AVAST CONTAINS KEYLOGGERS

LoadsaMoney · 14 Oct 2006 at 13:46

As title, got the free Avast from the official Avast Alwil site, and it contains RealSpy Keyloggers.

Updated my Xoftspy yesterday and ran a scan, picked up 7+ RealSpy Keyloggers of Severe Risk, on checking the object details for the loggers, it said it tracks all what you type and redirects them to some FTP site, tracks everything you type in AOL AIM, E-Mails, MSN, ICQ etc... etc...

Didn't think it could be coming from Avast, so removed them, reset PC couple of times, scanned again, and they were back everytime, then thought Avast was the only thing that ive installed recently as ive only been using it a week or so, but it can't be that surely.

Anyway did some testing, removed Avast fully, reset scanned a few times, and nothing found at all, so reinstalled Avast, reset a few times scanned again, and bang, keyloggers were back!!!, so they are coming from Avast, Fully removed it now and gone back to AVG7, not very happy at all as ive been using my online banking while these things have been on!!!.

USE AT YOUR OWN RISK!!!.

SiHH · 14 Oct 2006 at 13:49

Interesting, if anyone has some spare machines it would be worth doing some more tests on this to see what the score really is.

Only got one machine myself so wont be putting it on that but await further responses !

Una · 14 Oct 2006 at 13:50

There are such things as false positives. Its down to the way that virus scanners hook into the kernel calls. This is why they can often look like malicious software. Could be something else is infecting your virus scanner, but sounds like a false positive to me.

LoadsaMoney · 14 Oct 2006 at 13:58

Don't know, they definately came from Avast though, as i reset loads of times, scanned, and they came back everytime, then when i removed Avast i did the same, reset and scanned loads of times, and nothing, soon as i re-installed Avast again they came back, so not taking any chances here and gone back to AVG7, don't like the sound of having keyloggers on my machine tracking everything i do.

the.m · 14 Oct 2006 at 14:01

I would contact Avast, perhaps they can explain!

Una · 14 Oct 2006 at 14:17

The thing is if your using the same program to scan its going to pick up avast as a keylogger each time. Try using a different program, or using something like http://www.sysinternals.com/Utilities/RootkitRevealer.html and paste the results here.

Craig321 · 14 Oct 2006 at 14:24

Una said:
There are such things as false positives. Its down to the way that virus scanners hook into the kernel calls. This is why they can often look like malicious software. Could be something else is infecting your virus scanner, but sounds like a false positive to me.

Yup, like Zonealarm was a bit jumpy when I installed the Logitech mouse/keyboard drivers as they interacted with my keyboard... obviously which made them look like a keylogger.

But really, if it does have any true keyloggers in the company will be taken down soon.

rickyt · 14 Oct 2006 at 14:27

They must all be at it ! . I had used the Sygate Firewall for years and my anti-virus came up with a embeded keyloger . Stopped using it straight away and now on Zone Alarm .A few others had comented on Sygate too .If we cannot trust Firewall & anti-virus programs ...who can we trust ?

Una · 14 Oct 2006 at 14:37

Its because Anti-Virus programs need to do similar things to the way virus's/cracks/other malware works in order to detect them, thus they often get detected as the wrong thing.

If you want programs you can trust use open source non propriotory crap

AJUK · 14 Oct 2006 at 14:37

Xoftspy used to be known as a rogue antispyware application, although it has now been delisted. I still wouldn't trust it and even if I did I would trust the very well respected Avast over it anyday.

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Use one of the trusted applications listed on that page.

LoadsaMoney · 14 Oct 2006 at 14:41

Una said:
The thing is if your using the same program to scan its going to pick up avast as a keylogger each time. Try using a different program, or using something like http://www.sysinternals.com/Utilities/RootkitRevealer.html and paste the results here.

Thats the thing though, it was only the new update that picked it up, when id scanned before id updated my Xoftspy nothing was found, seems like the new update of Xoftspy is picking it up, but i don't know why, so it could be a false positive i suppose then, just don't want to take any chances.

Amidar · 14 Oct 2006 at 14:50

Just tried Xoftspy on a fresh install of windows xp(this is the only thing on the pc) & it picked up dialers,Kazar lite ect.The problem is the only site i have been to is here & windows update.In my eyes Xoftspy is a pile of **** that cons people into purchasing it :mad:

i wouldn't belive a thing it tells you.

.Griff. · 14 Oct 2006 at 15:06

Amidar said:
Just tried Xoftspy on a fresh install of windows xp(this is the only thing on the pc) & it picked up dialers,Kazar lite ect.The problem is the only site i have been to is here & windows update.In my eyes Xoftspy is a pile of **** that cons people into purchasing it i wouldn't belive a thing it tells you.

On the spyware warrior site is lists this "XoftSpy was listed on this page because of concerns with false positives"

Just tried it my PC and got the same Kazaa lite trojan warning and various diallers. Strange that I'm running Spywareblaster, Nod32, and tried oncecare recently and they all failed to spot these "severe threats". IMO Xoftspy is a load of crap.

Craig321 · 14 Oct 2006 at 21:41

AJUK said:
Xoftspy used to be known as a rogue antispyware application, although it has now been delisted. I still wouldn't trust it and even if I did I would trust the very well respected Avast over it anyday.

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Use one of the trusted applications listed on that page.

Tried Xoftspy earlier and it's rubbish. Picks up loads of false stuff.

VeNT · 14 Oct 2006 at 21:44

Xoftspy is malware.

mrk · 14 Oct 2006 at 23:02

Lol, scaremongering is pretty lame.

AVAST does not contain any spyware or key loggers, it's been around long enough and is being used by people all over the net and this is the first time I have ever heard what you've posted.

Run Trend online and scan, run OneCare BETA online scan and see what they come up with.

NOD32 did a similar thing last year with false positives because of the way many applications work out there they can be mistaken for something more harmful.

It's all down to the heuristics engine inside the scanning app you are using, if it's too volatile it will get false positives, the makers need to update it to be more intelligent in what it flags as dangerous and not because if it's telling you AVAST is spyware then there is also the same risk it will ignore a REAL threat and let it go by and install on your system.

locutus12 · 15 Oct 2006 at 00:57

norton antivirus, spybot search and destroy, VNC are all picked up as having malicious things inside them, all are false possitives.

LoadsaMoney · 15 Oct 2006 at 22:42

Must have been false positives, just ran a scan and it found kaza Lite Trojan, in a software/microsoft folder, which is funny as i dont have a software folder, and i dont even have Kaza

, so left it there and ran Adware SE to see if that would pick it up, nope not a thing, Xoftspy again, and it miraculously came back.

What a pile of *****.

Craig321 · 16 Oct 2006 at 01:06

LoadsaMoney said:
Must have been false positives, just ran a scan and it found kaza Lite Trojan, in a software/microsoft folder, which is funny as i dont have a software folder, and i dont even have Kaza , so left it there and ran Adware SE to see if that would pick it up, nope not a thing, Xoftspy again, and it miraculously came back.

What a pile of *****.

I don't think Xoftspy actually knows what spyware is

ZXSpectrum · 16 Oct 2006 at 09:08

LOL... Sounds like a great piece of software... :rolleyes:

I just use AGV7 with the new Grisoft Malware program and my machine is spot on.