winkeylog

[Norman]

Hi everyone!

On my virus-scan today, a signature of a "dropper" named
DR/WinKeyLog.503 showed up. Does anyone have a clue what this is? Do I
have to fear that my system has been compromised? Keylogged?

I couldn't find anything with google or at messagelabs.com. The
anti-virus program showed no description either.

Any suggestions would be appreciated,

Norman

 

[null]

Hi everyone!

On my virus-scan today, a signature of a "dropper" named
DR/WinKeyLog.503 showed up. Does anyone have a clue what this is? Do I
have to fear that my system has been compromised? Keylogged?

I couldn't find anything with google or at messagelabs.com. The
anti-virus program showed no description either.

Any suggestions would be appreciated,

A dropper file doesn't necessarily mean you took a hit. Can't you
simply delete the file?


Art
http://www.epix.net/~artnpeg

 

[Norman]

A dropper file doesn't necessarily mean you took a hit. Can't you
simply delete the file?

I did delete the file. What does a dropper do? Can I assume that my
anti-virus program would have found the hit, too, in case my system had
been infected?

It would be great if anyone had information regarding to what exactly
this winkeylog thing might be...

Norman

 

[null]

I did delete the file.
Good.

What does a dropper do?

What the designation implies. It "drops" or "installs" a virus or
Trojan.

Can I assume that my
anti-virus program would have found the hit, too, in case my system had
been infected?

Hopefully It should.

It would be great if anyone had information regarding to what exactly
this winkeylog thing might be...

I didn't find any. I suppose it's another one of these endless
keylogging Trojans proliferating nowdays.


Art
http://www.epix.net/~artnpeg

 

[Woody]

Hi everyone!

On my virus-scan today, a signature of a "dropper" named
DR/WinKeyLog.503 showed up. Does anyone have a clue what this is? Do I
have to fear that my system has been compromised? Keylogged?

I couldn't find anything with google or at messagelabs.com. The
anti-virus program showed no description either.

Any suggestions would be appreciated,

Norman

I got the same message this morning, the file containing the virus has
been on the system for months. It is a software file that is zipped.
I can not find any information regarding virus on AntiVir, the
antivirus software that detected the virus or at Norton.

 

[Norman]

I got the same message this morning, the file containing the virus has
been on the system for months. It is a software file that is zipped.
I can not find any information regarding virus on AntiVir, the
antivirus software that detected the virus or at Norton.

Exactly the same in my case: Using AntiVir with the newest definition
files. The file was old, too. It was a zip-file containing a
digital-camera driver update (from a not very much trusted source, however).

I guess it was a false alarm. Could that be? A program showing the same
signature as some virus? I think I will write a mail to AntiVir
tomorrow, asking what they think.

Norman

 

[null]

I guess it was a false alarm. Could that be? A program showing the same
signature as some virus? I think I will write a mail to AntiVir
tomorrow, asking what they think.

I like to check suspect files with several different av scanners
first. Then only if the file seems to cause a false alarm on product X
would I send a copy (zipped) to Product X's submission address. You
can use resident on-demand scanners and/or av scan file upload sites.

I know this seems to be a bit much for J. Q. Average user who expects
one single av product to do the entire job for him. But that's
actually just wishful thinking. I find that the use of several av
scanners is invaluable. Based on experience, I don't trust any one
single scanner.

BTW, for what it's worth, AntVir has a reputation for false alarming.


Art
http://www.epix.net/~artnpeg