Zemana allerted about the following on a Vista laptop!

I'm not sure if it has anything to do with the MS updates this week. I did allow it as I wasn't even going to enter any passwords anyway. Any theories? Thank you! Here is the log:
Permission = 1
Action = Allowed
Description = Windows Explorer
Process Name = explorer.exe
Process Path = C:\Windows\explorer.exe
Component = explorer.exe
Company = (Verified) Microsoft Corporation
Activity = KeyLogger (Type: 3)
MD5 Hash = D07D4C3038F3578FFCE1C0237F2A1253
Date = 15/10/2011 - 9:36:56 AM

 

my guess is that Zemana was being 'trigger happy'.

 

Did a google search on the given MD5 and found this:

-http://www.misec.net/trojaninfo/d07d4c3038f3578ffce1c0237f2a1253-

The site reports the MD5 belongs to a trojan "explorer.exe"

SourMilk out

 

@ ratchet

moontan is "probably" right, but it is odd. It's "possible that malware etc "could" have injected itself into explorer.exe.

Not sure what to make of SourMilk's link ?

Upload the file to VT etc & scan locally

 

CloneRanger is right, better be safe than sorry.

have you scanned your system with on-demand scanners?

 

I did immediately run Malwarebytes and it turned up clean! I didn't scan with Norton.

 

you can also try Hitman Pro.
HMP scans with 5 or 6 different AV engines.
it never hurts to have multiple 'opinions'.

 

So I did a quick Norton scan but it didn't turn up anything. Have been running a full scan, still going. Is there anything that can strictly scan for keyloggers?

 

you could give Kaspersky TDSSKiller a try:
-http://www.majorgeeks.com/Kaspersky_TDSSKiller_d6895.html

the experts here @ Wilders recommend to use boot CDs to scan for malware at boot time.
i've never used those so i'll let someone else get into that topic...

 

Norton's Full System Scan found two trojans (supposedly). They were something 5 (don't think it was MD5) that were there for 2.5 years. Their path was a Burnaware uninstall file. So I don't know! The fact that it was the first time I booted since Tuesdays updates still leads me to believe it had something to do with that. Zemana has been on that PC for about six months and I haven't missed any updates. I just boot it weekly to update the anti-malware definitions and surf 99% inside Sandboxie. Not to say stranger things have happened. I never do any commerce on it and it has never been on a public network, although once a year or so it might get used at a beach house or some other vacation rental but have never had any alerts then or in my children's homes.

 

From VT: 4 VT Community user(s) with a total of 16245 reputation credit(s) say(s) this sample is goodware. 2 VT Community user(s) with a total of 2 reputation credit(s) say(s) this sample is malware.
goodware
Safety score: 100.0%
Also, thank you for the concern and help!

 

@ ratchet

Depends where you got Burnaware from ? If it was direct it's "probably" a FP !

Strange why Norton was silent for 2.5 years though ?

That's relief, if it was a nasty

 

Been using Norton maybe six months or so. Have never done a "full" scan with any anti-malware product. Didn't even think to do it with Malwarebytes. I suppose I shouldn't be so cavalier when it comes to security!

 

I don't think this has anything to do with malware injecting itself into Explorer or something malware related cause I had a very same type of alert a few months back from Spyshelter and it was after I had done a very fresh OS install.I feel this is a FP due to behavioural analysis these applications employ.