Hi, hoping some has an idea on this one. I normally use TDS-3 to scan for trojans. I had stopped using Pest Patrol simply because it was failing to up date and because of it's limitations. Anyway, I own the thing so I decide to give it another whirl and discovered that my problem was that I needed to update to the new version 4.0.

So I ran it didn't find much. But later while after a restart it's memory check function found a file called SSSensor.DLL (C:\Winnt\System 32) monitoring the activity on my keyboard. I checked the properties for this file and found that it was last modified on 9/11/2002. Now, I first thought is maybe it's a keylogger. It had not been found by either Anti-Keylogger or S&D. The next thought was maybe it was part of the drivers for my Microsoft Office Keyboard. A response from a Microsoft product support person denied this option (e-mail attached below).

Has anyone heard of this? I don't want to remove it if it is not a bug and turns out to be necessary for one my apps.

Thanks

E-mail from Microsoft Support:
Hello Luthor,

Thank you for contacting Microsoft Online Support.

I am Jayanta from Microsoft Hardware Support, and I will be helping you with this issue.

I understand that you have Office Keyboard installed on a Windows 2000 based system. On your system, Pest Patrol 4 detected a program monitoring the keyboard but did not match it to a known Trojan / key logger. The DLL is named SSSensor.DLL.

Luthor, the file you have mentioned is not a part of the IntelliType installation.

Please let me know whether the above information addresses your concern.

I will be looking forward to your response.

Thank you for using Online Support!

Jayanta B,
Microsoft Technical Support
<http://www.microsoft.com/support>

hey Luthorcrow, have you tried asking David or Shirlz at Pestpatrol what they think it is , they may have an idea , kind regards , robert

Luhtorcrow,

This .dll is (also?) part of the Sygate Personal Firewall. Any chance you are running this one, having some sort of "check for updates" enabled?

Anyway, since you are running TDS, just copy and the file and send it to DCS for examination, to be on the sure side.

regards.

paul

Hello Luthorcrow,

Paul is right, sssensor.dll is used by Sygate Firewall.

i actually have 4 instances of this .dll
2 in my my Documents & Settings' Temp folder
1 in my Windows-->Systems32 folder
1 in my ProgramFiles-->Sygate-->SPF-->Netport folder

the date of modification of the dll you have is also the same date of modification of the dll i have in my ProgramFiles folder (above), the others were modified back in April/02 (i believe that was when i first installed Sygate Personal Firewall) with one of them even dating back to Oct/01...long before i got this computer.

if you check the properties of the dll file i think you will probably see it listed as ScreenSaver Sensor, and in Sygate's "Options", there is a box there that one can click under ScreenSaverMode to "block Network Neighbourhood Traffic while in screensaver mode".

i wonder if when that box is check-marked that that is what might be causing it to appear as "checking" the keyboard since when the keyboard is inactive for a period of time, the screensaver comes on and Sygate kicks in? (just a thought) i do have it checked myself. :)

i hope the above might help but it's always best to scan and watch any activity out of the normal...especially when working with new applications.

best regards,

snap

;DGreat. That explains that. I don't believe that I have the block all when screensaver is active action ticked but then maybe that .dll is active whether you are using the option or not. But I do have auto update ticked.

I was guessing it was a false positive.

Thanks for the responses.