aksrvnt.exe

Discussion in 'other anti-malware software' started by controler, Jul 7, 2002.

Thread Status:
Not open for further replies.
  1. controler

    controler Guest

    Anybody else get this detection with TDS-3 after installing
    Anti-Keylogger ?

    aksrvnt.exe positive identification possible Keylogger


    :rolleyes:
     
  2. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    I'm sure I didn't get it last time I scanned (I had already installed the latest version of AKL), but I'll check it again. Pete

    *Did you have AKL running at the time of the scan?
     
  3. controler

    controler Guest

    Hi

    I get an error from Anti-Keylogger everytime I boot up
    I sent the report to their support but won't hear back till next weel I
    am sure. I just installed it today. Thisn is the same company that produces about 3 keyloggers themselves.
    Just wondering if it is a false possitive or not.
    I am not sure yet they are trying to start up on boot.
    TDS is telling me my run reg has changed though.
    oh oh
     
  4. controler

    controler Guest

    Even though I didn't not start up Antikeylogger

    Windows Task Manager - Processes shows

    AntiKey.exe and aksrvnt.exe running

    and in fact as I was typing this the aksrvnt stopped running

    oh oh
     
  5. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    controler - Just did complete scans with TDS-3, The Cleaner and Tauscan (deep scans of everything with max heuristics on everything) - nada.

    Yes, AKL runs in the background after you install it - doesn't show up in the C/A/D list, but shows up well enough in TDS's 'Running processes' list (and can be killed from there) , or any number of other programs listings of running processes.

    Even removing the check-mark from in front of it in msconfig only lasts until the next time you run it - then it apparently checks itself again.

    If it's any consolation, checks of all my various logs have never revealed any attempts by this program to communicate anywhere (I don't like things that come back to life by themselves, so I keep an eye on them).

    Pete
     
  6. controler

    controler Guest

    I removed antikeylogger from startup.
    No reason it needs to be there. I will run my scans manualy.
    I haven't ran the program enough to know much about it.
    I think it is time to go fishing and get away from this computer for a bit :)
     
  7. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    As always: the TDS lab is happy if you forward them a sample so they can refine their detection databases.
    Thanks in advance.

    BTW: thought to find this AKL on the wilders d/l pages, but not, so i'll have to look at the URL posted in the other thread.
     
  8. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    A test and a review will do:

    www.wilders.org/spyware.htm

    we do mirror software - but not unlimited :cool:

    This software does not phone home in any way as Pete has stated correctly - and does run from DOS, if my memory doesn't play tricks on me. Thus no CAD will kill it.

    regards,

    paul
     
  9. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    hi controler,

    TDS aslo flags aksrvnt.exe on my XP....i have AKL installed on both my Win98se and XP to start up at bootup, but TDS doesn't flag it as a keylogger on my Win98se.....don't know why it would on one and not the other; both TDS-3 and AKL are the same as far as updates or versions.

    but i am taking it as a false/positive since i know what it is and nothing else i scan my pc's with flag it at all, and i've not seen it attempt once to ask for access to the net.
    ------
    oooh, now i know why it isn't being flagged on my Win98se.....because it is not ON my Win98se!
    That file, aksrvnt.exe isn't there at all??

    XP-Home: Antikey.exe ver. 1.0.0.1, d/l'ed Jun 30/02, size 408kb...and aksrvnt.exe is in the Windows/System32 folder and being flagged by TDS3

    Win98se: Antikey.exe ver. 1.0.0.1, d/l'ed Mar 11/02, size 422kb...and aksrvnt.exe isn't anywhere on that pc.

    this is strange....
    and when i tried to right-click on the Antikey.exe file that is on my XP, to view the properties my system slowed to a crawl, i almost thought it had locked up, which it has never done since i've had it.
     
  10. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    snapdragin - Please send the aksrvnt.exe file from the XP to DCS for analysis, okay?

    That way, they can pull it apart and either remove it from detection or tell us what's what.

    Thanks! Pete
     
  11. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi Spy1, i think i figured out why the aksrvnt.exe file isn't on my Win98se.....even though both Antikey.exe files on both machines show as Version 1.0.0.1....when i looked into each folder the readme.txt files contained different information (which makes sense now)

    the one i downloaded for the Win98se said this:

    Anti-keylogger for Windows 95/98/ME
    Vers 1.13
    March 11, 2002

    the one i downloaded for the XP-Home said this:

    Anti-keylogger for Windows 95/98/ME/NT/2000/XP
    version 2.0
    June 30, 2002

    so it looks like since the latest one includes XP compatible, and the version is actually 2.0....maybe that is why the aksrvnt.exe file is on the XP machine. Maybe because it's such a new release (June 30/02) TDS-3 is flagging it as "possible keylogger".....a false/positive?

    before i bother Gavin with it (since i REALLY want TDS-4 and don't want to trouble him with false/positives......do you think i should still send it in....along with the two copies of the different versions of Antikey.exe?
     
  12. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi snap,

    If only for excluding false flagging, DCS would surely appreciate the files for examination. Look upon it as a favor to Gavin ;).

    regards,

    paul
     
  13. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Thank you Paul and Spy1......i sent the Antikey.zip file that i had d/l'ed to my XP and the file, aksrvnt.exe that was being flagged. i also included the Ak10.zip file that i had d/l'ed to my Win98se that didn't have anything in it being flagged, just in case they wanted it for comparison. :)

    (4:38 am...ouch! past bed time!)

    goodnight :)
     
  14. controler

    controler Guest

    Hi all

    Sorry it took so long to get back. I couldn't connect to wilderssecurity
    this morning.

    I asked the software vender why I was getting that alert and also
    been having an error on boot. I didn't get an answer on the first question but their first responce to the error I was hacing was that I didn't have Admin right bujt of course I knew I did.
    They sent me the link to a new version. I still kept the old version for safe keeping ;)
    http://www.anti-keyloggers.com/antikey.zip

    After installing the latest I am getting a alert that one of the files I just installed with the Norton Beta Link that was just posted here contains a keylogger (ccapp.exe )
    Haven't heard back on that one yet.

    Here is what AntiKeylogger found after installing the Norton Beta 2003 somebody posted here. You will see reference to VBOX.
    I got thosse folders from Downloading but not yet installing that FREE copy of PC-Cillin somebody posted the link to and the company withdrew the offer the very next day.

    System scanning is started
    ------------------------------------------------------------
    [7/9/2002 1:58:11 PM]
    The following LOG-files are detected:
    - c:\program files
    ommon files\vbox\licenses\norton antivirus_2003_d6a6.lic
    LOG-files selected for verification:
    - c:\program files
    ommon files\vbox\licenses\norton antivirus_2003_d6a6.lic
    The following modules are detected:
    - c:\progra~1
    ommon~1\symant~1
    capp.exe

    d da da dats all folks
     
  15. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    My system runs so much better again since i uninstalled that program after several days try.
    After cleaning up my sytem might give it another try in near future with configuring it to start only manually and close it after a test.
     
  16. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    FYI:

    Confirmed false positive in the meanwhile; will be addressed as such.

    regards.

    paul
     
Thread Status:
Not open for further replies.