Counterspy said I have SpyKeySpy keylogger on my home PC but...

I used a 30 day trial of CounterSpy but never bought. It was still useful because it would sometimes popup with the name of something and I could use Trend Micro Housecall or AdAware or manually remove afer googling the name.

So yesterday it popped up saying I had SpyKeySpy, but being unpaid wouldn't do anthing about it. So I ran TrendMicro Housecall which found nothing. AdAware reported nothing but cookies.

I searched both hardrives for any files with part of SpyKeySpy names including hidden & system, nothing. Searched the registry in RegEdit for

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyKeySpy
HKEY_LOCAL_MACHINE\SOFTWARE\SoftArtStudio\sks32_11
HKEY_LOCAL_MACHINE\SOFTWARE\UDShellR32
HKEY_LOCAL_MACHINE\SOFTWARE\Wise Solutions\Wise Installation System\Repair\C:\Program Files\sks32\INSTALL.LOG


Nothing. Did CounterSpy lie to me to try to get me to buy?

Here is the link

http://www.democraticunderground.com/discuss/duboard.php?az=show_topics&forum=242


They will be able to help you, they are a great group!

I hope this helps you!

CounterSpy is considered "best of breed" by a lot of smart folks. I suspect that this was either a false positive or it found something the others don't detect. What is the name of the file it's calling a nasty?

Here is Symatecs info page

http://www.symantec.com/security_response/writeup.jsp?docid=2005-061314-1331-99&tabid=3

setup_spykeyspy.exe sks32proc.exe sks32serv.dll sks32hdrv.dll

I do download from UseNet & did get some RAR files last week.

You likely have a keylogger in there. Get it out. Now. The Russian Business Network is behind most, if not all of this keylogger activity. They are big, bad and have their own huge network infrastructure and they exist to steal your banking data. All of it.

Get that thing out of there and change the passwords on your banking accounts.

even though it appeared to be doing nothing without a registration number. So I gues that explains why neither TrendMicro Housecall or my meticulous search turned up any of the known files.

So if CounterSpy unregistered runs every night at 2am and found this logger yesterday, the only event I can attribute this to is DLing 17 Wicked mp3s from alt.binaries.mp3.musicals the night before.

SpyKeySpy is a commercial 'nanny' product, usually used by a parent to monitor a child's computer activity.

http://www.softartstudio.com/spy/spykeyspy.html

You can manually remove it, likely in safe mode. The files and registry keys associated with it are described here:

http://www.ca.com/us/securityadvisor/pest/pest.aspx?id=453094277

I did and I had CounterSpy on my PC. I don't have it any longer because I do not need it.

link to download Firefox/Thunderbird: www.mozilla.com


IE really does suck.

:kick:

as it becomes more popular, so switching isn't a permanent solution.

The best thing to do is keep antivirus and antispyware programs up to date and run them regularly, less often if you're a casual surfer, more often if you download a lot of stuff from iffy sites.

MSIE is a hacker magnet, no doubt about it.

Most of those nasties are pushed onto machines with ActiveX. Firefox doesn't use ActiveX anywhere.