Re: AtomicLOG false positive?

Discussion in 'other anti-malware software' started by acr1965, Jan 25, 2007.

Thread Status:
Not open for further replies.
  1. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I run anti-spyware and anti-keylogger/rootkit/hidden processes programs daily and rarely use Spyware Terminator to scan. But since it had been a while with ST I decided to give it a go. To my surprise ST detected AtomicLOG, which according to a google search is a commercial keylogger. It also saw some posts that since AtomicLOG is a commercial product some anti-malware programs do not detect it (not sure I buy that entirely, but anyway). Could this be a false positive from ST?

    Unless this is a recently installed keylogger or false positive it has made its way past my NOD32's stealth scanner, Blacklight, Ashampoo anti-spyware plus rootkit/hidden proceses scanner, AVG Anti-Spyware, SuperAntiSpyware, Snoopfree and SSM full version.

    I just ran Ashampoo again which did not detect anything. I'll make sure the other programs are updated and run them all again. Could this possibly be a false positive for my recently installed Snoopfree?

    Any ideas?

    Thanks

    From SpywareGuide.com
     
    Last edited by a moderator: Jan 25, 2007
  2. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Re: AtomicLOG keylogger detected ??

    It is a commercial keylogger, I scanned this thing already months ago.
     
  3. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Re: AtomicLOG keylogger detected ??

    Would you mind posting the portion of the Scan report so We can have a look see of what it said it found and it's location Please.

    Bubba
     
  4. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Re: AtomicLOG keylogger detected ??

    From the "Scan Report"
    AtomicLOG:C:\Windows\system32\xitree.dll

    Under "Registry Scanning"
    AtomicLOG:HKCR\CLSID\{4A27D480-7278-11CF-9FFC-E9983B83C707}
    AtomicLOG:C:\WINDOWS\SYSTEM32\XITREE.DLL
     
  5. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Re: AtomicLOG keylogger detected ??

    I need to add that "Snoopfree" is highlighted in red but not noted as "spyware", just as an unknown. Also, FWIW-I just remembered that I have been unable to open and run my Trend-Micro Rootkitbuster the past couple days. But I have ran Blacklight without problem.
     
  6. ASpace

    ASpace Guest

    Hello . Upload that specific file (dll) to VirusTotal www.virustotal.com

    After that send a copy of it to support@eset.com and they'll decide if it needs to be detected or is a fp from Spyware Terminator :thumb:
     
  7. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I ran virustotal which did not detect a virus. They had the following additional info-

    Aditional Information
    File size: 282624 bytes
    MD5: b252bc89ff86bf9351893b2825e13c60
    SHA1: 5c97827079330af48926dcbff1c7e608f25521fc


    I also submitted the file to eset and noted that it was detected by ST as a keylogger.
     
  8. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    i got an fp about atomiclog from spysweeper ages ago but it was only registry entries.
    but the program that found the atomiclog fp or not dono found a file.
    have you done a scan with superantispyware and a squared?
    lodore
     
  9. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I just finished the Kapersky online scan which did not detect any keylogger. But it did find what it thought to be a virus, but was left over from an old Spycar test.

    I am re-downloading my Counterspy right now. It seems that the AtomicLOG keylogger has been around a while and CS is pretty good at detecting such things. At least it has found similar items in the past.

    FWIW- is it a bit odd for some random site or person to place a commercial keylogger in someone else's system? This is a home computer, not one from work. Although I have sent email from work home before I believe they were just all text documents.
     
Loading...
Thread Status:
Not open for further replies.