redmaledeer Posted December 14, 2005 Share Posted December 14, 2005 The new Trendmicro online scan, namely http://us.trendmicro-europe.com/housecall/v6.5/?us=2says that I am infected with grayware/spyware KEYL_SE.71724, and gives no further information, and does not say which file is infected. It offers me choices of REMOVAL (deletion?), CLEANUP, and NO ACTION. The hitch is that there is nothing like this in my Registry, my Files, or on Google. Can anyone tell me anything about this? The new Trendmicro also said the same thing last time I ran it. Then I took NO ACTION. And what is the difference beween Deletion and Cleanup? Quote Link to comment Share on other sites More sharing options...
jmatt Posted December 15, 2005 Share Posted December 15, 2005 These may help.KL-Detectorhttp://dewasoft.com/privacy/kldetector.htmhttp://www.winpicks.com/ShowDetails.asp?title=KL%2DDetectorBlackLight Rootkit Elimination Technologyhttp://fileforum.betanews.com/detail/FSecu...ht/1110906204/1http://www.f-secure.com/blacklight/RegAuditor http://www.nsauditor.com/freeware/index.htmlRemoveIT Pro http://www.incodesolutions.com/http://www.incodesolutions.com/removeit.htmRootkitRevealer http://www.sysinternals.com/utilities/rootkitrevealer.htmlhttp://www.sysinternals.com/Files/RootkitRevealer.ziphttp://www.sixfiles.com/dbase/files/sysint...itrevealer.html Quote Link to comment Share on other sites More sharing options...
jmatt Posted December 15, 2005 Share Posted December 15, 2005 2 more to try. Update after installing.a² freehttp://www.emsisoft.com/en/software/free/ewido security suite free for Windows 2000/XP http://www.ewido.net/en/features/http://www.ewido.net/en/download/ Quote Link to comment Share on other sites More sharing options...
striker Posted December 15, 2005 Share Posted December 15, 2005 (edited) redmaladeer,I use this : http://www.snoopfree.com/ Edited December 15, 2005 by striker Quote Link to comment Share on other sites More sharing options...
jmatt Posted December 16, 2005 Share Posted December 16, 2005 (edited) Another point redmaladeer, when these programs find something & you are not sure what to do, stop & put the file into Google.Example, may find TaskSwitch.exeGoogle finds this.http://www.google.com.au/search?hl=en&q=Ta...le+Search&meta=http://process.networktechs.com/taskswitch.exe.phphttp://www.auditmypc.com/process/taskswitch.asp Edited December 16, 2005 by jmatt Quote Link to comment Share on other sites More sharing options...
redmaledeer Posted December 16, 2005 Author Share Posted December 16, 2005 Thank you for the many programs, which I will work my way thru. In the original post I should have mentioned that I run a number of other protective programs and scans. None of these picks up the one that Trendmicro does, which adds to the puzzle. Quote Link to comment Share on other sites More sharing options...
jmatt Posted December 16, 2005 Share Posted December 16, 2005 None of these picks up the one that Trendmicro does, which adds to the puzzle.Quite normal, thousands of new ones are thrown at us each month, the badies are always in front.Takes all the resources of the goodies to keep up, that is why you need a lot more than 1 fix program. Quote Link to comment Share on other sites More sharing options...
Amanjit Posted December 19, 2005 Share Posted December 19, 2005 Congratulations, you just got made...>says that I am infected with grayware/spyware KEYL_SE.71724, and gives no further information, and >does not say which file is infected. It offers me choices of REMOVAL (deletion?), CLEANUP, and NO >ACTION.This is the keylogger "Perfect keylogger lite" (downloadable and free for everyone :-( ), which I installed on my notebook in order to find out how good AV software detects this kind of rubbish. And I was really annoyed that the trendmicro housecall thing does not provide any other usefull information about this, It is treated at the same level as a "tracking cookie ". For the ultra paranoid:I for myself could do a clean install of an operating system without approaching the internet, install servicepacks and all other "safe" apps from disc and keep all of my data on a different partition (I do not use Documents and Settings folder anyway). I could use linux and ntfsclone to clone the system partition to a file on an external usb 2.0 harddrive. Once a week I can simply wipe the system partition with my stored image. Good luck. Quote Link to comment Share on other sites More sharing options...
joulesbeef Posted December 25, 2005 Share Posted December 25, 2005 CLick the big plus.. it will tell you were it is in your registry..most likely just traces left over from a virus removal but anyway.. housecall bothered me until i figured out the big plus. Quote Link to comment Share on other sites More sharing options...
redmaledeer Posted December 28, 2005 Author Share Posted December 28, 2005 This is the keylogger "Perfect keylogger lite" (downloadable and free for everyone :-( ), which I installed on my notebook in order to find out how good AV software detects this kind of rubbish. And I was really annoyed that the trendmicro housecall thing does not provide any other usefull information about this, It is treated at the same level as a "tracking cookie ".Is there any way that I can verify that this is "Perfect keylogger" before I let TrendMicro delete it? Did any other protective program or scan detect this for you? I am of course concerned about false positives. And I don't think TrendMicro makes a backup copy of things it deletes. I run a number of protective programs and scans, and none except TrendMicro picked this up. In particular, when I looked at the "Perfect keylogger" website it seemed to attempt to be invisible, like a Rootkit. But neither Rootkit Revealer nor F-Secure Blacklight Anti-Rootkit saw anything. Or did you figure out that this was "Perfect keylogger" in the following way?: (1)You started out with a clean machine, with TrendMicro detecting nothing. (2)Then you installed "Perfect keylogger" from its website. (3)Then TrendMicro detected KEYL_SE.71724, and that had to be what you had just installed, namely "Perfect keylogger." CLick the big plus.. it will tell you were it is in your registry..most likely just traces left over from a virus removal but anyway.. housecall bothered me until i figured out the big plus.I ran TrendMicro again, and again KEYL_SE.71724 was the only thing it detected. As before, it said, "There is currently no more information available for this grayware/spyware." It lived up to that when I clicked the big plus, because all it gave me were the cleanup options of REMOVAL (deletion?), CLEANUP, and NO ACTION. But it is useful to have the the big plus in mind for the future. Incidentally, I had already searched my registry for traces of this infection using Regedit. Maybe I will try again using something like Registrar Lite. That sometimes sees things that Regedit doesn't. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.