spy.spyanytime

Discussion in 'ESET NOD32 Antivirus' started by beethoven, Oct 2, 2009.

Thread Status:
Not open for further replies.
  1. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,040
    I am interested in downloading a new program called rocket typing http://www.easy-to-use-software.com/html/rocket-typing and wonder if it is safe.

    Two weeks ago using Nod V3 my download was aborted due to an alert. Since then I have upgraded to V4 which is supposedly better in detection. Just now I dl the file again - not a peep. I then scanned the file - clean.
    I uploaded the file to jotti and virustotal and on jotti Dr.Web and Nod give an alert, on Virustotal only NOD says spy.spyanytime.

    I am a bit confused - should my installed AV not show the same result? Given the overall showing is it likely that this is a fp?

    I am running V4 "out of the box" - any config that should be changed to flag this program?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I assume it's a legit program that uses a dll exploited by keyloggers to log key strokes. ESET detects it as Win32/Spy.SpyAnytime potentially unsafe application (PUA). PUA cover legit tools that can be exploited for malicious purposes and are disabled by default.
     
  3. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,040
    Marcos,
    thanks for that.

    Still leaves two questions for me:
    1) Is my current out of the box config for V4 less "thorough" or paranoid than my previous V3 set-up? Should I amend my set-up config?

    2) why are jotti and antivirus showing different results for NOD? Are they using different versions?
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    They both have all settings enabled, including potentially unsafe applications (PUA). You can enable PUA individually for each module (ie. real-time, web, email protection, on-demand scanner, etc.) and add the dll to the exclusion list so that it's not detected.
     
Thread Status:
Not open for further replies.