007 Keylogger, is this true?

Discussion in 'privacy problems' started by luvish, Oct 26, 2004.

Thread Status:
Not open for further replies.
  1. luvish

    luvish Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    5
    Help me pelase I have got very strange problem regarding keylogging spyware.

    One day t scanned my PC using Spyware Doctor (hereafter, SD), found 12 dangerous registry values, 4 are related to "007 keylogger" and the other 8 are related to "Virtual bounce". Tried to remove those registries on SD. As soon as I deleted the registry, my PC request me to provide Windows 2003 install CD to replace TAPICFG.EXE etc. So I prodived the CD and end the SD. Reboot my system and give one more scan, then again the same result, 12 dangeorus registry values discovered exactly the same I deleted just before.

    Next time, I deleted the entire registry line one by one by my hand. Ala!...Scaning after reboot shows the same result again!!.

    I tried to scan my PC using several different spyware program, Spy sweeper, Spy aware, Petpatrol, etc. as well as several Anti Virus program, including Kaspersky, SAV, RAV, F-Prot. None of them found the problem and any other suspicious thing in my system, but still SD reports me there IS keylogging related registry in my system.

    PS: I can not find any suspicious program running on my system. checked with window default taks manager as well as security task manager program.

    Anyway,
    here is the registry SD reported as 007 keylogging related registry value. Please see the registry and give me your idea, any idea will be appreciated.

    My OS is Windows 2003 Standard.

    --------------------------

    [HKEY_CLASSES_ROOT\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}]

    [HKEY_CLASSES_ROOT\InetCtls.Inet.1\CLSID]

    [HKEY_CLASSES_ROOT\InetCtls.Inet\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{48E59293-9880-11CF-9754-00AA00C00908}]


    [HKEY_CLASSES_ROOT\Interface\{48E59291-9880-11CF-9754-00AA00C00908}]
    @="IInet"

    [HKEY_CLASSES_ROOT\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_CLASSES_ROOT\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_CLASSES_ROOT\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib]
    @="{48E59290-9880-11CF-9754-00AA00C00908}"
    "Version"="1.0"


    [HKEY_CLASSES_ROOT\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\TypeLib]

    [HKEY_CLASSES_ROOT\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib]

    [HKEY_CLASSES_ROOT\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib]

    [HKEY_CLASSES_ROOT\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}]
     
  2. dumbCrab

    dumbCrab Guest

    Hi there,

    I also had the 007 Keylogger problem these a couple of days. I was trying Spyware Doctor too. The cause of my problem turned out to be Track Eraser Pro (TEP) 5.0. I am not sure if it is a 'real' problem. Maybe it's just a false positive of Spyware Doctor, or maybe TEP indeed intalls spyware on my computer. Anyway, just to play it safe, I finally decided to uninstall TEP, and use crap cleaner instead. So, if you are using TEP, that may have caused the 007 Keylogger detection by Spyware Doctor.
     
  3. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Hi,

    Spyware Doctor also found 007 keylogger and 8 entries of Virtual bouncer. I am most certain that they are false/positive. As for keylogger, I have spycop whose telling me that my system have no keylogger in it, and, let just say, I have more trust in spycop to find keylogger than spyware doctor.

    As for virtual bouncer, I have send them my log to the technical support of spyware doctor so they can confirm or not if they were false/positive but no one seems to understand english or what so ever. They only answers me a lot of crap!!!! They're technical support simply sucks!!! They are not even able to check the log we send them to verify if what their product found are false/positive or not? Very, very disappointing... snif! snif! snif!

    Atomas31
     
  4. luvish

    luvish Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    5
    thanks very much for your answers.
    As Atomas31 and Dumbcrap pointed out, the cause is TrackEraser. After uninstalled TE, the warning siren of SD no longer heard.

    Although I think the 007 keylogging is a false warning, decideded to uninstall TE anyway.

    Thanks once again.
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    LMAO, ahummmmm think you need to check the spelling of Dumbcrab ;) :D

    :D :cool: :D :cool: :D
     
  6. half baked

    half baked Guest

    Yes 007 keylogger is a false positive in Spyware Doctor, but i am getting the detection and I don't have Tracks Eraser installed and never have had it installed.

    Right now Spyware Doctor's malware staff is working on improving it's keylogger detection, so for now it would be a good idea to rely on another app for keylogger detection.

    Funny though when I have talked to them they all spoke perfect english.
     
  7. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    There is absolutely nothing hinky about TracksEraserPro.

    This whole situation was gone through in this thread when the same problem occurred with SBS&D throwing up a F/P on that program:

    Net-Integration thread (see pages two and three) - and it was concluded here:

    NI post.

    Just to keep the record straight. Pete
     
  8. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    I don't know if is Tracks Eraser Pro the problem wich I never had this software? So, how can I have the same positive if I don't have the software Tracks Eraser Pro?... Hum... that's strange.

    Half baked, you are right they are all speaking and writting a perfect english but what I mean is that they must not understand it well enough to give answers that actually answers my questions. I send them an email to ask them to check and confirm my log and they were keeping to send me info and solution about problems (wich I didn't have any?), when the only thing I was asking was to check my log and confirm that the things found by spyware doctor were legit or not legit false/Positive.

    Atomas31
     
  9. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Atomas31 - I was only referring to the "007 K/L" type hits. If you've never had T.E.P on your computer, is it possible you've had (or have) InternetWasher?

    The long and the short of this seems to be that Spyware Doctor can't be relied on at this point in time. If you're going to continue to use it, make
    sure that you don't have it set to "automatically" quarantine or delete anything it "finds" - always cross-check your results with something more dependable. Pete
     
  10. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Hi Spy1,

    I think I might had Internet Washer on my system at one point but I don't remember. But, unless I am mistaken, this is in no way a keylogger or else spycop will have detect him a long time ago...

    By the way, don't worry you can be sure that I don't have spyware doctor automatically quarantine or delete anything he find!

    Atomas31
     
  11. Yamtien

    Yamtien Guest

    I have the same problem - 12 invections + avertise comes when i restart computer. How to disable that?
     
Thread Status:
Not open for further replies.