keylogger Options

[dex]

hello,

when i installed the latest version of kis it detected my synTP.sys as keylogger..... i add it on trusted thinking that its one of my driver, hope i did the right thing, if not how can i remove it back... pls advice, thanks...

This post has been edited by dex: 10.12.2006 07:35

[Whizard]

That driver belongs to Touchpads. What is the path to make sure

[biyahero]

That driver belongs to Touchpads. What is the path to make sure

Speaking of Keyloggers, I decided to reinstall Webroot Spysweeper since apparently Don is using it without problems and my subscription is still good for a few more months, and now KIS detects what it is calling a Keylogger as a file from Webroot... C:\WINDOWS\system32\drivers\sskbfd.sys which if I hold my mouse over that file says it is a "Spy Sweeper Keyboard Filter Driver". So I figured it was OK and added it to my Trusted Applications List. However, I continue to get warning about it from KIS and now it is multiple times in my Trusted Applications List. Shouldn't KIS stop warning me about it once I have added it to the trusted applications list?

[nickyboy4]

Speaking of Keyloggers, I decided to reinstall Webroot Spysweeper since apparently Don is using it without problems and my subscription is still good for a few more months, and now KIS detects what it is calling a Keylogger as a file from Webroot... C:\WINDOWS\system32\drivers\sskbfd.sys which if I hold my mouse over that file says it is a "Spy Sweeper Keyboard Filter Driver".  So I figured it was OK and added it to my Trusted Applications List.  However, I continue to get warning about it from KIS and now it is multiple times in my Trusted Applications List.  Shouldn't KIS stop warning me about it once I have added it to the trusted applications list?

I have this exact problem with my logitech mouse setpoint software, add it to trusted but get the pop up for keylogger after every reboot or startup???

[dex]

That driver belongs to Touchpads. What is the path to make sure

thanks for the reply, it was located at system32/drivers/synTP.sys..... here is my screenshot.



This post has been edited by dex: 10.12.2006 10:47

[Don Pelotas]

All these in this thread should be added to the exclusion in the popup you get.

[dex]

thanks Don

[ARMOR]

I had this keylogger and i added in trusted zone
its correct move isnt it????

\Driver\eabfiltr

[Don Pelotas]

I had this keylogger and i added in trusted zone
its correct move isnt it????

\Driver\eabfiltr

Yes, it's the keybord on your HP.

[ARMOR]

THANX

[biyahero]

All these in this thread should be added to the exclusion in the popup you get.

Don I just rebooted and got the popup again, and the choices were to Allow it... which I did... or "Deny" which oddly I think was greyed out.... maybe because it was already in the Trusted Zone (Exclusion Mask list section)?

Then in the bottom of the box was a checkbox to add it to the trusted zone, which I did not check since it is already IN the Trusted Zone.

I tried manually adding it to the "Trusted Applications" List since it was already in the "Exclusions Mask" list, but that didn't work since apparently KIS only allows you to add exe files to that list and this is a sys file.

This post has been edited by biyahero: 11.12.2006 04:30

[Don Pelotas]

You should have added it, my mouse/keybord software also asks twice.

[biyahero]

You should have added it, my mouse/keybord software also asks twice.

Thanks Don. I added it again just now when it asked again when I rebooted.
One odd thing... I noticed this time when it asks, if you click add to Trusted, what it adds says:

Object Name: \Driver\SSKBFD
Verdict Mask: Keylogger system32\drivers\sskbfd.sys
checking task: selected task Proactive Defense

Whereas the first time I had added it, I noticed that the object name said \Driver\SSKBFD when the real directory the file is located in is name Drivers with an "s" and not Driver, so when it asked me the second time... thinking the reason it had asked me again was the path to the object name was wrong because of the omission of the "s" in the "\Driver\SSKBFD ", instead of adding it a second time I edited the original entry to have an object name of the real path to the file:
C:\WINDOWS\system32\drivers\sskbfd.sys

and not that entry in the Exclusions now says:

Object Name: C:\WINDOWS\system32\drivers\sskbfd.sys
Verdict Mask: Keylogger
checking task: selected task Proactive Defense

Nevertheless it asked me again when I rebooted, so this time I just added it again, and now I have one entry that says:

Object Name: C:\WINDOWS\system32\drivers\sskbfd.sys
Verdict Mask: Keylogger
checking task: selected task Proactive Defense

and the one I just added says:

Object Name: \Driver\SSKBFD
Verdict Mask: Keylogger system32\drivers\sskbfd.sys
checking task: selected task Proactive Defense

I just rebooted again and it didn't ask me again, so I guess that works. Thanks!

This post has been edited by biyahero: 11.12.2006 14:37

[Lucian Bara]

Hello
no it's correct \Driver\SSKBFD is not the same as c:\windows\system32\drivers\sskfbd.sys
\driver is used to define the fact that it's a loaded driver and sskbfd is it's name. so the way kav added it is correct.

[biyahero]

Hello
no it's correct \Driver\SSKBFD is not the same as c:\windows\system32\drivers\sskfbd.sys
\driver is used to define the fact that it's a loaded driver and sskbfd is it's name. so the way kav added it is correct.

Thanks Lucian for explaining the difference!

When I get back to that machine I will change the "c:\windows\system32\drivers\sskfbd.sys" back to "\drivers\sskfbd.sys" to match the second entry.

[jin_akanishi]

my kis reconises the game battlefield 2142 the bf2142 exe process as a keylogger i have also read in news that the game came with spyware and adware from the games manufatures for ingame advertisments,my question is should this legal copy legitimate game be allowed as a trusted app considering my kis system is reconising it as a threat

[Lucian Bara]

hello
no it's not because of that. it's because battlefield, like any game that uses direct3d, also uses dinput. dinput can be used for capturing keystrokes by a kelogger as well, since this is a behavioural alert, kis will alert in both cases, games and keyloggers. in this case you can add it to the trusted zone.