SpySweeper vs Defender: Round 2

[plun]

All,

After some further research this does appear to be a false positive based on
those registry entries.

-Dan from Webroot

Hi Dan again

More "junk" to detect:

http://www.snapfiles.com/downloadfind.php?action=s&st=keylogger

Send these to every protection vendor maybe..........

regards
plun

 

[Guest]

Not only did I check for those Symantec reported files on my PC, I also
submitted Rootkit Revealer and HJT logs to Webroot. No keylogger.
Definitely false positive. There are multiple reports coming in to Webroot.
They say it will be fixed with Definitions updates. Sounds familiar, doesn't
it my fellow Denfender fans!

 

[Guest]

Thanks, Dan and Bill, and all...I understand the possibility of a false
positive in this situation; however, I have been running twice daily Sweeps
with SpySweeper for about a month now. Why just yesterday did SpySweeper
identify this program if as you suggest Bill, it is something that Dell
installed when my Inspiron was built??? Could it be SpySweeper just updated
its defs to include this program? Hmm...and it has been lingering all this
time....???? Interesting.

Rick

 

[Guest]

Amen! Thanks to Dan and Webroot for their diligence and attention and indeed
as Old Rebel mentioned posting in our little family! I guess false positive
can be quite the scare! Time to say, Whew! Oh, I didn't find any of the files
on my system either.

Thanks again to all!!!

Rick

 

[Bill Sanderson]

That's my feeling as well. You don't want to take any chances with a
keylogger, but you also don't want to be unnecessarily alarmed, or to remove
entries that are harmless. I think you've done the right kind of research
to think clearly about this--best of all would be word from the vendor of
the product which made the detection that this is indeed a false postive, of
course.

--

 

[Bill Sanderson]

But be really certain that you are reporting the real thing. We've
definitely seen this, in these forums, I believe, over the year and a
quarter of this beta--but not many times--perhaps less than one hands worth
of fingers, I think.

--

 

[Bill Sanderson]

Updated defs are the most likely trigger--that is exactly how such things
happen--Witness the recent McAfee false positive for a number of
executables, and an earlier one with Microsoft Antispyware, and an antivirus
vendor.

--

 

[Bill Sanderson]

Excellent--sorry--I did see the webroot signature and didn't connect
properly--that was very good of them to post to this thread.

--

 

[Bill Sanderson]

Definitely sounds familiar. I wouldn't hold a false positive against a
vendor--what counts is the response--and it sounds like they have both a
customer forum, and responsive support staff, and are getting this fixed.

--

 

[Bill Sanderson]

Whoops--that reply was appropriate for Rick, but not for Webroot Support.

Thanks for posting this, Dan!

 

[plun]

Hi Bill

Yes we have seen it and for sure more.

What I have noticed is that more and more users ask for them
within different forums and that it is obvious that the asker have no
legitimate needs for a keylogger.

A lot of users also seems to forget that it is an criminal act to plant
a keylogger.

Mitch Dembin, Asst. US Attorney, Southern District, California
explain this in ASCs movie:

http://www.antispywarecoalition.org/events/20060209finalsessionb.ram

All security vendors must come up to an conclusion about this soon and
perhaps the only way is to force it from example FBI/FTC.

Beacuse of sensitive nature with a keylogger and large user groups
which
stands up for the right to use them this is now "mission impossible".
I can compare it with another sensitive issue to carry
guns/weapons............

Especially for US based vendors, they cannot just start to detect them
beacuse of maybe embarrasing findings and scandals.

But they must be controlled and removed from Download.com, Snapfiles
and other download sites.......

I do knows that all security vendors have agreements about some
commercial keyloggers and that is enough.

IMHO

regards
plun

 

[plun]

Not only did I check for those Symantec reported files on my PC, I also

submitted Rootkit Revealer and HJT logs to Webroot. No keylogger.
Definitely false positive. There are multiple reports coming in to Webroot.
They say it will be fixed with Definitions updates. Sounds familiar, doesn't
it my fellow Denfender fans!

Hi Old Rebel

Which application was it ? Was it an Dell "monitoring" app ?
What purpose has it ? Probably then using "director.exe" as
some more apps.

Maybe important to know

regards
plun

 

[Guest]

Question: I currently have the full licensed version of Spysweeper on my pc.
And I love it BTW. Anyway MSN now has Spysweeper for MSN. What will that
do to my original spysweeper if I try to install the MSN one? I'm thinking I
probably don't need to load the MSN version but not sure.