cancel
Showing results for 
Search instead for 
Did you mean: 
jff6791
Level 7

Key Logger Quarrantined as Trojan

I have had a key logger installed for many years on my PC and in the past VirusScan has flagged it and left it alone once I ID'd it as OK. The other day I got a notification that one of the .dll files for this program was removed as a suspected Trojan and won't let me restore it. I assume if I go search for the file and restore manually the problem will keep occurring??

Installed versions are:
Security Center 9.15
Virus Scan 13.15

Thanks for any feedback,
Tags (1)
0 Kudos
34 Replies
exbrit
Level 21

RE: Key Logger Quarrantined as Trojan

It isn't surprising that a keylogger would be identified as those applications operate on similar principles to many types of malware.

See this sticky on what you can try: http://community.mcafee.com/showthread.php?t=233662
0 Kudos
jff6791
Level 7

RE: Key Logger Quarrantined as Trojan

Agree not surprising it was detected (as it had been previously) What is surprising (and annoying) is that the file was quarantined after being specifically told to ignore it. The file has been submitted to McAfee and webimmune which replied with this:

"Our analysis detected a potentially unwanted program or joke program with our current DAT files and engine. It is recommended that you update your DAT and engine files and scan your computer again.
If you are not seeing this with the product you are using, please speak with technical support so that they can help you determine the cause of this discrepancy."

So what does that mean and how do we get VirusScan to cease quarantining files without first asking permission (as it has always done previously)? Common sense (and logic) would dictate that once a file is restored it should be accepted henceforth. Yes, no??
0 Kudos
exbrit
Level 21

RE: Key Logger Quarrantined as Trojan

I would have replied to that email stating that it continues to be detected and can they do something about it.
0 Kudos
jff6791
Level 7

RE: Key Logger Quarrantined as Trojan

They didn't send an email You get an account with a link that gives this result:
==================================================

Avert(r) Labs WebImmune


View Analysis
• Log out
• Change password
• Submit a file
• Update registration
• My Account
• Frequently Asked Questions
• Instructions For Use
McAfee Labs - Beaverton
Current Scan Engine Version:5300.2777
Current DAT Version:5774.0000
Thank you for your submission.

Analysis ID: 5583210
Name Findings Detection Type Extra
thehook.dll current detection generic pup.e Application no

current detection [ thehook.dll ]
Our analysis detected a potentially unwanted program or joke program with our current DAT files and engine. It is recommended that you update your DAT and engine files and scan your computer again.
If you are not seeing this with the product you are using, please speak with technical support so that they can help you determine the cause of this discrepancy.


Regards,



McAfee Labs
===================================================
There is no way to respond and the "Contact Us" results in a blank screen. Based on their FAQ this seems to be a site that evaluates files that the submitter suspects may have a virus which was not the purpose for submitting it. Since the Avert site seems to think the file is virus related (when it in fact isn't) nothing is probably going to change.
0 Kudos
exbrit
Level 21

RE: Key Logger Quarrantined as Trojan

They will send an email if you submit it by email. I refer to that method in that link.
0 Kudos
jff6791
Level 7

RE: Key Logger Quarrantined as Trojan

Their FAQ would seem to advise against this. Quote:
==========================================================
Should I send samples to WebImmune and e-mail them to Avert(r) Labs?
No, you only need to submit the sample to Avert(r) Labs once. The only exception is if WebImmune prompts you to send to Avert(r) Labs via e-mail. This will usually be the case if the file is over three megabytes in size.
==========================================================
0 Kudos
exbrit
Level 21

RE: Key Logger Quarrantined as Trojan

From personal experience I find that if you don't pester them sometimes nothing gets done. I would do it anyway.
0 Kudos
jff6791
Level 7

RE: Key Logger Quarrantined as Trojan

Since they already have the file and have apparently identified it (wrongly) as malware will this make any difference?

How do we return to the mode where the user (and payer for the software) decides when a file or application should be quarrantined or left alone? This is like hiring a security firm to watch you property and they keep turning in a member of your household for B & E. Would you keep paying this group?
0 Kudos
exbrit
Level 21

RE: Key Logger Quarrantined as Trojan

If they say wrongly that it is an infection nothing will ever change until someone convinces them otherwise.

VirusScan home can only be told to ignore something identified as a PUP, not as any other type of malware.

We've been asking to have the feature reintroduced for ages and have thus far been ignored.

It was a feature several years back and still is with the corporate editions.
0 Kudos