Key Logger False?

Actmon PC & Internet Monitoring Commercial Key Logger
came out in the scan on two of my XP Pro machines as a
severe threat. The infected file is windows\system32
\unzdll.dll. I went ahead and cleaned the file. Was this
an error? If so what can I do to recover? I have always
used Spybot and it never showed this file to be a threat.

Files with this name could be either innocent or malicious. Have you
checked the quarantine area, to see whether it's stored there?

Tools, Spyware Scan, Manage Spyware quarantine


"pat" <anonymous@discussions.microsoft.com> wrote in message
news:0ba601c4f5ab$98e47be0$a501280a@phx.gbl...
> Actmon PC & Internet Monitoring Commercial Key Logger
> came out in the scan on two of my XP Pro machines as a
> severe threat. The infected file is windows\system32
> \unzdll.dll. I went ahead and cleaned the file. Was this
> an error? If so what can I do to recover? I have always
> used Spybot and it never showed this file to be a threat.

Hi Bill
I checked and the files were not saved in quarantine.
Perhaps a system restore will bring them back to both
machines? No problems noted on either machine yet.

Thanks
>-----Original Message-----
>Files with this name could be either innocent or
malicious. Have you
>checked the quarantine area, to see whether it's stored
there?
>
>Tools, Spyware Scan, Manage Spyware quarantine
>
>
>"pat" <anonymous@discussions.microsoft.com> wrote in
message
>news:0ba601c4f5ab$98e47be0$a501280a@phx.gbl...
>> Actmon PC & Internet Monitoring Commercial Key Logger
>> came out in the scan on two of my XP Pro machines as a
>> severe threat. The infected file is windows\system32
>> \unzdll.dll. I went ahead and cleaned the file. Was
this
>> an error? If so what can I do to recover? I have always
>> used Spybot and it never showed this file to be a
threat.
>
>
>.
>

System restore will definitely work. It'd be good for you to try to pin
down what third-party product you've knowingly installed relates to that
file. Perhaps there will be copyright information in the file itself that
will help make that clear.

You DON'T want to have a keylogger in place on your machine, so I'd be very
cautious about leaving that file in place if you can't satisfy yourself as
to its origin. Renaming it would be a minimal action to take.

"pat" <anonymous@discussions.microsoft.com> wrote in message
news:112901c4f5af$84da7dd0$a301280a@phx.gbl...
> Hi Bill
> I checked and the files were not saved in quarantine.
> Perhaps a system restore will bring them back to both
> machines? No problems noted on either machine yet.
>
> Thanks
>>-----Original Message-----
>>Files with this name could be either innocent or
> malicious. Have you
>>checked the quarantine area, to see whether it's stored
> there?
>>
>>Tools, Spyware Scan, Manage Spyware quarantine
>>
>>
>>"pat" <anonymous@discussions.microsoft.com> wrote in
> message
>>news:0ba601c4f5ab$98e47be0$a501280a@phx.gbl...
>>> Actmon PC & Internet Monitoring Commercial Key Logger
>>> came out in the scan on two of my XP Pro machines as a
>>> severe threat. The infected file is windows\system32
>>> \unzdll.dll. I went ahead and cleaned the file. Was
> this
>>> an error? If so what can I do to recover? I have always
>>> used Spybot and it never showed this file to be a
> threat.
>>
>>
>>.
>>

I found out what the file is from. It comes with AOPA
Airport Directory. This is a false positive. Also I get
false positives from Jeppesen Flightmap software. MS
Antispyware identifies it as Radlight with four registry
keys.
>-----Original Message-----
>System restore will definitely work. It'd be good for
you to try to pin
>down what third-party product you've knowingly installed
relates to that
>file. Perhaps there will be copyright information in
the file itself that
>will help make that clear.
>
>You DON'T want to have a keylogger in place on your
machine, so I'd be very
>cautious about leaving that file in place if you can't
satisfy yourself as
>to its origin. Renaming it would be a minimal action to
take.
>
>"pat" <anonymous@discussions.microsoft.com> wrote in
message
>news:112901c4f5af$84da7dd0$a301280a@phx.gbl...
>> Hi Bill
>> I checked and the files were not saved in quarantine.
>> Perhaps a system restore will bring them back to both
>> machines? No problems noted on either machine yet.
>>
>> Thanks
>>>-----Original Message-----
>>>Files with this name could be either innocent or
>> malicious. Have you
>>>checked the quarantine area, to see whether it's stored
>> there?
>>>
>>>Tools, Spyware Scan, Manage Spyware quarantine
>>>
>>>
>>>"pat" <anonymous@discussions.microsoft.com> wrote in
>> message
>>>news:0ba601c4f5ab$98e47be0$a501280a@phx.gbl...
>>>> Actmon PC & Internet Monitoring Commercial Key Logger
>>>> came out in the scan on two of my XP Pro machines as
a
>>>> severe threat. The infected file is windows\system32
>>>> \unzdll.dll. I went ahead and cleaned the file. Was
>> this
>>>> an error? If so what can I do to recover? I have
always
>>>> used Spybot and it never showed this file to be a
>> threat.
>>>
>>>
>>>.
>>>
>
>
>.
>

Great. Listing such products here may help. In addition, if you have
contacts with the vendor, you can point them to:

http://support.microsoft.com/kb/892340 Microsoft Windows AntiSpyware (Beta)
identifies a program as a spyware threat (Listing criteria and Dispute
process)

which has a link to a form to help possibly get the issue taken care of.

"pat" <anonymous@discussions.microsoft.com> wrote in message
news:11a801c4f5c9$bd67e1f0$a301280a@phx.gbl...
>I found out what the file is from. It comes with AOPA
> Airport Directory. This is a false positive. Also I get
> false positives from Jeppesen Flightmap software. MS
> Antispyware identifies it as Radlight with four registry
> keys.
>>-----Original Message-----
>>System restore will definitely work. It'd be good for
> you to try to pin
>>down what third-party product you've knowingly installed
> relates to that
>>file. Perhaps there will be copyright information in
> the file itself that
>>will help make that clear.
>>
>>You DON'T want to have a keylogger in place on your
> machine, so I'd be very
>>cautious about leaving that file in place if you can't
> satisfy yourself as
>>to its origin. Renaming it would be a minimal action to
> take.
>>
>>"pat" <anonymous@discussions.microsoft.com> wrote in
> message
>>news:112901c4f5af$84da7dd0$a301280a@phx.gbl...
>>> Hi Bill
>>> I checked and the files were not saved in quarantine.
>>> Perhaps a system restore will bring them back to both
>>> machines? No problems noted on either machine yet.
>>>
>>> Thanks
>>>>-----Original Message-----
>>>>Files with this name could be either innocent or
>>> malicious. Have you
>>>>checked the quarantine area, to see whether it's stored
>>> there?
>>>>
>>>>Tools, Spyware Scan, Manage Spyware quarantine
>>>>
>>>>
>>>>"pat" <anonymous@discussions.microsoft.com> wrote in
>>> message
>>>>news:0ba601c4f5ab$98e47be0$a501280a@phx.gbl...
>>>>> Actmon PC & Internet Monitoring Commercial Key Logger
>>>>> came out in the scan on two of my XP Pro machines as
> a
>>>>> severe threat. The infected file is windows\system32
>>>>> \unzdll.dll. I went ahead and cleaned the file. Was
>>> this
>>>>> an error? If so what can I do to recover? I have
> always
>>>>> used Spybot and it never showed this file to be a
>>> threat.
>>>>
>>>>
>>>>.
>>>>
>>
>>
>>.
>>