spy.spyanytime

Discussion in 'ESET NOD32 Antivirus' started by beethoven, Oct 2, 2009.

Thread Status:
Not open for further replies.
  1. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,156
    I am interested in downloading a new program called rocket typing http://www.easy-to-use-software.com/html/rocket-typing and wonder if it is safe.

    Two weeks ago using Nod V3 my download was aborted due to an alert. Since then I have upgraded to V4 which is supposedly better in detection. Just now I dl the file again - not a peep. I then scanned the file - clean.
    I uploaded the file to jotti and virustotal and on jotti Dr.Web and Nod give an alert, on Virustotal only NOD says spy.spyanytime.

    I am a bit confused - should my installed AV not show the same result? Given the overall showing is it likely that this is a fp?

    I am running V4 "out of the box" - any config that should be changed to flag this program?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,415
    I assume it's a legit program that uses a dll exploited by keyloggers to log key strokes. ESET detects it as Win32/Spy.SpyAnytime potentially unsafe application (PUA). PUA cover legit tools that can be exploited for malicious purposes and are disabled by default.
     
  3. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,156
    Marcos,
    thanks for that.

    Still leaves two questions for me:
    1) Is my current out of the box config for V4 less "thorough" or paranoid than my previous V3 set-up? Should I amend my set-up config?

    2) why are jotti and antivirus showing different results for NOD? Are they using different versions?
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,415
    They both have all settings enabled, including potentially unsafe applications (PUA). You can enable PUA individually for each module (ie. real-time, web, email protection, on-demand scanner, etc.) and add the dll to the exclusion list so that it's not detected.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.