aksrvnt.exe

Anybody else get this detection with TDS-3 after installing
Anti-Keylogger ?

aksrvnt.exe positive identification possible Keylogger

 

I'm sure I didn't get it last time I scanned (I had already installed the latest version of AKL), but I'll check it again. Pete

*Did you have AKL running at the time of the scan?

 

Hi

I get an error from Anti-Keylogger everytime I boot up
I sent the report to their support but won't hear back till next weel I
am sure. I just installed it today. Thisn is the same company that produces about 3 keyloggers themselves.
Just wondering if it is a false possitive or not.
I am not sure yet they are trying to start up on boot.
TDS is telling me my run reg has changed though.
oh oh

 

Even though I didn't not start up Antikeylogger

Windows Task Manager - Processes shows

AntiKey.exe and aksrvnt.exe running

and in fact as I was typing this the aksrvnt stopped running

oh oh

 

controler - Just did complete scans with TDS-3, The Cleaner and Tauscan (deep scans of everything with max heuristics on everything) - nada.

Yes, AKL runs in the background after you install it - doesn't show up in the C/A/D list, but shows up well enough in TDS's 'Running processes' list (and can be killed from there) , or any number of other programs listings of running processes.

Even removing the check-mark from in front of it in msconfig only lasts until the next time you run it - then it apparently checks itself again.

If it's any consolation, checks of all my various logs have never revealed any attempts by this program to communicate anywhere (I don't like things that come back to life by themselves, so I keep an eye on them).

Pete

 

I removed antikeylogger from startup.
No reason it needs to be there. I will run my scans manualy.
I haven't ran the program enough to know much about it.
I think it is time to go fishing and get away from this computer for a bit

 

As always: the TDS lab is happy if you forward them a sample so they can refine their detection databases.
Thanks in advance.

BTW: thought to find this AKL on the wilders d/l pages, but not, so i'll have to look at the URL posted in the other thread.

 

hi controler,

TDS aslo flags aksrvnt.exe on my XP....i have AKL installed on both my Win98se and XP to start up at bootup, but TDS doesn't flag it as a keylogger on my Win98se.....don't know why it would on one and not the other; both TDS-3 and AKL are the same as far as updates or versions.

but i am taking it as a false/positive since i know what it is and nothing else i scan my pc's with flag it at all, and i've not seen it attempt once to ask for access to the net.
------
oooh, now i know why it isn't being flagged on my Win98se.....because it is not ON my Win98se!
That file, aksrvnt.exe isn't there at all??

XP-Home: Antikey.exe ver. 1.0.0.1, d/l'ed Jun 30/02, size 408kb...and aksrvnt.exe is in the Windows/System32 folder and being flagged by TDS3

Win98se: Antikey.exe ver. 1.0.0.1, d/l'ed Mar 11/02, size 422kb...and aksrvnt.exe isn't anywhere on that pc.

this is strange....
and when i tried to right-click on the Antikey.exe file that is on my XP, to view the properties my system slowed to a crawl, i almost thought it had locked up, which it has never done since i've had it.

 

snapdragin - Please send the aksrvnt.exe file from the XP to DCS for analysis, okay?

That way, they can pull it apart and either remove it from detection or tell us what's what.

Thanks! Pete

 

Hi Spy1, i think i figured out why the aksrvnt.exe file isn't on my Win98se.....even though both Antikey.exe files on both machines show as Version 1.0.0.1....when i looked into each folder the readme.txt files contained different information (which makes sense now)

the one i downloaded for the Win98se said this:

Anti-keylogger for Windows 95/98/ME
Vers 1.13
March 11, 2002

the one i downloaded for the XP-Home said this:

Anti-keylogger for Windows 95/98/ME/NT/2000/XP
version 2.0
June 30, 2002

so it looks like since the latest one includes XP compatible, and the version is actually 2.0....maybe that is why the aksrvnt.exe file is on the XP machine. Maybe because it's such a new release (June 30/02) TDS-3 is flagging it as "possible keylogger".....a false/positive?

before i bother Gavin with it (since i REALLY want TDS-4 and don't want to trouble him with false/positives......do you think i should still send it in....along with the two copies of the different versions of Antikey.exe?

 

Thank you Paul and Spy1......i sent the Antikey.zip file that i had d/l'ed to my XP and the file, aksrvnt.exe that was being flagged. i also included the Ak10.zip file that i had d/l'ed to my Win98se that didn't have anything in it being flagged, just in case they wanted it for comparison.

(4:38 am...ouch! past bed time!)

goodnight

 

Hi all

Sorry it took so long to get back. I couldn't connect to wilderssecurity
this morning.

I asked the software vender why I was getting that alert and also
been having an error on boot. I didn't get an answer on the first question but their first responce to the error I was hacing was that I didn't have Admin right bujt of course I knew I did.
They sent me the link to a new version. I still kept the old version for safe keeping
http://www.anti-keyloggers.com/antikey.zip

After installing the latest I am getting a alert that one of the files I just installed with the Norton Beta Link that was just posted here contains a keylogger (ccapp.exe )
Haven't heard back on that one yet.

Here is what AntiKeylogger found after installing the Norton Beta 2003 somebody posted here. You will see reference to VBOX.
I got thosse folders from Downloading but not yet installing that FREE copy of PC-Cillin somebody posted the link to and the company withdrew the offer the very next day.

System scanning is started
------------------------------------------------------------
[7/9/2002 1:58:11 PM]
The following LOG-files are detected:
- c:\program files
ommon files\vbox\licenses\norton antivirus_2003_d6a6.lic
LOG-files selected for verification:
- c:\program files
ommon files\vbox\licenses\norton antivirus_2003_d6a6.lic
The following modules are detected:
- c:\progra~1
ommon~1\symant~1
capp.exe

d da da dats all folks

 

My system runs so much better again since i uninstalled that program after several days try.
After cleaning up my sytem might give it another try in near future with configuring it to start only manually and close it after a test.