SpyMyPC Pro found Vista Beta 2 product

[Guest]

You Might want t scan your Vista Beta 2 PC's for the keylogger program
"SpyMyPC Pro"

i installed SpyCop, an Anti-Keylogger program, and was NOT Happy to find a
Keylogger Program s part of the Vista Software.

The keylogger resides in the Windows\Syste32\DriveStore\FileRepository
directory.

The keylogger is in a Windows Input Printer Driver file.

You need the latest version of SpyCop to find the Keylogger dll's

Microsoft, you need to do some better Internal security checks.

Have a great day!!!!!

 

[Peter M]

Spycop has given false positives before and there's no program that will
give 100% non-false. OTOH if you dl'd your vista from a torrent all bets are
off. Interestingly you won't name the file.

 

[Raven Mill]

Sounds like an ad for SpyCop ...

 

[Guest]

It's not an AD for SpyCop, and yes I will name the suspect dll's tomorrow,
when I load Vista on another PC. I already deleted the two dll's with SpyCop.

Sorry about not listing them.

I will list them tommorrow.

 

[Mark D. VandenBerg]

Agreed.

 

[Guest]

I left message on Spycop support. Still waiting for reply.

Here's the info:

The dll's in question are: "smpclrc.dll" and "smpclrd.dll"

These dll's are identified as belonging to the "SpyMyPC Pro by Benutec" a
Keyloggin program.

These dll's are located in:

Windows\System32\DriverStore\FileRepository\prnsa001.inf_3632565a\I386
directory.

What's interesting is they are in a SamSung Printer driver directory. Not
that a Korean company would do such a thing? "SONY" comes to mind.

So there's the info, if anyone cares.

BTW I have the Printer that this driver installs and I deleted these dll's
and my printer STILL Functions just FINE, so Hmmmmmmm!!!!!

False positive I don't know, but without these dll's in my system, shouldn't
my printer and it's features not work, or tell me there's a problem?

Food for thought

 

[Mark D. VandenBerg]

I left message on Spycop support. Still waiting for reply.

Here's the info:

The dll's in question are: "smpclrc.dll" and "smpclrd.dll"

These dll's are identified as belonging to the "SpyMyPC Pro by Benutec" a
Keyloggin program.

These dll's are located in:

Windows\System32\DriverStore\FileRepository\prnsa001.inf_3632565a\I386
directory.

What's interesting is they are in a SamSung Printer driver directory. Not
that a Korean company would do such a thing? "SONY" comes to mind.

So there's the info, if anyone cares.

BTW I have the Printer that this driver installs and I deleted these dll's
and my printer STILL Functions just FINE, so Hmmmmmmm!!!!!

False positive I don't know, but without these dll's in my system,
shouldn't
my printer and it's features not work, or tell me there's a problem?

Food for thought

As was asked, but not answered, in your other thread, "What build number,
and from where did you obtain your copy?"

In 5384.4 x64, that directory does not exist.

 

[Jane C]

http://www.fileproperties.com/s/smpclrc.dll.htm

http://www.fileproperties.com/s/smpclrd.dll.htm

It may just be a false positive, especially if the keylogging program in
question uses a similar filename.

 

[Jane C]

C:\Windows\System32\DriverStore\FileRepository\prnsa001.inf_92e71c3e in
Vista 5384.4 x64 which has an Amd64 folder instead of i386, and yes,
those 2 .dlls are in there

 

[Raven Mill]

As was asked, but not answered, in your other thread, "What build number,
and from where did you obtain your copy?"

In 5384.4 x64, that directory does not exist.

I also have no such folder. I have an Intel system, same build as Mark.

No folder:
Windows\System32\DriverStore\FileRepository\prnsa001.inf_3632565a

Where did you get your copy of Vista?

 

[Raven Mill]

Yawn. The *first* hit in google for these files gives:

http://www.fileproperties.com/s/smpclrc.dll.htm

Sounds like spycop is a pile of junk if it's calling microsoft signed
drivers spyware.

Yep...

Mike, just for the record, and I consider myself somewhat of an expert on
this only because, for my radio show, I test a LOT of
anti-virus/spyware/adware utilities. One thing I've noticed with these is
that, not only do many of them give false positives, or even some that "find
spyware" which is NOT spyware, just to make you think you need to buy the
program to "fix" your PC.

Also, it says it has been tested to run on Vista Beta but isn't supported,
(That means it probably doesn't work well) and some features don't work on
x64 version of Vista Beta. So you really should find a utility that is
shown to work with the OS you're using it on.

 

[Jeff]

Hi,
According to Fileproperties.com; those dll's in question are as follows:
Windows Vista
SMPCLRC.DLL


Windows, Vista, Operating System, Winfs
Samsung Printer Driver
Microsoft® Windows® Operating System

Windows Vista
SMPCLRD.DLL



Windows, Vista, Operating System, Winfs
plug-in
Samsung


Um,

And they are in the build from MSFT themselves; at least in build 5472

Jeff

 

[Bill Sanderson]

So--has anyone passed them by the vendors represented at www.virustotal.com
for example?

I'm still of the opinion that this is a false positive--the other question I
have is whether these files are signed by Microsoft--your evidence seems to
point in that direction, but I'd like to be sure.

--

 

[Raven Mill]

Bill...

I decided to change the subject line, as the old one makes it seem like
we're all actually considering this real, and not the fact that someone
opened their crack before thinking...

It's definately a false positive.

Several factors were the keys:

a: The files were part of a PRINTER DRIVER. If you're going to put a key
logger somewhere, that's got to be the dumbest place to do it.

b: It was the printer driver that came on the Vista disk itself, so yes,
they were MS signed files. (I assume that ALL the drivers ON the Vista
disk are MS-signed...can't imagine that they wouldn't be...)

c: SpyCop, the utility that found the "infected files" says right on their
site that the program doesn't work correctly on Vista x64, which is where
they had it installed.

d: Every anti-spyware vendor around OTHER than SpyCop says those files are
NOT infected with a keylogger.

e: Anytime a utility vendor DOESN'T respond to such an obviously horrid
"infection", you can pretty well be assured that even THEY think it's
nothing to bother with.

So, just for the record folks... WINDOWS VISTA IS A BETA AND ANY ANTISPYWARE
UTILITY OUT AT THE MOMENT IS EVEN *LESS* OFFICIAL.

At THIS time, if you come up with a "hit" on your AV, etc...check it with
OTHER utilities to see if THEY come up with the same thing before you start
posting on the newsgroups that Vista is infected with whatever.

 

[Bill Sanderson]

Thanks, and I agree. In fact, the bit of evidence that was probably telling
at the beginning was that deleting these "keylogger" files had no effect on
the operation of the PC. In my limited experience, removing a keylogger in
place is a very sticky operation--usually a reinstall of Windows seems to be
needed to get it right.

I don't know of any antispyware that can claim never to have false
positives--this one isn't as disastrous as, say, one which suggests that the
user remove their antivirus protection, which has happened in reasonably
recent memory.