desktopsurveil

Discussion in 'malware problems & news' started by kritdw, Aug 14, 2008.

Thread Status:
Not open for further replies.
  1. kritdw

    kritdw Registered Member

    Joined:
    Aug 14, 2008
    Posts:
    10
    I picked up the trial version of system mechanic 10 days ago.. it worked very well and improved my PC performance but i wasnt expecting it to find any spyware. I was shocked when it found a keylogger by the name of desktopsurveil! . I have kaspersky, ad-aware, spyware terminator, a squared all running in my pc but they couldnt find it! (all with latest definitions)
    I even tried SUPERantispyware to no avail!
    Could this be a false positive from system mechanic? inciting me to buy?
    The problem is that even after it disinfects, after another boot and another search the keylogger is back!

    Google search shows norton identifies the keylogger but i think it is mistaking it for desktop surveillance from omniquad which can only be manually installed! (which i havent!)
    I anyway tried norton 360 but it just refused to install on my pc (network driver error)

    Any help? I also found that this spyware is related to junfan.exe or something from a program but i didnt install it at all!

    Link(Norton) --------> http://www.symantec.com/security_response/writeup.jsp?docid=2004-092111-1952-99
     
  2. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    It's probably a false positive. Which is the exact location of the infected file? Upload it to virustotal.com and see. You shouldn't rely too much on those anti spywares that come with this optimization softwares.
     
  3. kritdw

    kritdw Registered Member

    Joined:
    Aug 14, 2008
    Posts:
    10
    Thanks for your reply
    I do not use it as my spyware scanner.
    i have kaspersky and spyware terminator for real time protection along with a squared and ad aware for on demand.
    Just when i clicked optimize it said that there is one spyware than can motentially damage your comp. I looked for where it was but it just shows blank!! I thinking more and more of this being a false positive.
    I have attached an image so you can understand better

    http://img29.picoodle.com/img/img29/3/8/14/f_desktopsurvm_f6cb002.gif

    http://img29.picoodle.com/img/img29/3/8/14/f_desktopsurvm_f6cb002.gif
     
  4. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    If you searched for that kind of threat and there's not any trace of it in your computer it must be a false positive.
     
  5. kritdw

    kritdw Registered Member

    Joined:
    Aug 14, 2008
    Posts:
    10
    Right so i scan for threats and found one but it doesnt have any location as per the scanner.
    Kaspersky, Avira, Spyware terminator, threatfire, a squared, Ad aware, SUPERanti spyware -- i have checked all of them but they didnt find anything!

    I think it really is a false positive now
    Interestingly, sypthon or the system mechanic site gives details of this spyware and rank it as the number one malware (left column)

    http://www.spython.com/spywaredetails.aspx?id=7ee2333b-db24-474f-be2f-a26bd445a212
     
  6. kritdw

    kritdw Registered Member

    Joined:
    Aug 14, 2008
    Posts:
    10

    BUMP!
     
  7. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,924
    Location:
    U.S.A.
    kritdw, try NoHijack. Here's their Hijacker List and Win32.Spyware.DsktopSurveil! is included.
    Post back and let us know if this program solves your problem.
     
  8. kritdw

    kritdw Registered Member

    Joined:
    Aug 14, 2008
    Posts:
    10
    That doesnt work. The program itself doesnt work and i dont know how to remove it! It is only an exe launch or an install?
    It just opens some script thats it.
    Man... now i AM worried... i guess the last try i can do is try to install norton 2008 as they do recognize it but they think its a manually installed program!
    Thanks for the help
     
  9. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,924
    Location:
    U.S.A.
    kritdw, NoHijack does not install, it's only an exe that opens a DOS command window to run the program scanning your PC. You can delete it if you want.

    You could run that System Mechanic folder through Virus Total and/or Jotti's Malware Scan to see what they find.
     
  10. kritdw

    kritdw Registered Member

    Joined:
    Aug 14, 2008
    Posts:
    10
    Thanks for your reply
    What do you mean by System Mechanic folder? The program files folder of system mechanic or the infected folder that doesnt exist
    have a look
    http://img29.picoodle.com/img/img29/3/8/14/f_desktopsurvm_f6cb002.gif
     
  11. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,924
    Location:
    U.S.A.
    The reason why I said the System Mechanic folder is that you did not have this FP showing, until you installed that program, so if you take the files that make up System Mechanic and run them via the 2 online scans, you might find that the issue lies within System Mechanic, not anywhere else. Although you already have it, you could run your entire PC through Kaspersky Online Virus Scanner for a second opinion as well.
     
  12. kritdw

    kritdw Registered Member

    Joined:
    Aug 14, 2008
    Posts:
    10
    I did the online scanner and that didnt find a thing!
    Any other ideas?
     
  13. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,924
    Location:
    U.S.A.
    kritdw, you have proven, at least to yourself, that you have a False Positive since System Mechanic doesn't even give you a file location!

    From your first post, I see that your PC is very well armedl, so I don't know why you were trying out SM. If I were you, I would get rid of SM because everything that SM does, can be done online for free. Try PC Pistop.
     
  14. kritdw

    kritdw Registered Member

    Joined:
    Aug 14, 2008
    Posts:
    10
    Thanks buddy.
    I recon its something with system mechanic as after i installed it.. my comp went beserk.. sometimes it switched off by itself.. started by itself and even gave sometimes blue screen saying irql not less or equal!
    Bye bye sytem mechanic!!!
     
  15. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,924
    Location:
    U.S.A.
    That's a wise decision, kritdw! Just in case, SM does not want to go away cleanly, use Revo Uninstaller to completely uninstall the program. It wouldn't hurt to use CrapCleaner as well. Take care.
     
  16. kritdw

    kritdw Registered Member

    Joined:
    Aug 14, 2008
    Posts:
    10
    I already use revo uninstaller for uninstalling.
    I will do that now and will tell you how it went, whether my comp stopped booting up/ shutting down on its own free will.
     
  17. kritdw

    kritdw Registered Member

    Joined:
    Aug 14, 2008
    Posts:
    10

    Ok.. system mechanic out.. problems are out!
    i havent had any blue screen errors, the computer doesnt startup and shutdown at its own free will and it infact is faster!
    Thank god i removed this useless application!
    My advice : try glary utilities, an enhanced free version of this apps that works!
     
Thread Status:
Not open for further replies.