In reference to this thread: http://www.misec.net/forum/board/THGuard/1213034745 6/11/2008 8:40:01 AM Real-time file system protection file C:\Program Files\PDM\PDM.exe a variant of Win32/KeyLogger.Ardamax application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\TrojanHunter 5.0\TrojanHunter.exe.
I updated the thread there at the TH forum, if anyone's interested. Pete NOD32 caught it by itself when I finally set NOD right 6/11/2008 11:04:38 AM Real-time file system protection file C:\PROGRAM FILES\PDM\PDM.EXE a variant of Win32/KeyLogger.Ardamax application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\PDM\PDM.exe. *Note - All results posted here were done using only the trial version of the keylogger - I have no idea whether results would vary if I used the full version, because I'm not about to purchase it. The full version has a lot of nifty "stealth" features that the "trial" version doesn't. So, detection of the "full" (registered) version is problematic. I'm sure you're all also aware of the fact that someone with un-hindered access to your computer could both install, hide and allow the keylogger to run invisibly if you did not have your A/V pass-word protected (same goes for SpyCop).