AntiVir is detecting SPR/KeyLogger.S.2

Discussion in 'other anti-virus software' started by acr45, Feb 23, 2007.

Thread Status:
Not open for further replies.
  1. acr45

    acr45 Registered Member

    Joined:
    Oct 26, 2006
    Posts:
    63
    AntiVir is detecting a keylogger called SPR/KeyLogger.S.2 found in D:\i386\Apps\App30984\support4.exe which is the recovery part of my drive. Is this a false positive or should I quarantine it?
     
  2. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    Better you send the file to Avira's lab for checking. Additionally, try the free online virus scan services like virustotal and Jotti.

    In the meantime quarantine it.
     
  3. pilotart

    pilotart Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    377
  4. acr45

    acr45 Registered Member

    Joined:
    Oct 26, 2006
    Posts:
    63
    I can't upload the file because my D: Drive is locked
    http://i79.photobucket.com/albums/j127/acr45/PCAngel.jpg

    Is there any way I can get around this.

    Also I was thinking about leaving AntiVir on my computer as a backup scanner and putting AOL Virus Shield on here as my main real-time scanner. Are there any conflicts between these two? I know how to deactivate AntiVir's Guard but it always activates again when I reboot. How to I turn it off permanently so I can install AOL or any other antivirus app that I may won't to install later.

    Thank You
     
  5. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    I don't see what you would gain from that. Antivir is among the best.
     
  6. acr45

    acr45 Registered Member

    Joined:
    Oct 26, 2006
    Posts:
    63
    I know that's why i'm keeping it.
     
  7. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    Just uninstall it and put on green light to AVS.
    Since it's powered by Kaspersky you won't regret a thing :thumb:
     
  8. NanDog

    NanDog Registered Member

    Joined:
    Jan 22, 2004
    Posts:
    165
    Location:
    Tacoma, WA, USA
    I know, that here in May 2007, this reply is a little late but hopefully it will help anyone else who googles on "support4.exe."

    As with the OP, I too had a hit on support4.exe a couple of weeks ago.

    My licensed version of TrojanHunter picked it up as a "possible" trojan on my D: drive, which is my system recovery partition. As with the OP here, that partition was locked by my Gateway installed "PC Angel" program. I couldn't access the file with Explorer or anything else.

    I wound up allowing TH to "clean" the file which placed it into quarantine. Fron there I zipped it and submitted it to TH for analysis.

    This is the thread on the Trojan Hunter forum board: http://www.misec.net/forum/board/Trojans/1180397871

    Here's the e-mail reply from Gavin Coe (formerly with DCS):

    "Hi,

    You can unquarantine the file, its an Autoit program which commonly cause FP with other scanners too.


    Best regards,
    Gavin Coe
    Trojan Analyst
    Mischel Internet Security
    http://www.misec.net"

    So although nasties may hide themselves under this legit filename (submit it if you're in doubt), my hit by Trojan Hunter was a FP.

    Hope this can help others who get this warning from their AT/AV programs.

    NanDog
     
Loading...
Thread Status:
Not open for further replies.