1 2 3 4 Previous Next 34 Replies Latest reply on Oct 27, 2009 2:57 PM by exbrit

    Key Logger Quarrantined as Trojan

      I have had a key logger installed for many years on my PC and in the past VirusScan has flagged it and left it alone once I ID'd it as OK. The other day I got a notification that one of the .dll files for this program was removed as a suspected Trojan and won't let me restore it. I assume if I go search for the file and restore manually the problem will keep occurring??

      Installed versions are:
      Security Center 9.15
      Virus Scan 13.15

      Thanks for any feedback,
        • 1. RE: Key Logger Quarrantined as Trojan
          exbrit
          It isn't surprising that a keylogger would be identified as those applications operate on similar principles to many types of malware.

          See this sticky on what you can try: http://community.mcafee.com/showthread.php?t=233662
          • 2. RE: Key Logger Quarrantined as Trojan
            Agree not surprising it was detected (as it had been previously) What is surprising (and annoying) is that the file was quarantined after being specifically told to ignore it. The file has been submitted to McAfee and webimmune which replied with this:

            "Our analysis detected a potentially unwanted program or joke program with our current DAT files and engine. It is recommended that you update your DAT and engine files and scan your computer again.
            If you are not seeing this with the product you are using, please speak with technical support so that they can help you determine the cause of this discrepancy."

            So what does that mean and how do we get VirusScan to cease quarantining files without first asking permission (as it has always done previously)? Common sense (and logic) would dictate that once a file is restored it should be accepted henceforth. Yes, no??
            • 3. RE: Key Logger Quarrantined as Trojan
              exbrit
              I would have replied to that email stating that it continues to be detected and can they do something about it.
              • 4. RE: Key Logger Quarrantined as Trojan
                They didn't send an email You get an account with a link that gives this result:
                ==================================================

                Avert(r) Labs WebImmune


                View Analysis
                • Log out
                • Change password
                • Submit a file
                • Update registration
                • My Account
                • Frequently Asked Questions
                • Instructions For Use
                McAfee Labs - Beaverton
                Current Scan Engine Version:5300.2777
                Current DAT Version:5774.0000
                Thank you for your submission.

                Analysis ID: 5583210
                Name Findings Detection Type Extra
                thehook.dll current detection generic pup.e Application no

                current detection [ thehook.dll ]
                Our analysis detected a potentially unwanted program or joke program with our current DAT files and engine. It is recommended that you update your DAT and engine files and scan your computer again.
                If you are not seeing this with the product you are using, please speak with technical support so that they can help you determine the cause of this discrepancy.


                Regards,



                McAfee Labs
                ===================================================
                There is no way to respond and the "Contact Us" results in a blank screen. Based on their FAQ this seems to be a site that evaluates files that the submitter suspects may have a virus which was not the purpose for submitting it. Since the Avert site seems to think the file is virus related (when it in fact isn't) nothing is probably going to change.
                • 5. RE: Key Logger Quarrantined as Trojan
                  exbrit
                  They will send an email if you submit it by email. I refer to that method in that link.
                  • 6. RE: Key Logger Quarrantined as Trojan
                    Their FAQ would seem to advise against this. Quote:
                    ==========================================================
                    Should I send samples to WebImmune and e-mail them to Avert(r) Labs?
                    No, you only need to submit the sample to Avert(r) Labs once. The only exception is if WebImmune prompts you to send to Avert(r) Labs via e-mail. This will usually be the case if the file is over three megabytes in size.
                    ==========================================================
                    • 7. RE: Key Logger Quarrantined as Trojan
                      exbrit
                      From personal experience I find that if you don't pester them sometimes nothing gets done. I would do it anyway.
                      • 8. RE: Key Logger Quarrantined as Trojan
                        Since they already have the file and have apparently identified it (wrongly) as malware will this make any difference?

                        How do we return to the mode where the user (and payer for the software) decides when a file or application should be quarrantined or left alone? This is like hiring a security firm to watch you property and they keep turning in a member of your household for B & E. Would you keep paying this group?
                        • 9. RE: Key Logger Quarrantined as Trojan
                          exbrit
                          If they say wrongly that it is an infection nothing will ever change until someone convinces them otherwise.

                          VirusScan home can only be told to ignore something identified as a PUP, not as any other type of malware.

                          We've been asking to have the feature reintroduced for ages and have thus far been ignored.

                          It was a feature several years back and still is with the corporate editions.
                          1 2 3 4 Previous Next