Re: AtomicLOG false positive?

I run anti-spyware and anti-keylogger/rootkit/hidden processes programs daily and rarely use Spyware Terminator to scan. But since it had been a while with ST I decided to give it a go. To my surprise ST detected AtomicLOG, which according to a google search is a commercial keylogger. It also saw some posts that since AtomicLOG is a commercial product some anti-malware programs do not detect it (not sure I buy that entirely, but anyway). Could this be a false positive from ST?

Unless this is a recently installed keylogger or false positive it has made its way past my NOD32's stealth scanner, Blacklight, Ashampoo anti-spyware plus rootkit/hidden proceses scanner, AVG Anti-Spyware, SuperAntiSpyware, Snoopfree and SSM full version.

I just ran Ashampoo again which did not detect anything. I'll make sure the other programs are updated and run them all again. Could this possibly be a false positive for my recently installed Snoopfree?

Any ideas?

Thanks

From SpywareGuide.com

 

Re: AtomicLOG keylogger detected ??

It is a commercial keylogger, I scanned this thing already months ago.

 

Re: AtomicLOG keylogger detected ??

Would you mind posting the portion of the Scan report so We can have a look see of what it said it found and it's location Please.

Bubba

 

Re: AtomicLOG keylogger detected ??

From the "Scan Report"
AtomicLOG:C:\Windows\system32\xitree.dll

Under "Registry Scanning"
AtomicLOG:HKCR\CLSID\{4A27D480-7278-11CF-9FFC-E9983B83C707}
AtomicLOG:C:\WINDOWS\SYSTEM32\XITREE.DLL

 

Re: AtomicLOG keylogger detected ??

I need to add that "Snoopfree" is highlighted in red but not noted as "spyware", just as an unknown. Also, FWIW-I just remembered that I have been unable to open and run my Trend-Micro Rootkitbuster the past couple days. But I have ran Blacklight without problem.

 

Hello . Upload that specific file (dll) to VirusTotal www.virustotal.com

After that send a copy of it to support@eset.com and they'll decide if it needs to be detected or is a fp from Spyware Terminator

 

I ran virustotal which did not detect a virus. They had the following additional info-

Aditional Information
File size: 282624 bytes
MD5: b252bc89ff86bf9351893b2825e13c60
SHA1: 5c97827079330af48926dcbff1c7e608f25521fc


I also submitted the file to eset and noted that it was detected by ST as a keylogger.

 

i got an fp about atomiclog from spysweeper ages ago but it was only registry entries.
but the program that found the atomiclog fp or not dono found a file.
have you done a scan with superantispyware and a squared?
lodore

 

I just finished the Kapersky online scan which did not detect any keylogger. But it did find what it thought to be a virus, but was left over from an old Spycar test.

I am re-downloading my Counterspy right now. It seems that the AtomicLOG keylogger has been around a while and CS is pretty good at detecting such things. At least it has found similar items in the past.

FWIW- is it a bit odd for some random site or person to place a commercial keylogger in someone else's system? This is a home computer, not one from work. Although I have sent email from work home before I believe they were just all text documents.