Other > Viruses and worms
Possible false positive, need help
Nums:
This site: http://dewasoft.com/privacy/i-hate-keyloggers.htm
"I hate Keyloggers" supposedly helps protect your computer from keyloggers. Avast say its a virus, but iv tried it with a few others and some say it is, other say it isnt, pretty much 50/50.
So could anyone please give me any confirmation if its safe or not.
Thanks! :>
DavidR:
Well DrWeb link checker doesn't find anything on the i-hate-keyloggers.zip file.
The problem with tools like keyloggers is they can be used for good or evil and avast can't determine which.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.
avast is not alone in detecting this, avast and 13 other scanners thought the same but to varying degrees some felt it riskware others recognised it for what it was a monitor/keylogger
--- Quote ---File i-hate-keyloggers.exe received on 12.05.2007 15:47:21 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.12.5.0 2007.12.05 -
AntiVir 7.6.0.34 2007.12.05 -
Authentium 4.93.8 2007.12.05 -
Avast 4.7.1098.0 2007.12.05 Win32:Trojan-gen {Other}
AVG 7.5.0.503 2007.12.05 -
BitDefender 7.2 2007.12.05 Spyware.Keylogger.W
CAT-QuickHeal 9.00 2007.12.05 Monitor.KeyLogger.w (Not a Virus)
ClamAV 0.91.2 2007.12.05 -
DrWeb 4.44.0.09170 2007.12.05 -
eSafe 7.0.15.0 2007.12.04 Win32.MoSucker.30.f
eTrust-Vet 31.3.5353 2007.12.05 -
Ewido 4.0 2007.12.04 -
FileAdvisor 1 2007.12.05 High threat detected
Fortinet 3.14.0.0 2007.12.05 Keylog/KeyLogger
F-Prot 4.4.2.54 2007.12.05 W32/Monitor.ADA
F-Secure 6.70.13030.0 2007.12.05 -
Ikarus T3.1.1.12 2007.12.05 Backdoor.Win32.Mosuck.06
Kaspersky 7.0.0.125 2007.12.05 not-a-virus:Monitor.Win32.KeyLogger.w
McAfee 5177 2007.12.04 -
Microsoft 1.3007 2007.12.05 -
NOD32v2 2704 2007.12.05 -
Norman 5.80.02 2007.12.04 -
Panda 9.0.0.4 2007.12.04 Trj/Keylog.LH
Prevx1 V2 2007.12.05 -
Rising 20.21.20.00 2007.12.05 -
Sophos 4.24.0 2007.12.05 I Hate KeyLogger AntiKeylogger
Sunbelt 2.2.907.0 2007.12.05 VIPRE.Suspicious
Symantec 10 2007.12.05 -
TheHacker 6.2.9.150 2007.12.05 Aplicacion/KeyLogger.w
VBA32 3.12.2.5 2007.12.04 -
VirusBuster 4.3.26:9 2007.12.05 -
Webwasher-Gateway 6.6.2 2007.12.05 Riskware.KeyLogger.W.1
Additional information
File size: 195584 bytes
MD5: d35dcf2476d8ef4d1f570bfc04f74701
--- End quote ---
If nothing else the malware name given for it could be different rather than just trojan-gen, one that has [tool] at the end perhaps. I think you should submit it to avast.
Send the sample to virus@avast.com zipped and password protected with the password in email body and false positive in the subject. Give a brief description of the problem and possibly a link to this topic.
Lisandro:
Hmmm... the program is not shown on the RogueRemover database...
The closer is IHateAdware. Although, RogueRemover is not specialized on keyloggers but on spyware/adware tools.
Nums:
--- Quote from: DavidR ---If nothing else the malware name given for it could be different rather than just trojan-gen, one that has [tool] at the end perhaps. I think you should submit it to avast.
Send the sample to virus@avast.com zipped and password protected with the password in email body and false positive in the subject. Give a brief description of the problem and possibly a link to this topic.
--- End quote ---
How do i put a password on a zip file?
Sorry for the noobness, havnt really had this problem in the past >.<
DavidR:
It depends on what your zip program is ?
I use 7zip so that is likely to be different and it is so easy, right click on the file you want to zip, select Ad to Archive and when the window pops-up you can change the settings and include a password.
If you aren't using 7zip see if your zip program's help file can help.
Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
Navigation
[0] Message Index
[#] Next page
Go to full version