Re: AtomicLOG false positive?

Discussion in 'other anti-malware software' started by acr1965, Jan 25, 2007.

Thread Status:
Not open for further replies.
  1. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,964
    I run anti-spyware and anti-keylogger/rootkit/hidden processes programs daily and rarely use Spyware Terminator to scan. But since it had been a while with ST I decided to give it a go. To my surprise ST detected AtomicLOG, which according to a google search is a commercial keylogger. It also saw some posts that since AtomicLOG is a commercial product some anti-malware programs do not detect it (not sure I buy that entirely, but anyway). Could this be a false positive from ST?

    Unless this is a recently installed keylogger or false positive it has made its way past my NOD32's stealth scanner, Blacklight, Ashampoo anti-spyware plus rootkit/hidden proceses scanner, AVG Anti-Spyware, SuperAntiSpyware, Snoopfree and SSM full version.

    I just ran Ashampoo again which did not detect anything. I'll make sure the other programs are updated and run them all again. Could this possibly be a false positive for my recently installed Snoopfree?

    Any ideas?

    Thanks

    From SpywareGuide.com
     
    Last edited by a moderator: Jan 25, 2007
  2. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Re: AtomicLOG keylogger detected ??

    It is a commercial keylogger, I scanned this thing already months ago.
     
  3. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Re: AtomicLOG keylogger detected ??

    Would you mind posting the portion of the Scan report so We can have a look see of what it said it found and it's location Please.

    Bubba
     
  4. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,964
    Re: AtomicLOG keylogger detected ??

    From the "Scan Report"
    AtomicLOG:C:\Windows\system32\xitree.dll

    Under "Registry Scanning"
    AtomicLOG:HKCR\CLSID\{4A27D480-7278-11CF-9FFC-E9983B83C707}
    AtomicLOG:C:\WINDOWS\SYSTEM32\XITREE.DLL
     
  5. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,964
    Re: AtomicLOG keylogger detected ??

    I need to add that "Snoopfree" is highlighted in red but not noted as "spyware", just as an unknown. Also, FWIW-I just remembered that I have been unable to open and run my Trend-Micro Rootkitbuster the past couple days. But I have ran Blacklight without problem.
     
  6. ASpace

    ASpace Guest

    Hello . Upload that specific file (dll) to VirusTotal www.virustotal.com

    After that send a copy of it to support@eset.com and they'll decide if it needs to be detected or is a fp from Spyware Terminator :thumb:
     
  7. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,964
    I ran virustotal which did not detect a virus. They had the following additional info-

    Aditional Information
    File size: 282624 bytes
    MD5: b252bc89ff86bf9351893b2825e13c60
    SHA1: 5c97827079330af48926dcbff1c7e608f25521fc


    I also submitted the file to eset and noted that it was detected by ST as a keylogger.
     
  8. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,041
    i got an fp about atomiclog from spysweeper ages ago but it was only registry entries.
    but the program that found the atomiclog fp or not dono found a file.
    have you done a scan with superantispyware and a squared?
    lodore
     
  9. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,964
    I just finished the Kapersky online scan which did not detect any keylogger. But it did find what it thought to be a virus, but was left over from an old Spycar test.

    I am re-downloading my Counterspy right now. It seems that the AtomicLOG keylogger has been around a while and CS is pretty good at detecting such things. At least it has found similar items in the past.

    FWIW- is it a bit odd for some random site or person to place a commercial keylogger in someone else's system? This is a home computer, not one from work. Although I have sent email from work home before I believe they were just all text documents.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.