rasikalokuge Posted May 1, 2011 PDM.Keylogger Detected By Kaspersky Pure. Please let me know how to remove this Share this post Link to post
richbuff Posted May 1, 2011 Please post the full, complete detection details. Post screenshot of Detected > Active threats. With columns widened to show full detected and name and object and path/location details. How to take and post screenshot: PrtSc (Print screen) key (upper right part of keyboard)> open Paint (Start > All programs > Accessories) > Edit > Paste, File > Save as (jpeg or png, Not bmp). When replying, Browse > click once to select file > Open > Upload > add reply. Share this post Link to post
aa11 Posted May 2, 2011 Hi, I got similar problem too. I copied part of the report on Proactive Defense here. Also in the detected threat, it shows it as "legal software that can be used criminals for damaging computer PDM.Keylogger", Type: Running Process, Name and Path: Kernel Mode memory patch with Medium severity. Please advise. ------------------------------------------------------------------------------------------------------------------------------------------- 4/18/2011 8:50:50 AM Task started Subsystem Proactive Defense Kaspersky PURE 4/18/2011 8:54:50 AM Task started Subsystem Proactive Defense Kaspersky PURE 4/18/2011 8:56:23 AM Task started Subsystem Proactive Defense Kaspersky PURE 4/18/2011 8:57:34 AM Task started Subsystem Proactive Defense Kaspersky PURE 4/18/2011 10:51:54 AM Task started Subsystem Proactive Defense Kaspersky PURE 4/18/2011 10:51:59 AM Detected: PDM.Keylogger Driver file kernel mode memory patch Absent 4/18/2011 10:51:59 AM Detected: PDM.Keylogger Driver file kernel mode memory patch Action selected by user Absent 4/18/2011 10:55:50 AM Task started Subsystem Proactive Defense Kaspersky PURE 4/18/2011 10:55:58 AM Detected: PDM.Keylogger Driver file kernel mode memory patch Absent 4/18/2011 10:55:58 AM Detected: PDM.Keylogger Driver file kernel mode memory patch Action selected by user Absent 4/18/2011 11:50:44 AM Task started Subsystem Proactive Defense Kaspersky PURE 4/18/2011 11:51:49 AM Task started Subsystem Proactive Defense Kaspersky PURE 4/18/2011 2:04:38 PM Task started Subsystem Proactive Defense Kaspersky PURE 4/18/2011 10:01:08 PM Task started Subsystem Proactive Defense Kaspersky PURE 4/20/2011 9:40:26 AM Task started Subsystem Proactive Defense Kaspersky PURE 4/20/2011 10:48:07 PM Task started Subsystem Proactive Defense Kaspersky PURE 4/26/2011 9:10:22 AM Task started Subsystem Proactive Defense Kaspersky PURE 4/26/2011 9:11:57 AM Task started Subsystem Proactive Defense Kaspersky PURE 4/26/2011 9:12:04 AM Detected: PDM.Keylogger Driver file kernel mode memory patch Absent 4/26/2011 9:12:04 AM Detected: PDM.Keylogger Driver file kernel mode memory patch Action selected by user Absent 4/28/2011 9:05:48 AM Task started Subsystem Proactive Defense Kaspersky PURE 4/29/2011 6:25:26 AM Task started Subsystem Proactive Defense Kaspersky PURE 4/29/2011 6:38:28 AM Task started Subsystem Proactive Defense Kaspersky PURE 4/29/2011 6:59:42 AM Task started Subsystem Proactive Defense Kaspersky PURE 4/29/2011 7:02:04 AM Task started Subsystem Proactive Defense Kaspersky PURE 4/29/2011 7:08:05 AM Task started Subsystem Proactive Defense Kaspersky PURE 4/29/2011 10:06:05 AM Task started Subsystem Proactive Defense Kaspersky PURE 4/29/2011 10:07:28 AM Detected: PDM.Keylogger Driver file kernel mode memory patch Absent 4/29/2011 10:07:28 AM Detected: PDM.Keylogger Driver file kernel mode memory patch Action selected by user Absent 5/1/2011 10:13:43 PM Task started Subsystem Proactive Defense Kaspersky PURE 5/1/2011 10:15:02 PM Detected: PDM.Keylogger Driver file kernel mode memory patch Absent 5/1/2011 10:15:02 PM Detected: PDM.Keylogger Driver file kernel mode memory patch Action selected by user Absent 5/1/2011 10:37:25 PM Task started Subsystem Proactive Defense Kaspersky PURE 5/1/2011 10:42:07 PM Task started Subsystem Proactive Defense Kaspersky PURE ----------------------------------------------------------------------------------------------------------------------------------------------------------- Thanks. Arshia. Share this post Link to post
richbuff Posted May 2, 2011 ...Absent.Welcome. Please right click the Absent detection and Add to exclusions. Share this post Link to post
rhosddured Posted May 3, 2011 Hi, I've got the same problem with PDM. keylogger being detected. Any help appreciated. Cheers. 03/05/2011 06:54:08 Anti-Spam Task started Kaspersky PURE Anti-Spam 03/05/2011 06:54:08 Firewall Task started Kaspersky PURE Firewall 03/05/2011 06:54:08 File Anti-Virus Task started Kaspersky PURE File Anti-Virus 03/05/2011 06:54:08 Application Control Task started Kaspersky PURE Application Control 03/05/2011 06:54:08 IM Anti-Virus Task started Kaspersky PURE IM Anti-Virus 03/05/2011 06:54:08 Proactive Defense Task started Kaspersky PURE Proactive Defense 03/05/2011 06:54:08 Network Attack Blocker Task started Kaspersky PURE Network Attack Blocker 03/05/2011 06:54:08 Mail Anti-Virus Task started Kaspersky PURE Mail Anti-Virus 03/05/2011 06:54:08 Web Anti-Virus Task started Kaspersky PURE Web Anti-Virus 03/05/2011 06:54:20 Proactive Defense Detected: PDM.Keylogger Absent Keylogger activity kernel mode memory patch 03/05/2011 06:54:21 Proactive Defense Detected: PDM.Keylogger Absent Keylogger activity kernel mode memory patch Action selected by user 03/05/2011 06:54:23 Protection Center Your computer is protected Kaspersky PURE 03/05/2011 06:55:36 Update Center Task started Kaspersky PURE Update Center 03/05/2011 06:56:44 Objects Scan Task started Kaspersky PURE Quick Scan 03/05/2011 06:57:05 Objects Scan Task completed Kaspersky PURE Quick Scan 03/05/2011 06:57:59 Application Control AntiSpyware Definition Update Application moved to group Trusted Signed by the digital signature of entrusted manufacturers 03/05/2011 06:58:01 Application Control Microsoft Antimalware Signature Redirector Application moved to group Trusted Signed by the digital signature of entrusted manufacturers 03/05/2011 07:20:58 Objects Scan Task started Kaspersky PURE Quick Scan 03/05/2011 07:21:30 Objects Scan Task completed Kaspersky PURE Quick Scan 03/05/2011 07:24:21 Objects Scan Task started Kaspersky PURE Rootkit Scan 03/05/2011 07:30:32 Objects Scan Task completed Kaspersky PURE Rootkit Scan Share this post Link to post
richbuff Posted May 3, 2011 ...Absent.Welcome. Please right click the Absent detection that is located in All detected, and Add to exclusions. Share this post Link to post
Sunny2011 Posted May 5, 2011 (edited) Please post the full, complete detection details. Post screenshot of Detected > Active threats. With columns widened to show full detected and name and object and path/location details. How to take and post screenshot: PrtSc (Print screen) key (upper right part of keyboard)> open Paint (Start > All programs > Accessories) > Edit > Paste, File > Save as (jpeg or png, Not bmp). When replying, Browse > click once to select file > Open > Upload > add reply. New Kaspersky user...still figuring things out. Got Keylogger notification I'm I supposed to do anything about it or is it an autofix? What causes it? took screen shot too big... 5/5/2011 3:40:24 AM Proactive Defense Detected: PDM.Keylogger Absent Keylogger activity kernel mode memory patch Edited May 5, 2011 by Sunnyface Share this post Link to post
richbuff Posted May 5, 2011 Welcome. Active threats > Save button > please attach the saved text. AbsentIf that is the Only item for kernel mode memory patch, then you can right click the detection and Add to exclusions. If you have a concrete file and/or other, please post relevant portion of the screenshot or the text. Share this post Link to post
Sunny2011 Posted May 14, 2011 Welcome. Active threats > Save button > please attach the saved text. If that is the Only item for kernel mode memory patch, then you can right click the detection and Add to exclusions. If you have a concrete file and/or other, please post relevant portion of the screenshot or the text. This is a screen shot....I cannot get PDF files to open from other applications either....I'm thinking that this is blocking it.... Share this post Link to post
richbuff Posted May 14, 2011 <repeat>Columns are not widened enough. I can't see the pertinent information. Please post the full, complete detection details. Post screenshot of Detected > Active threats. With columns widened to show full detected and name and object and path/location details. Also, we need Active threats screenshot. The attached screenshot shows how to get there. Also, you can hit the Save button and attach the saved text. </repeat> Share this post Link to post
Sunny2011 Posted May 15, 2011 (edited) <repeat>Columns are not widened enough. I can't see the pertinent information. Please post the full, complete detection details. Post screenshot of Detected > Active threats. With columns widened to show full detected and name and object and path/location details. Also, we need Active threats screenshot. The attached screenshot shows how to get there. Also, you can hit the Save button and attach the saved text. </repeat> There is nothing there...Active threats is empty... Edited May 15, 2011 by Sunnyface Share this post Link to post
richbuff Posted May 15, 2011 That is a very good sign. Object column and Reason widened, please, in your other screenshot if there are any additional concerns. Application activity > please post screenshot of Restricted and Untrusted application groups. Attached screenshot shows how to get there: Share this post Link to post
Sunny2011 Posted May 15, 2011 That is a very good sign. Object column and Reason widened, please, in your other screenshot if there are any additional concerns. Application activity > please post screenshot of Restricted and Untrusted application groups. Attached screenshot shows how to get there: Here is the obj and reason widened.... Share this post Link to post
Sunny2011 Posted May 15, 2011 Here is the obj and reason widened.... There are no untrusted Share this post Link to post
richbuff Posted May 15, 2011 Those six items: If you know what they are, and you know that they came from the official source, right click them > Move to > Trusted applications group > OK all windows as you back out of the settings > reboot. Share this post Link to post
dude22 Posted June 16, 2011 (edited) Hi. i just had the same problem. I've saved the report and this is what came up. Status: Suspicious (events: 1) 16/06/2011 18:50:26 Suspicious legal software that can be used by criminals for damaging your computer or personal data PDM.Keylogger kernel mode memory patch Medium please help as i am worried i won't be able to use my computer for any shopping or banking kernel_16.6.11.txt Edited June 16, 2011 by dude22 Share this post Link to post
richbuff Posted June 16, 2011 Welcome. PDM.Keylogger kernel mode memory patch is a safe System item. Please right click that detection and Add to exclusions. http://support.kaspersky.com/pure2/protect...e?qid=208282671 Share this post Link to post
dude22 Posted June 19, 2011 (edited) Thank you, that puts my mind at ease..........untill i accidentely clicked on a pop up yday and a trojan was found but it said it was denied access. Am i still safe? Status: Infected (events: 1) 18/06/2011 20:49:21 Infected virus HEUR:Trojan.Script.Iframer xxp://www.ring4phones.co.uk/htmlfreeiphone This comes under 'all' and not active threats, quarantined or neautralized. Im not great with computers so i dont know if av deals with the problem itself or i have to do anything to it edit: link disabled. Edited June 20, 2011 by richbuff Share this post Link to post
richbuff Posted June 20, 2011 That was detected on a website and blocked. It never made it to your PC. "Infected" refers to the blocked item, it does not refer to the PC. Main Kaspersky window is green, not red, and Detected > Active threats is empty, all is good. You can right click that detection and select Clear or remove or Delete from the list. Share this post Link to post
dude22 Posted June 20, 2011 thank you i get very paranoid when it comes to interent n computer safety lol Share this post Link to post