# Do I Have Keylogger??



## xandermom (Aug 9, 2005)

I just did a spyware scan through Pest Patrol and it came up that I have Advanced Keylogger. Of course now I'm envisioning my bank account getting wiped out since I bought something online today and am sick wondering how this got onto my laptop. I just read an article about how sometimes there can be "false positives" and Pest Patrol was specifically mentioned. Here is the information it came up with:

key "hkey_local_machine \software\licenses" value "{k7c0db872a3f777c0}"
key "hkey_local_machine \software\licenses" value "{r7c0db872a3f777c0}"

If anyone can help me determine if I actually do have keylogger and how to get rid of it if I do, I'd certainly appreciate it. I should also mention that I've done just about every free online spyware search available and none of the other programs have come up with keylogger.

Thanks!


----------



## lotuseclat79 (Sep 12, 2003)

xandermom said:


> I just did a spyware scan through Pest Patrol and it came up that I have Advanced Keylogger. Of course now I'm envisioning my bank account getting wiped out since I bought something online today and am sick wondering how this got onto my laptop. I just read an article about how sometimes there can be "false positives" and Pest Patrol was specifically mentioned. Here is the information it came up with:
> 
> key "hkey_local_machine \software\licenses" value "{k7c0db872a3f777c0}"
> key "hkey_local_machine \software\licenses" value "{r7c0db872a3f777c0}"
> ...


Hi zandermom,

I checked my own registry and I have one of the two you mention, the first one. I also checked my software licenses and I have the following licensed software reported by Belarc [Note: license numbers are deleted]:
Ahead - Nero Fast CD-Burning Plug-in	
Belarc - Advisor
Hewlett-Packard - WebReg
Microsoft - Internet Explorer
Microsoft - Office 2000 SR-1 Professional
Microsoft - WebFldrs XP
Microsoft - Windows Resource Kit Tools
Microsoft - Windows Support Tools
Microsoft - Windows XP Professional

I have the key "hkey_local_machine \software\licenses" value "{k7c0db872a3f777c0}" , and that refers to the name only, not the type and data value in the registy.

You can check to see if you have any of the above licenses I do by downloading, installing, running Belarc Advisor (free) from: http://www.belarc.com There is a new verification file after every Windows Update Tuesday (2nd Tues. of every month) - might have to wait until Thursday.

Please post your Belarc list of licenses - not the acutal license number itself, just the name of the software for which you have a license. Note: I deleted the actual license numbers reported by Belarc, and you should do the same when you reply to this request. I just want to check to see what licensed software we have in common - and that would be the one license whose value I cited that I have - but, I don't know which license the registry name refers to.

Most likely these are false positives from Pest Patrol - I bought a copy, no longer use it - can't stand the very long updates over the web - horribly slow on my dialup.

-- Tom


----------



## xandermom (Aug 9, 2005)

lotuseclat79 said:


> Hi zandermom,
> 
> I checked my own registry and I have one of the two you mention, the first one. I also checked my software licenses and I have the following licensed software reported by Belarc [Note: license numbers are deleted]:
> Ahead - Nero Fast CD-Burning Plug-in
> ...


Hi Tom,

Thanks so much for your reply! I think this is what you asked for:

Belarc - Advisor 
Microsoft - Internet Explorer 
Microsoft - Office Standard Edition 2003 
Microsoft - WebFldrs XP 
Microsoft - Windows XP Professional 
Sonic Solutions - Sonic DLA 
Sonic Solutions - Sonic RecordNow!

What do you think?

Michelle


----------



## lotuseclat79 (Sep 12, 2003)

xandermom said:


> Hi Tom,
> 
> Thanks so much for your reply! I think this is what you asked for:
> 
> ...


Hi Michelle,

Well, for sure one of the items we have in common is the 1st key name. Still don't know which one.

While its probable that the 2nd one is also a False Positive - I don't know for certain.

I use SnoopFree to protect against hooking keyloggers available from:
Snoopfree Privacy Shield: http://www.snoopfree.com/default.htm

I would recommend you install SnoopFree and Deny anything that it finds - at least that way you will remain free of any "hooking" type keyloggers.

However, there are other types of keyloggers such as kernel level keyloggers. Here is a link to read up about the different kinds of key loggers: Introduction to Spyware Keyloggers http://www.securityfocus.com/infocus/1829

There is a free research Intrusion Detection System (IDS) you can get from Prevx known as Prevx1R. Its leading edge and for free - there may be some minor problems with new features - like today, I just sent them a message at the support website about an annoying little pop-up - I'm on dialup and it was telling me every 15 seconds there was no connection when I had a good enough connection to read my email - no biggie for the protection it offers. I just had to kill its process and relaunch it when I again had a good connection. It also detects against rootkits, and keyloggers. Get it here if you are not sure that the 1st and 2nd items found by Pest Patrol are False Positives: http://free.prevx.com/features.asp It will at least give you peace of mind now that you know more than you ever wanted to know from reading the article mentioned above.

-- Tom


----------

