body and false positive in the subject. Give a brief description of the problem and possibly a link to this topic.

[Lisandro]

Hmmm... the program is not shown on the RogueRemover database...
The closer is IHateAdware. Although, RogueRemover is not specialized on keyloggers but on spyware/adware tools.

[Nums]

If nothing else the malware name given for it could be different rather than just trojan-gen, one that has [tool] at the end perhaps. I think you should submit it to avast.

Send the sample to virus@avast.com zipped and password protected with the password in email body and false positive in the subject. Give a brief description of the problem and possibly a link to this topic.

How do i put a password on a zip file?

Sorry for the noobness, havnt really had this problem in the past >.<

[DavidR]

It depends on what your zip program is ?

I use 7zip so that is likely to be different and it is so easy, right click on the file you want to zip, select Ad to Archive and when the window pops-up you can change the settings and include a password.

If you aren't using 7zip see if your zip program's help file can help.

Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

[Nums]

It depends on what your zip program is ?

I use 7zip so that is likely to be different and it is so easy, right click on the file you want to zip, select Ad to Archive and when the window pops-up you can change the settings and include a password.

If you aren't using 7zip see if your zip program's help file can help.

Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

I just use the zip program that windows comes with. I also have WinRar and mostly use that.
I sent it through the chest auto email. Do you know if they reply back with the findings?

[DavidR]

I'm not sure if the windows zip function allows for password protection, winRAR does, but I have never used it, sending from the chest gets round that problem as avast encrypts the sample.

Normally there is no reply unless they require further information.

[Nums]

Normally there is no reply unless they require further information.

Ah k :< Well, thanks for your help.

[DavidR]

No problem, welcome to the forums.