removeany registry entry for lightlogger

Discussion in 'other anti-malware software' started by Steven Avery, Mar 31, 2009.

Thread Status:
Not open for further replies.
  1. Steven Avery

    Steven Avery Registered Member

    Joined:
    Nov 13, 2007
    Posts:
    110
    Hi Folks,

    I believe the RemoveAny developer is PROROOTECT, on forum, so I have a question.

    With RemoveAny on the system I now have a regsitry entry "Trace.directory.LightLogger 1.3!AZ" that was noted by A2. Logging stuff is one of the most sensitive areas of security, so why have a registry entry for an unrelated product ?

    Shalom,
    Steven Avery
     
  2. Steven Avery

    Steven Avery Registered Member

    Joined:
    Nov 13, 2007
    Posts:
    110
    A little bump for PROROOTECT.
     
  3. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Welcome Steven, shalom!

    Well, I'm not the developer of RemoveAny, but a user like you.

    If you no longer LightLogger, simply remove this entry in the registry. It is true that AntiVir did not even liked this LightLogger, so I've not installed. Yet it is certainly a FP - False Positive.

    RemoveAny is sufficient.

    Yours PROROOTECT:thumb:
     
  4. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    So Steve, you answer me? ...:argh:
     
  5. Steven Avery

    Steven Avery Registered Member

    Joined:
    Nov 13, 2007
    Posts:
    110
    removeany malware concerns from Avira

    Hi PROROOTECT,

    Sure. Please underestand, I never installed LightLogger. Why is removeany dropping in a lightlogger registry entry (which is almost surely what happened, it is related to the heavenward directory). I would not mind a false positive on LightLogger (par for the course .. it is a keylog related program) but I want security developers to be careful and only put in registry entries related to the program. If I don't install LightLogger (never have) I do not want to see a registry entry related to the program.

    Now, on top of that, Avira is saying that the RemoveAny.sys file under C:\Windows\System32\Drivers\RemoveAny.sys is a "high risk" "Trojan-Dropper.Agent!IK".

    I realize that Avira is very capable of false positives, however why there is anything that Avira would pick up that way is curious. Granted it could be the tendency of anti-virus programs to get alarmed at each others heuristics and various elements.

    Shalom,
    Steven
     
  6. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Yes, it's a little strange ...

    If you have Avira AntiVir like me - it is sufficient; you do not need of RemoveAny. I removed RemoveAny me also.

    Uninstall RemoveAny on Add/Remove Programs.

    In Registry: delete entries from HeavenWard - RemoveAny and LightLogger ... Now I remember, I had the same entries in Registry! Right click/ Delete.

    With Avira - you are on the way to victory!


    Shalom, Yours PROROOTECT:thumb:
     
  7. Steven Avery

    Steven Avery Registered Member

    Joined:
    Nov 13, 2007
    Posts:
    110
    Hi Folks,

    Thanks, Prorootect.

    I found a German thread that may be discussing this, on Avira forums, so I put a post in asking for some cross-language explanation.

    http://forum.avira.com/wbb/index.php?page=Thread&threadID=87795
    RemoveAny.sys Trojan.dropper.Agent!IK

    German thread.

    http://forum.avira.com/wbb/index.php?page=Thread&threadID=86718
    Virenfund in RemoveAny.sys (TR/Dldr.Agent.boyt) - Viruses and other security risks - Avira Support Forum

    Also I may send the author an email asking for his comments.

    Shalom,
    Steven
     
    Last edited: Apr 8, 2009
Thread Status:
Not open for further replies.