What is Mini Key Log 2.5?

[byroncheng]

I've ran CounterSpy and it identified something
called 'Mini Key Log 2.5'. Its removal tool removed it..
However, it keeps coming back after I reboot..

is it deadly? how can i remove it for good? something
about its name kinda worries me. :-(

None of the other anti-spyware software i use identified
it. This includes, ad-aware, spybot, MS anti-spyware,
spysweeper, xblock, Norton Anit-Virus.

 

[Ed Barba]

I got the same thing using counterspy plus others and I use 6 good apps
showing nothing. I removed counter spy because I think it is giving you
false positives on purpose to make you buy thier software. Alot of programs
out there try to scare you into buying thier product.
Ed

 

[Spider]

CounterSpy is not in the class of spyware removal software that use scare
tactics. It is legit software using legit methods to detect spyware. That
said, this is a Microsoft AntiSpyware group, not a CounterSpy group. You
both should boot to safe mode and run a scan in safe mode with Microsoft
AntiSpyware. Run the scan twice before booting back to normal mode. If it
still gets detected, submit a spyware report from the menu option.

--

Spider

http://spiderathome.blogspot.com/
http://spider1.blogspot.com/
http://groups.yahoo.com/group/24hrsupporthelpdesk

 

[Ed Barba]

Well I scanned my system with MSAS, Webroot Spy Sweeper, Spyware Doctor,
Spybot S&D 1.3 and Ad-Aware SE 1.05 with the latest definitions in safe mode
and they all say it is clean. Also Trojan Hunter and TDS - 3 and online
scanners with no spyware found. Yet I have had 2 instances of so called key
loggers on my system found with Counter Spy. So how do you explain that?
Ed

 

[Bill Sanderson]

I'm going to try to agree with both of the other responses:

False positives are a fact of life with this class of products--spyware
removers.

You will need to look closely at the actual detailed items detected as the
threat you name

What I've done to help verify things to my satisfaction is searched on the
name of the threat and "sunbelt" and then brought up a detailed page about
the particular threat--showing all the files involved. Check carefully for
the specific executables. This isn't an easy cut and dried thing--because
the name of the executable doesn't matter. What does matter is the MD5 hash
and the fact that a file is executable.

So--even though Spider is correct that the product you are using isn't one
which intentionally markets through fearmongering--you may still have a
false positive.

However, a key logger in place is a BAD THING, so you want to be sure. For
myself, I think I would be reassured that Microsoft Antispyware doesn't find
it--that tends towards false positive, for me. But since there's no
detection list for Microsoft Antispyware, I can't say for sure that it
should have.

 

[plun]

Well I scanned my system with MSAS, Webroot Spy Sweeper, Spyware Doctor,
Spybot S&D 1.3 and Ad-Aware SE 1.05 with the latest definitions in safe mode
and they all say it is clean. Also Trojan Hunter and TDS - 3 and online
scanners with no spyware found. Yet I have had 2 instances of so called key
loggers on my system found with Counter Spy. So how do you explain that?

Hi

Maybe with this........... rootkits !

http://www.europe.f-secure.com/blacklight/

 

[Ed Barba]

Hi Plun, I also checked with this product as well and nothing showed up. I
am reasonably sure that it was either a false positive or a scare tactic.
Ed

 

[Bill Sanderson]

If you are going to invoke rootkits, let's also mention a tool which can
help reveal them:

http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml

The output of this tool requires some care in interpretation--read the help.

And, it can fail completely in the presence of certain features on server
level OS's, and with some antivirus apps in place. However, it can be
useful.
(and I think there's a more prosaic explanation available--false positive.)

 

[Bill Sanderson]

Sorry -- I didn't notice what the link actually led to!

I'll check it out and compare their results to the sysinternals tool.