Spyware, Viruses, & Security forum

General discussion

spyware_keyl_ ?

by CesiaS / January 3, 2007 7:22 PM PST

I posted the question regarding Housecalls scan results on XP forum by mistake, here it is again

After scanning my PC with HouseCalls the following items were found

SPYWARE_KEYL_BOSSEVERYWERE 2x

SPYWARE_KEYL_ASTLOG 2x

I deleted these items as per instruction from Trend Micro, but I would like to know what that was - google search for "spyware_keyl" did not produce any useful results.


I have Win XP sp2 home Ed with all the relevant updates, use Firefox, Zone Alarm and have all the recommended antispyware ( AdAware SE, SpybotSD, Spywareblaster,SpywareGuard, Ewido, Microsoft WinDefender) and Norton Antivirus 2006

My installed antispywares and antivirus report all clean , I would like to know what was running on my PC undetected ?


It's quite a concern that somehow there could have been a security breach, it's my own personal computer, I'm very careful and reasonably experienced.

Over the last few month I had my adult son staying with me and using my PC so maybe he was less vigilant than me.

After scanning my PC with HouseCalls the following items were found

SPYWARE_KEYL_BOSSEVERYWERE 2x

SPYWARE_KEYL_ASTLOG 2x

I deleted these items as per instruction from Trend Micro, but I would like to know what that was - google search for "spyware_keyl" did not produce any useful results.

I have Win XP sp2 home Ed with all the relevant updates, use Firefox, Zone Alarm and have all the recommended antispyware ( AdAware SE, SpybotSD, Spywareblaster,SpywareGuard, Ewido, Microsoft WinDefender) and Norton Antivirus 2006

As I said before my installed antispywares and antivirus reported all clean .

How could I find out more about this?

Thank you
Cesia

Discussion is locked
You are posting a reply to: spyware_keyl_ ?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: spyware_keyl_ ?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Specific Information
by Bugbatter / January 3, 2007 10:49 PM PST
In reply to: spyware_keyl_ ?
Collapse -
How did it get to my PC?
by CesiaS / January 4, 2007 10:52 AM PST
In reply to: Specific Information

The links you provide give aliases , so now I started search in the attempt to figure out how this happened .

I do get pps attachments in Emails, but I only open them after scanning with AVG and Norton. Everything I download ( free software and only well known ones) I scan before installing.

Maybe I should run rootkit revealer more often?

Fortunately as far as I could check no harm done to my bank accounts.

Any suggestion as to what I can do to avoid similar thing happaning again?

I have Win XP Home Ed sp2 with all the relevant updates, use Firefox, Zone Alarm , Norton Antivirus 2006 and have all the recommended antispyware ( AdAware SE, SpybotSD, Spyblaster, Ewido, Windows Defender ) installed.

Thank you Bugbatter.
Cesia

Collapse -
1 of the malware is a Password Cracker
by Donna Buenaventura / January 4, 2007 11:29 AM PST

as per Trend Micro is also known as Tools.Nirsoft by CA antispyware:
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453096648

Did you install that program "Freeware to Reveal Hidden Password"?
"Any suggestion as to what I can do to avoid similar thing happaning again?

I have Win XP Home Ed sp2 with all the relevant updates, use Firefox, Zone Alarm , Norton Antivirus 2006 and have all the recommended antispyware ( AdAware SE, SpybotSD, Spyblaster, Ewido, Windows Defender ) installed.
"
You have the usual recommended security tools in placed (BTW, the other tool you got is SpywareBlaster by Javacool? If so, that's OK. If not, ensure that is really from www.javacoolsoftware.com).

Ensure you have all the latest security patches for your browser and Operating System (and all other software in general).

You should also delete temporary files regularly. You can use freeware: CCleaner - http://www.ccleaner.com or manually get rid of those temp files.

If you are using instant messengers, get the latest version that allow you to disable "links" in the chat window or some new security options.

Configure your browser to prompt you prior loading any browser plug-in or components.

Donna

Collapse -
Donna what about pps attachments?
by CesiaS / January 4, 2007 1:17 PM PST

Thanks for your suggestions.
yes I use CCleaner, delete all temporary files, do not use messenger, do not have Freeware to Reveal Hidden Password, Spywareblaster says it's from Javacool, Firefox prompts before installing plug-ins,I check from time to time that my firewall is running in a stealth mode.

The only add supported software on my PC is Eudora ,my only mail client

Usually I do not open any pps attachments, but recently opened a few after scanning them first in Eudora attachment folder. From what I read it seemed to me that it's ppt not pps file extensions that can cause trouble.

I used blacklights rootkit revealer few month ago - so does this mean it is a " post rootkit scan" infection?

Btw it's the first time I tried HouseCalls, always assumed that my PC is protected enough, well - obviously not

Cesia

Collapse -
PPT or PPS
by Donna Buenaventura / January 4, 2007 2:57 PM PST

Cesia,

Any of them that we'll open can caused issue if infected or corrupted.
Example: Macro viruses can infect pps files since Power Power and Docs uses macros.

Not all can find everything which is why most users will run an online scan in addition of the real-time protection and on-demand scans that the resident antivirus is offering. We need to note too that an antivirus finds virus while antispyware is for spyware. Anti-trojan is for trojans. Anti-malware is for several types of malicious software that does not always categorized as virus. However it depends on the security tool vendor if they rated or classify the risk as spyware, virus, trojan, spyware etc and they are the one who decide whether they'll add it in their detections to help protect users.

Using firefox and other 3rd party application is not the solution too to avoid infection since as we can see, you are using Firefox and Eudora but you got an infection.

Another I can suggest is regulary scan using the resident AV and other tools then run also the online scan for viruses, spyware, hotfixes and etc.

BTW, the other infection that Housecall found in your system is a malware that consists of a trojan and spyware:
http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan-Spy.Win32.BewLoader.b&threatid=55944

Trojans as you we are aware can be installed without user's knowledge or consent so it's really hard to determine how you the infection. Sometimes unwanted emails (aka SPAM) contains malware and it will drop something automatically when a user preview or open the email. I'm not using Eudora so I'm not aware whether Eudora let you view the email as plain text only or your antivirus can scan emails being viewed using Eudora.

Hope this helps.

Collapse -
(NT) Thank you Donna for clarifications (nt)
by CesiaS / January 5, 2007 8:19 AM PST
In reply to: PPT or PPS
Collapse -
(NT) :) You're welcome. Glad we could help
by Donna Buenaventura / January 5, 2007 9:58 AM PST
Collapse -
Donna, about Nirsoft
by CesiaS / January 8, 2007 6:39 AM PST
Collapse -
Yes
by Donna Buenaventura / January 8, 2007 8:17 AM PST
In reply to: Donna, about Nirsoft

I'm referring the said tool which TrendMicro and CA Antispyware is flagging as spyware.

The tool is flagged by them. That's why I asked if you have it installed.

"So is Trend micro possibly showing a false positive ?"
It depends.
SPYWARE_KEYL_ASTLOG is how TrendMicro detected it which is known as Tools.Nirsoft by CA Antispyware.
Like Bugbatter said, "It's up to you to decide if Housecall's findings were accurate or may have been a false positive."
That is if you have the tool as installed and you are using and you are the one who installed it.
TrendMicro flagged it as Spyware (not greyware).

Collapse -
Hotmail safeguards?
by CesiaS / January 8, 2007 9:02 AM PST
In reply to: Yes

Donna, I'm trying to learn more, so I'm grateful for your reply. No I 'm not using the Nirsoft tool. I'm trying to determine if the Housecall's findings could have been false positives.

I read security forum on regular basis, apply recommendations from Cnet.

I use Mailwasher to preview my mails and have Norton set to scan my Eudora mail automatically.

My adult son is using my computer at the moment , he has a hotmail account. Is there a danger of accidental breach of security form using hotmail? If so what should I be looking for?

My Firefox has Netcraft and MCAfee site advisor installed,Adblock enabled , but I had "enable Java Script" set in options since he has been using my PC.

Thank you
Cesia

Collapse -
NoScript
by Donna Buenaventura / January 8, 2007 12:57 PM PST
In reply to: Hotmail safeguards?

Hi,

I'd like to recommend to use NoScript for Firefox
http://www.noscript.net/
It let you turn off the said component and allow it to trusted sites.
Quite useful and helpful extension for FF.

Hotmail is OK. I'm also using hotmail account. As for security issue on hotmail, there are but it's being handled by Microsoft if reported to them and so far, I see their service has improved. Same with gmail and yahoo email services.

OK, if you don't have the said nirsoft tool, it must a false positive by Trend Micro. Have you scanned again using Housecall?

Collapse -
yes scanned twice
by CesiaS / January 8, 2007 1:23 PM PST
In reply to: NoScript

so far no more problems. Will give noScript a go. Thanks again, Donna
Cesia

Collapse -
(NT) Glad to hear all is OK now :-)
by Donna Buenaventura / January 8, 2007 3:39 PM PST
In reply to: yes scanned twice
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?