hello,
when i installed the latest version of kis it detected my synTP.sys as keylogger..... i add it on trusted thinking that its one of my driver, hope i did the right thing, if not how can i remove it back... pls advice, thanks...
Full Version: keylogger
That driver belongs to Touchpads. What is the path to make sure 
QUOTE(Whizard @ 10.12.2006 16:09)
That driver belongs to Touchpads. What is the path to make sure
Speaking of Keyloggers, I decided to reinstall Webroot Spysweeper since apparently Don is using it without problems and my subscription is still good for a few more months, and now KIS detects what it is calling a Keylogger as a file from Webroot... C:\WINDOWS\system32\drivers\sskbfd.sys which if I hold my mouse over that file says it is a "Spy Sweeper Keyboard Filter Driver". So I figured it was OK and added it to my Trusted Applications List. However, I continue to get warning about it from KIS and now it is multiple times in my Trusted Applications List. Shouldn't KIS stop warning me about it once I have added it to the trusted applications list?
QUOTE(biyahero @ 10.12.2006 02:54)
Speaking of Keyloggers, I decided to reinstall Webroot Spysweeper since apparently Don is using it without problems and my subscription is still good for a few more months, and now KIS detects what it is calling a Keylogger as a file from Webroot... C:\WINDOWS\system32\drivers\sskbfd.sys which if I hold my mouse over that file says it is a "Spy Sweeper Keyboard Filter Driver". So I figured it was OK and added it to my Trusted Applications List. However, I continue to get warning about it from KIS and now it is multiple times in my Trusted Applications List. Shouldn't KIS stop warning me about it once I have added it to the trusted applications list?
I have this exact problem with my logitech mouse setpoint software, add it to trusted but get the pop up for keylogger after every reboot or startup???
QUOTE(Whizard @ 10.12.2006 09:09)
That driver belongs to Touchpads. What is the path to make sure
thanks for the reply, it was located at system32/drivers/synTP.sys..... here is my screenshot.
All these in this thread should be added to the exclusion in the popup you get.
thanks Don
I had this keylogger and i added in trusted zone
its correct move isnt it????
\Driver\eabfiltr
its correct move isnt it????
\Driver\eabfiltr
QUOTE(ARMOR @ 10.12.2006 17:52)
I had this keylogger and i added in trusted zone
its correct move isnt it????
\Driver\eabfiltr
its correct move isnt it????
\Driver\eabfiltr
Yes, it's the keybord on your HP.
THANX
QUOTE(Don Pelotas @ 10.12.2006 18:46)
All these in this thread should be added to the exclusion in the popup you get.
Don I just rebooted and got the popup again, and the choices were to Allow it... which I did... or "Deny" which oddly I think was greyed out.... maybe because it was already in the Trusted Zone (Exclusion Mask list section)?
Then in the bottom of the box was a checkbox to add it to the trusted zone, which I did not check since it is already IN the Trusted Zone.
I tried manually adding it to the "Trusted Applications" List since it was already in the "Exclusions Mask" list, but that didn't work since apparently KIS only allows you to add exe files to that list and this is a sys file.
You should have added it, my mouse/keybord software also asks twice.
QUOTE(Don Pelotas @ 11.12.2006 15:31)
You should have added it, my mouse/keybord software also asks twice.
Thanks Don. I added it again just now when it asked again when I rebooted.
One odd thing... I noticed this time when it asks, if you click add to Trusted, what it adds says:
Object Name: \Driver\SSKBFD
Verdict Mask: Keylogger system32\drivers\sskbfd.sys
checking task: selected task Proactive Defense
Whereas the first time I had added it, I noticed that the object name said \Driver\SSKBFD when the real directory the file is located in is name Drivers with an "s" and not Driver, so when it asked me the second time... thinking the reason it had asked me again was the path to the object name was wrong because of the omission of the "s" in the "\Driver\SSKBFD ", instead of adding it a second time I edited the original entry to have an object name of the real path to the file:
C:\WINDOWS\system32\drivers\sskbfd.sys
and not that entry in the Exclusions now says:
Object Name: C:\WINDOWS\system32\drivers\sskbfd.sys
Verdict Mask: Keylogger
checking task: selected task Proactive Defense
Nevertheless it asked me again when I rebooted, so this time I just added it again, and now I have one entry that says:
Object Name: C:\WINDOWS\system32\drivers\sskbfd.sys
Verdict Mask: Keylogger
checking task: selected task Proactive Defense
and the one I just added says:
Object Name: \Driver\SSKBFD
Verdict Mask: Keylogger system32\drivers\sskbfd.sys
checking task: selected task Proactive Defense
I just rebooted again and it didn't ask me again, so I guess that works. Thanks!
Hello
no it's correct \Driver\SSKBFD is not the same as c:\windows\system32\drivers\sskfbd.sys
\driver is used to define the fact that it's a loaded driver and sskbfd is it's name. so the way kav added it is correct.
no it's correct \Driver\SSKBFD is not the same as c:\windows\system32\drivers\sskfbd.sys
\driver is used to define the fact that it's a loaded driver and sskbfd is it's name. so the way kav added it is correct.
QUOTE(lucianbara @ 11.12.2006 21:40)
Hello
no it's correct \Driver\SSKBFD is not the same as c:\windows\system32\drivers\sskfbd.sys
\driver is used to define the fact that it's a loaded driver and sskbfd is it's name. so the way kav added it is correct.
no it's correct \Driver\SSKBFD is not the same as c:\windows\system32\drivers\sskfbd.sys
\driver is used to define the fact that it's a loaded driver and sskbfd is it's name. so the way kav added it is correct.
Thanks Lucian for explaining the difference!
When I get back to that machine I will change the "c:\windows\system32\drivers\sskfbd.sys" back to "\drivers\sskfbd.sys" to match the second entry.
my kis reconises the game battlefield 2142 the bf2142 exe process as a keylogger i have also read in news that the game came with spyware and adware from the games manufatures for ingame advertisments,my question is should this legal copy legitimate game be allowed as a trusted app considering my kis system is reconising it as a threat
hello
no it's not because of that. it's because battlefield, like any game that uses direct3d, also uses dinput. dinput can be used for capturing keystrokes by a kelogger as well, since this is a behavioural alert, kis will alert in both cases, games and keyloggers. in this case you can add it to the trusted zone.
no it's not because of that. it's because battlefield, like any game that uses direct3d, also uses dinput. dinput can be used for capturing keystrokes by a kelogger as well, since this is a behavioural alert, kis will alert in both cases, games and keyloggers. in this case you can add it to the trusted zone.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.