IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> Behavior similar to PDM.Keylogger detected
JonnyF
post 19.01.2010 14:37
Post #1


Newbie
*

Group: Members
Posts: 3
Joined: 19.01.2010




Hi,

Several legitimate programs (e.g Windows Live Messenger / Newsleecher / TVersity and so on) are being detected with "Behaviour similar to PDM.Keylogger detected" by KIS 2010 9.0.0.736 (a.cool.gif

I have read many posts on this subject, and can get round the issue by adding programs to the exclusion list as detailed.

However, my question is this - why has there suddenly been an increase in these "false positives" necessitating me having to add them to an exclusion list.

Previously they were not detected as such.

Thanks in advance for your help!

Jon.
Go to the top of the page
 
+Quote Post
antikythera
post 19.01.2010 15:14
Post #2


ICT Consultant
*************

Group: Gold beta testers
Posts: 4688
Joined: 11.09.2009
From: The Land That Time Forgot




something the bods at kaspersky added to the malware databases must be triggering them because of similar behaviour to a new type of threat. It is a minor inconvenience but which would you rather? No protection against the new threat or additional false positives? I am getting them on start of Catalyst Control Center now for some reason whereas it didn't happen before too.


--------------------
Nothing to see here, move along!
Go to the top of the page
 
+Quote Post
Berny
post 19.01.2010 16:44
Post #3


Forum Elite
**************

Group: Moderators
Posts: 10829
Joined: 30.10.2007




QUOTE(JonnyF @ 19.01.2010 11:37) *
Several legitimate programs are being detected with "Behaviour similar to PDM.Keylogger detected"


I agree with antikythera , "keep it safe" is the best option.
The last few days i saw "real" (no FP) PDM.Klogger issues.
Sometimes it's not easy to clean this kind of infections ....
Go to the top of the page
 
+Quote Post
JonnyF
post 22.01.2010 23:23
Post #4


Newbie
*

Group: Members
Posts: 3
Joined: 19.01.2010




I agree to a point, but if you get too many false positives the checker becomes useless and annoying - then you install another product!

However I have since re installed Windows 7 64bit, and I no longer have the issues - strange because KIS, Defender and Malwarebytes said everything was clean.

I think a bug in KIS imho....

Cheers,

Jon.
Go to the top of the page
 
+Quote Post
JonnyF
post 5.02.2010 16:29
Post #5


Newbie
*

Group: Members
Posts: 3
Joined: 19.01.2010




QUOTE(JonnyF @ 22.01.2010 19:23) *
I agree to a point, but if you get too many false positives the checker becomes useless and annoying - then you install another product!

However I have since re installed Windows 7 64bit, and I no longer have the issues - strange because KIS, Defender and Malwarebytes said everything was clean.

I think a bug in KIS imho....

Cheers,

Jon.



OK, so I have found the cause of the problem - everything has been fine since the re install... until I installed Pinnacle TV Center - after that just about everything that launch's is reported with this error (PDM keylogger)

Obviously this is really annoying, and I'm not sure where the problem lies... PTV Center is legitimate and "trusted" software - but causes these issues with Kaspersky.

Is this somthing that needs fixing in KIS, or can anyone offer a solution?

Cheers,

Jon.

This post has been edited by JonnyF: 5.02.2010 16:31
Go to the top of the page
 
+Quote Post
Berny
post 5.02.2010 17:03
Post #6


Forum Elite
**************

Group: Moderators
Posts: 10829
Joined: 30.10.2007




QUOTE(JonnyF @ 5.02.2010 13:29) *
PTV Center is legitimateand "trusted" software - but causes these issues with Kaspersky.

Hello,

Many legitimate applications can cause this type of malware-type detection.
This is simply a proactive detection by KIS on legitimate software.
A keylogger is not always a virus or a Trojan.
Did you add the app to the trusted zone ???

This post has been edited by Berny: 5.02.2010 17:04
Go to the top of the page
 
+Quote Post
Tony_the_Turner
post 7.02.2010 14:09
Post #7


Newbie
*

Group: Members
Posts: 5
Joined: 16.11.2008




QUOTE(Berny @ 5.02.2010 13:03) *
Hello,

Many legitimate applications can cause this type of malware-type detection.
This is simply a proactive detection by KIS on legitimate software.
A keylogger is not always a virus or a Trojan.
Did you add the app to the trusted zone ???


It seems that the false positive can be triggered by certain Microsoft and Logitech keyboards which have keys that can be programmed. It seems to be so in my case as I cannot find any software which might give the FP and the only one of three computers (all running the same programs) which has the PDM alert is the one with a Microsoft "Comfort Curve" keyboard which can be programmed.
Go to the top of the page
 
+Quote Post
lapalm
post 7.02.2010 14:28
Post #8


Advanced Member II
****

Group: Members
Posts: 418
Joined: 16.06.2008




QUOTE(JonnyF @ 5.02.2010 07:29) *
OK, so I have found the cause of the problem - everything has been fine since the re install... until I installed Pinnacle TV Center - after that just about everything that launch's is reported with this error (PDM keylogger)

Obviously this is really annoying, and I'm not sure where the problem lies... PTV Center is legitimate and "trusted" software - but causes these issues with Kaspersky.

Is this somthing that needs fixing in KIS, or can anyone offer a solution?

Cheers,

Jon.

I've a few programs in Low Restricted with kis 2009. I like it that way. Kis can limit their activity. Besides, isn't there an option to upload a copy to kas site as a possible false alert and possibly have it removed from future databases?
Go to the top of the page
 
+Quote Post
emmalouise
post 10.02.2010 22:25
Post #9


Newbie
*

Group: Members
Posts: 1
Joined: 10.02.2010




Hi. I keep on getting this message everytime my laptop boots up

10/02/2010 17:52:45 Detected: PDM.Keylogger Absent Keylogger activity kernel mode memory patch Action selected by user

Could anyone let me know what I need to do?

Thanks
Go to the top of the page
 
+Quote Post
dh27564
post 10.02.2010 22:38
Post #10


Posting guru
*************

Group: Members
Posts: 4379
Joined: 6.06.2009
From: KCLE




As long as the detection is for Kernel Mode Memory Patch only and thre is no absolute malware detection you can ignore this or add it to the list of exclusions.
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic

 



Lo-Fi Version Time is now: 23.07.2014 15:03