SpyMyPC Pro Keylogger found in Vista Beta 2 software.

[Guest]

I found the keylogger program "SpyMyPC Pro" in the
Windows\System32\DriverStore\FileRepository directory.

It's in a Windows Input Printer Driver file.
I used "SPYCOP version 7" to find the keylogger.

I thought it was a false, I installed Vista Beta 2 on a Fresh Hard drive on
a differrent PC, and sure enough the keylogger is there.

I've found the keylogger in the same file on 5 Vista beta 2 PC's.

Microsoft you need to check this out as SpyCop has never given me a FALSE
positive.

 

[Bill Sanderson]

What does SpyCop support have to say about this finding?
What Vista build is this, and what source did you get it from?

 

[Guest]

I left message on Spycop support. Still waiting for reply.

Here's the info:

The dll's in question are: "smpclrc.dll" and "smpclrd.dll"

These dll's are identified as belonging to the "SpyMyPC Pro by Benutec" a
Keyloggin program.

These dll's are located in:

Windows\System32\DriverStore\FileRepository\prnsa001.inf_3632565a\I386
directory.

What's interesting is they are in a SamSung Printer driver directory. Not
that a Korean company would do such a thing? "SONY" comes to mind.

So there's the info, if anyone cares.

BTW I have the Printer that this driver installs and I deleted these dll's
and my printer STILL Functions just FINE, so Hmmmmmmm!!!!!

False positive I don't know, but without these dll's in my system, shouldn't
my printer and it's features not work, or tell me there's a problem?

Food for thought

 

[Tony Hoyle]

I left message on Spycop support. Still waiting for reply.

Here's the info:

The dll's in question are: "smpclrc.dll" and "smpclrd.dll"

Yawn. The *first* hit in google for these files gives:

http://www.fileproperties.com/s/smpclrc.dll.htm

Sounds like spycop is a pile of junk if it's calling microsoft signed
drivers spyware.

Tony

 

[Bill Sanderson]

I'm inclined to think this is a false positive. Given the beta nature of
Vista, I don't think it is too surprising that removing these files doesn't
elicit any apparent failure with regard to printing. Have you verified that
the files are really gone, and haven't been replaced by some protective
mechanism?

I think the likelyhood of a keylogger--especially a known commercial
product--being included in legitimate Vista media is quite low.

All anti-spyware products have a risk for false positives. I wouldn't hold
such an occurrence against a vendor, but I would look carefully at their
response (or lack of)--to such reports.

Since you can grab the .dll files in question, another approach would be to
submit them to, for example, www.virustotal.com and see whether any of the
vendors there identify them as bad. This is not a perfect science--not all
antivirus vendors include spyware in their definition sets, but enough do
that I think this is well worth doing with a file that you believe to be
bad.

--

 

[Guest]

Mike,

Routinely, those third party applications as you describe, intentionally and
wrongly indentify OS Spyware just for tricking you for wrongly believing they
are providing a service.

Please be assured, if you have 5 Vista's running that supposedly contain
Spyware applications;

1) Un-knowingly you installed the Spyware via third party applications.

2) Certain # 1 did not occur because Vista will not allow such malware
deploy within Vista !!!