Keylogger? Options

[Jarronn]

I didn't get anything like this suspected keylogger warning before. Now I get it rather regularly. I'm wondering if it has anything to do with the fact that I use a Microsoft ergonomic keyboard with my PC.

I would enter the exact keylogger address in my computer, but I don't know how to find it now. I hope you can help. Thanks

[Sjoeii]

Could you post a screenshot please= That way it is easier to see what is happening

[Jarronn]

Could you post a screenshot please= That way it is easier to see what is happening

I don't know how to create a screenshot and I can only see that window when it informs me that keylogger activity is suspected. I don't know how to bring that window up until it says that. What I can do is copy and past the message the next time it happens. It usually happens about once a day or two.

[Jarronn]

I forgot to mention that it started happening after I used the Kaspersky tool to uninstall the old program and put in the 2009 version of Kaspersky

[Jarronn]

Internet security

[Jarronn]

ALRIGHT! GOT IT FOR YA!

And I wasn't even using the keyboard at the time it happened.

It's a Microsoft ergonomics keyboard. I'll never do without one again, if I can help it!Has done wonders for my wrists.

Client Server Runtime Process (events: 1)
Client Server Runtime Process (events: 1)
3/27/2009 11:26:13 AM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\ELKBD.SYS Not terminated: Keylogger
3/27/2009 11:26:13 AM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\ELKBD.SYS Detected: Keylogger
3/27/2009 11:26:13 AM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\ELKBD.SYS Detected: Keylogger
3/27/2009 11:26:13 AM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\MHK.SYS Not terminated: Keylogger
3/27/2009 11:26:13 AM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\MHK.SYS Detected: Keylogger
3/27/2009 11:26:13 AM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\MHK.SYS Detected: Keylogger
3/27/2009 10:25:19 AM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\ELKBD.SYS Not terminated: Keylogger
3/27/2009 10:25:19 AM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\ELKBD.SYS Detected: Keylogger
3/27/2009 10:25:19 AM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\ELKBD.SYS Detected: Keylogger
3/27/2009 10:25:19 AM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\MHK.SYS Not terminated: Keylogger
3/27/2009 10:25:19 AM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\MHK.SYS Detected: Keylogger
3/27/2009 10:25:19 AM Keylogger activity C:\WINDOWS\SYSTEM32\DRIVERS\MHK.SYS Detected: Keylogger

edit: del chunk of very lengthy pasted log.

This post has been edited by richbuff: 28.03.2009 03:24

[Jarronn]

Hey, it happens every around the hour (and on the half-hour) I used the computer. Obviously, it happens whether I am typing or not

This post has been edited by Jarronn: 28.03.2009 00:33

[Jarronn]

Hey, it happens every around the hour (and on the half-hour) I used the computer. Obviously, it happens whether I am typing or not

I sure hope someone here can help me

[richbuff]

Did you try right click entry and select Add to exclusions?

[Jarronn]

Did you try right click entry and select Add to exclusions?

Why should I do that?

I just ran a full scan if there was truly a keylogger that should not be in my computer shouldn't the 2009 Kaspersky Internet security program have caught it? It says everything is fine with my computer.

[richbuff]

Because they are not malware, they are legitimate items that exhibit keylogger behavior. ELKBD.SYS is part of Intel Quick Resume Technology and MHK.SYS is part of Jetico BestCrypt Encryption System.

[Jarronn]

Because they are not malware, they are legitimate items that exhibit keylogger behavior. ELKBD.SYS is part of Intel Quick Resume Technology and MHK.SYS is part of Jetico BestCrypt Encryption System.

Well, that's a relief! It's not some sort of Trojan condom virus. Okay!

So, the next time it shows up I should right-click on...what exactly? and set it to exclusion?

[Jarronn]

I've tried right-clicking on the individual files and I'm not being given any "exclusion" option

[richbuff]

Did you try to right click on the entry in the detection report?

[Jarronn]

Did you try to right click on the entry in the detection report?

It can be so frustrating dealing with you technical people. You assume too much!

What is the "entry in the detection report"? And PLEASE give me a very simple and direct response. Oh, you feel this makes me stupid? Okay, I'll openly admit it I'M STUPID. Direct me as though I am mentally retarded.


Thanks

[rudger79]

Hi.
Click on the big Red & Black "K" in the system tray, lower right of screen. From the screen that opens click on the detected tab, lower right of screen. If the keylogger detection is showing there, right click on it to see if you can add it to exclusions.

[Jarronn]

Hi.
Click on the big Red & Black "K" in the system tray, lower right of screen. From the screen that opens click on the detected tab, lower right of screen. If the keylogger detection is showing there, right click on it to see if you can add it to exclusions.

I clicked on the detected tab and the keylogger detected paths I have already posted were not in there.

What's next?

Thanks

[Jarronn]

Okay, I think I figured out what to do and I thought I would share it so that you can help anyone else who happens to have the same problem:

The small window that opens when I would get the suspected keylogger activity notification would not remain for long if I didn’t click on something. In the upper-right of the window there is a small arrow V. I clicked on that V and I was given the option to disable that notification. I clicked on disabling that particular notification and I hope that will solve the problem.

If that will created more problems in the future I would like to know. I mean, I don’t want ALL notifications for suspected keylogger activity to be disabled.

Thanks

[Jarronn]

Okay, I discovered another method I will share in the hopes that it will help someone else with this problem. For 2009 Kaspersky Internet Security:

At the bottom right of the computer screen double-click on the Kaspersky K that should be in the system tray

At the bottom right of the Kaspersky window that opens click on “Detected”

Towards the (((UPPER-LEFT))), under where the Detected tab is, there is a drop-down window box. Click on the arrow and from the menu click:

All Detected Malware

For me, that ((((FINALLY))))) showed the keylogger alert. Then I clicked on what I wanted to highlighted then right-clicked on the keylogger alert there and chose:

Add to exclusions

The Keylogger alert there then disappeared.

I hope this helps you help anyone else with this problem. If there is anything else I should know please clue me in. I want to be certain any different keylogger alerts are not disabled

Thanks

[Jarronn]

I want to take this opportunity to thank you all for the help you have given me. I apologize if I got frustrated by my stupidity in such matters.

I hope what I shared can help others who may be having the same problem I was having after first installing Kaspersky Internet security 2009


Thanks again!