Second Sight (Key Logger)

[Trem]

Every time the MS Spyware runs it tells me that "Second
Sight"(Key Logger)has been detected and quarantined. It
tells me it is here one day C:\windows\system32
\ktkdhk3.dll or some other place another day. One day it
was referring to the registry and the pointer was to
the "restore" key.

I asked the company iQuesosft.com about this and they
told us that MS Spyware is generating false reports about
their software being installed when it is not. They told
me if there is a folder named "System VolumeID" then the
program is installed. If not, the program is not
installed and the warning is incorrect. I can not find
the folder so I guess we're safe but it is spooky to
think someone could be logging our key strokes and
sending them somewhere without our knowledge.

Anyone else experiencing the same situation as me?

 

[plun]

Every time the MS Spyware runs it tells me that "Second
Sight"(Key Logger)has been detected and quarantined. It
tells me it is here one day C:\windows\system32
\ktkdhk3.dll or some other place another day. One day it
was referring to the registry and the pointer was to
the "restore" key.

Hi

Check your PC with help from this URL:
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=61713

Important !
Also send a suspected spyware report to MS about this, menu
tools within MSAS

 

[RobbieA]

I'd be interested in seeing what the online scan at
TrendMicro has to say about it:

http://housecall.trendmicro.com

Please post back any info to the NewsGroup.

RobbieA

 

[Trem]

Check your PC with help from this URL:
http://www3.ca.com/securityadvisor/pest/pest.aspx?

id=61713
_____________________________________________________
I did check and there is no evidence of the program being
installed.

Trem
________________________________________________________

Important !
Also send a suspected spyware report to MS about this, menu
tools within MSAS

___________________________________________________
I tried and the MS program always gives an error
message. Will not send. Tells me to check my Internet
proxy settings. I have never had a problem with proxy
settings so I'm sure Microsoft has a problem with their
Beta Spyware program.

Trem
_____________________________________________________

 

[plun]

I did check and there is no evidence of the program being
installed.
I tried and the MS program always gives an error
message. Will not send. Tells me to check my Internet
proxy settings. I have never had a problem with proxy
settings so I'm sure Microsoft has a problem with their
Beta Spyware program.

Hi

Good and bad, about your proxy problem this is a wellknown
problem in Beta 1
and will be fixed in Beta 2.

I think this false/positive about a keylogger is
interresting for MS to know so wait for Mr Bill Sanderson to
reply (or maybe Mr Dodson from MS).

 

[Bill Sanderson]

I need to take some time and do a search of these groups--I recall this one
has been reported before here, and I want to check the details.

Microsoft Product Support Services does have free help for issues relating
to virus removal or infection, and security patches.

In the US or Canada, you can call 1-866-pcsafety. In other parts of the
world, call your local Microsoft subsidiary or office. The phone call may
not be free, but the help will be.

A keylogger in place definitely qualifies as a virus issue--you might want
to go through this with PSS just to be sure. If it were real, I would
recommend their help for removal.

I won't be able to do a search and get back to this thread for perhaps
another 6 hours or so.

 

[Bill Sanderson]

I can't find the references I thought I was remembering. There have been
both false postives and genuine experiences with keyloggers recounted in
these groups over time.

I'm leaning towards a false positive in your case, but I can't tell for
sure. The fact that the detected item keeps moving is disturbing--I'd like
to know why that appears to be happening.

I haven't checked all the references others have posted in this thread, but
here's what I would suggest:

You have information from the company that makes the keylogger which
presumably is accurate--and you've used that and haven't found what they
said you would.

You might find another couple of reputable sources that give specifics to
detecting this bug--don't know whether the CA reference has that, Symantec
often has good information of this sort--Sunbelt's Counterspy support web
information can be another good resource. If you can check out the details
against a couple of those sources, and don't find the items, I think you are
safe feeling that this isn't a correct call.

In your case, I'd also want to take the detailed information of exactly what
is found, and try to tie that back to a legitimate piece of software that
you know should be on your machine, and which isn't infected or altered in
some way.

 

[Ron Chamberlin]

Bill,
There was a message about Spector Pro ( a true keylogger) in the signatures
group on the 21st. There have been others tho. FWIW, W32.spybot does a
heckuva job keylogging also.


Ron Chamberlin
MS-MVP