PDM.Keylogger

[rasikalokuge]

PDM.Keylogger Detected By Kaspersky Pure. Please let me know how to remove this

[richbuff]

Please post the full, complete detection details. Post screenshot of Detected > Active threats.

With columns widened to show full detected and name and object and path/location details.

 

How to take and post screenshot: PrtSc (Print screen) key (upper right part of keyboard)> open Paint (Start > All programs > Accessories) > Edit > Paste, File > Save as (jpeg or

png, Not bmp). When replying, Browse > click once to select file > Open > Upload > add reply.

[aa11]

Hi,

 

I got similar problem too. I copied part of the report on Proactive Defense here. Also in the detected threat, it shows it as "legal software that can be used criminals for damaging computer PDM.Keylogger", Type: Running Process, Name and Path: Kernel Mode memory patch with Medium severity. Please advise.

-------------------------------------------------------------------------------------------------------------------------------------------

4/18/2011 8:50:50 AM Task started Subsystem Proactive Defense Kaspersky PURE

4/18/2011 8:54:50 AM Task started Subsystem Proactive Defense Kaspersky PURE

4/18/2011 8:56:23 AM Task started Subsystem Proactive Defense Kaspersky PURE

4/18/2011 8:57:34 AM Task started Subsystem Proactive Defense Kaspersky PURE

4/18/2011 10:51:54 AM Task started Subsystem Proactive Defense Kaspersky PURE

4/18/2011 10:51:59 AM Detected: PDM.Keylogger Driver file kernel mode memory patch Absent

4/18/2011 10:51:59 AM Detected: PDM.Keylogger Driver file kernel mode memory patch Action selected by user Absent

4/18/2011 10:55:50 AM Task started Subsystem Proactive Defense Kaspersky PURE

4/18/2011 10:55:58 AM Detected: PDM.Keylogger Driver file kernel mode memory patch Absent

4/18/2011 10:55:58 AM Detected: PDM.Keylogger Driver file kernel mode memory patch Action selected by user Absent

4/18/2011 11:50:44 AM Task started Subsystem Proactive Defense Kaspersky PURE

4/18/2011 11:51:49 AM Task started Subsystem Proactive Defense Kaspersky PURE

4/18/2011 2:04:38 PM Task started Subsystem Proactive Defense Kaspersky PURE

4/18/2011 10:01:08 PM Task started Subsystem Proactive Defense Kaspersky PURE

4/20/2011 9:40:26 AM Task started Subsystem Proactive Defense Kaspersky PURE

4/20/2011 10:48:07 PM Task started Subsystem Proactive Defense Kaspersky PURE

4/26/2011 9:10:22 AM Task started Subsystem Proactive Defense Kaspersky PURE

4/26/2011 9:11:57 AM Task started Subsystem Proactive Defense Kaspersky PURE

4/26/2011 9:12:04 AM Detected: PDM.Keylogger Driver file kernel mode memory patch Absent

4/26/2011 9:12:04 AM Detected: PDM.Keylogger Driver file kernel mode memory patch Action selected by user Absent

4/28/2011 9:05:48 AM Task started Subsystem Proactive Defense Kaspersky PURE

4/29/2011 6:25:26 AM Task started Subsystem Proactive Defense Kaspersky PURE

4/29/2011 6:38:28 AM Task started Subsystem Proactive Defense Kaspersky PURE

4/29/2011 6:59:42 AM Task started Subsystem Proactive Defense Kaspersky PURE

4/29/2011 7:02:04 AM Task started Subsystem Proactive Defense Kaspersky PURE

4/29/2011 7:08:05 AM Task started Subsystem Proactive Defense Kaspersky PURE

4/29/2011 10:06:05 AM Task started Subsystem Proactive Defense Kaspersky PURE

4/29/2011 10:07:28 AM Detected: PDM.Keylogger Driver file kernel mode memory patch Absent

4/29/2011 10:07:28 AM Detected: PDM.Keylogger Driver file kernel mode memory patch Action selected by user Absent

5/1/2011 10:13:43 PM Task started Subsystem Proactive Defense Kaspersky PURE

5/1/2011 10:15:02 PM Detected: PDM.Keylogger Driver file kernel mode memory patch Absent

5/1/2011 10:15:02 PM Detected: PDM.Keylogger Driver file kernel mode memory patch Action selected by user Absent

5/1/2011 10:37:25 PM Task started Subsystem Proactive Defense Kaspersky PURE

5/1/2011 10:42:07 PM Task started Subsystem Proactive Defense Kaspersky PURE

-----------------------------------------------------------------------------------------------------------------------------------------------------------

 

Thanks.

 

Arshia.

[richbuff]

...Absent.

Welcome. Please right click the Absent detection and Add to exclusions.

[rhosddured]

Hi,

I've got the same problem with PDM. keylogger being detected.

 

Any help appreciated. Cheers.

 

03/05/2011 06:54:08 Anti-Spam Task started Kaspersky PURE Anti-Spam

03/05/2011 06:54:08 Firewall Task started Kaspersky PURE Firewall

03/05/2011 06:54:08 File Anti-Virus Task started Kaspersky PURE File Anti-Virus

03/05/2011 06:54:08 Application Control Task started Kaspersky PURE Application Control

03/05/2011 06:54:08 IM Anti-Virus Task started Kaspersky PURE IM Anti-Virus

03/05/2011 06:54:08 Proactive Defense Task started Kaspersky PURE Proactive Defense

03/05/2011 06:54:08 Network Attack Blocker Task started Kaspersky PURE Network Attack Blocker

03/05/2011 06:54:08 Mail Anti-Virus Task started Kaspersky PURE Mail Anti-Virus

03/05/2011 06:54:08 Web Anti-Virus Task started Kaspersky PURE Web Anti-Virus

03/05/2011 06:54:20 Proactive Defense Detected: PDM.Keylogger Absent Keylogger activity kernel mode memory patch

03/05/2011 06:54:21 Proactive Defense Detected: PDM.Keylogger Absent Keylogger activity kernel mode memory patch Action selected by user

03/05/2011 06:54:23 Protection Center Your computer is protected Kaspersky PURE

03/05/2011 06:55:36 Update Center Task started Kaspersky PURE Update Center

03/05/2011 06:56:44 Objects Scan Task started Kaspersky PURE Quick Scan

03/05/2011 06:57:05 Objects Scan Task completed Kaspersky PURE Quick Scan

03/05/2011 06:57:59 Application Control AntiSpyware Definition Update Application moved to group Trusted Signed by the digital signature of entrusted manufacturers

03/05/2011 06:58:01 Application Control Microsoft Antimalware Signature Redirector Application moved to group Trusted Signed by the digital signature of entrusted manufacturers

03/05/2011 07:20:58 Objects Scan Task started Kaspersky PURE Quick Scan

03/05/2011 07:21:30 Objects Scan Task completed Kaspersky PURE Quick Scan

03/05/2011 07:24:21 Objects Scan Task started Kaspersky PURE Rootkit Scan

03/05/2011 07:30:32 Objects Scan Task completed Kaspersky PURE Rootkit Scan

 

[richbuff]

...Absent.

Welcome. Please right click the Absent detection that is located in All detected, and Add to exclusions.

[rhosddured]

Will do.

 

Thanks for your help. Cheers.

[Sunny2011]

Please post the full, complete detection details. Post screenshot of Detected > Active threats.

With columns widened to show full detected and name and object and path/location details.

 

How to take and post screenshot: PrtSc (Print screen) key (upper right part of keyboard)> open Paint (Start > All programs > Accessories) > Edit > Paste, File > Save as (jpeg or

png, Not bmp). When replying, Browse > click once to select file > Open > Upload > add reply.

 

New Kaspersky user...still figuring things out. Got Keylogger notification I'm I supposed to do anything about it or is it an autofix? What causes it? took screen shot too big...

 

5/5/2011 3:40:24 AM Proactive Defense Detected: PDM.Keylogger Absent Keylogger activity kernel mode memory patch

Edited May 5, 2011 by Sunnyface

[richbuff]

Welcome. Active threats > Save button > please attach the saved text.

 

Absent

If that is the Only item for kernel mode memory patch, then you can right click the detection and Add to exclusions. If you have a concrete file and/or other, please post relevant portion of the screenshot or the text.

[Sunny2011]

Welcome. Active threats > Save button > please attach the saved text.

 

If that is the Only item for kernel mode memory patch, then you can right click the detection and Add to exclusions. If you have a concrete file and/or other, please post relevant portion of the screenshot or the text.

 

This is a screen shot....I cannot get PDF files to open from other applications either....I'm thinking that this is blocking it....

[richbuff]

<repeat>Columns are not widened enough. I can't see the pertinent information.

 

Please post the full, complete detection details. Post screenshot of Detected > Active threats.

With columns widened to show full detected and name and object and path/location details.

 

Also, we need Active threats screenshot. The attached screenshot shows how to get there.

 

Also, you can hit the Save button and attach the saved text. </repeat>

[Sunny2011]

<repeat>Columns are not widened enough. I can't see the pertinent information.

 

Please post the full, complete detection details. Post screenshot of Detected > Active threats.

With columns widened to show full detected and name and object and path/location details.

 

Also, we need Active threats screenshot. The attached screenshot shows how to get there.

 

Also, you can hit the Save button and attach the saved text. </repeat>

There is nothing there...Active threats is empty...

Edited May 15, 2011 by Sunnyface

[richbuff]

That is a very good sign.

 

Object column and Reason widened, please, in your other screenshot if there are any additional concerns.

 

Application activity > please post screenshot of Restricted and Untrusted application groups. Attached screenshot shows how to get there:

[Sunny2011]

That is a very good sign.

 

Object column and Reason widened, please, in your other screenshot if there are any additional concerns.

 

Application activity > please post screenshot of Restricted and Untrusted application groups. Attached screenshot shows how to get there:

 

Here is the obj and reason widened....

[Sunny2011]

Here is the obj and reason widened....

 

 

There are no untrusted

[Sunny2011]

Here is my low restricted

[richbuff]

Those six items: If you know what they are, and you know that they came from the official source, right click them > Move to > Trusted applications group > OK all windows as you back out of the settings > reboot.

[dude22]

Hi. i just had the same problem. I've saved the report and this is what came up.

 

 

Status: Suspicious (events: 1)

16/06/2011 18:50:26 Suspicious legal software that can be used by criminals for damaging your computer or personal data PDM.Keylogger kernel mode memory patch Medium

 

 

please help as i am worried i won't be able to use my computer for any shopping or banking

kernel_16.6.11.txt

Edited June 16, 2011 by dude22

[richbuff]

Welcome. PDM.Keylogger kernel mode memory patch is a safe System item. Please right click that detection and Add to exclusions.

 

http://support.kaspersky.com/pure2/protect...e?qid=208282671

[dude22]

Thank you, that puts my mind at ease..........untill i accidentely clicked on a pop up yday and a trojan was found but it said it was denied access. Am i still safe?

 

Status: Infected (events: 1)

18/06/2011 20:49:21 Infected virus HEUR:Trojan.Script.Iframer xxp://www.ring4phones.co.uk/htmlfreeiphone

 

 

This comes under 'all' and not active threats, quarantined or neautralized.

 

Im not great with computers so i dont know if av deals with the problem itself or i have to do anything to it

 

_{edit: link disabled.}

Edited June 20, 2011 by richbuff

[richbuff]

That was detected on a website and blocked. It never made it to your PC. "Infected" refers to the blocked item, it does not refer to the PC. Main Kaspersky window is green, not red, and Detected > Active threats is empty, all is good. You can right click that detection and select Clear or remove or Delete from the list.

 

 

[dude22]

thank you i get very paranoid when it comes to interent n computer safety lol