KGB Keylogger - Keeps Returning

  Blott 10:14 05 Aug 2006
Locked

Some weeks ago, during a scan of computer by "Pestpatrol" , it cam up with adware "KGB Keylogger" in Registry

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\fileexts\.mdb


This was not picked up in scans by AVG Pro, or Windows Defender.

"Pest Patrol" said it had deleted it, and for a while it had, but found the thing there again a couple of days later.

Much searching but I could not see what was bringing it back - not on startup, not through going on line or any of my usual sites (mind you, the .mdb should have given me a clue !!!).

Until this morning, when it clicked - the keylogger comes back everytime I open a microsoft access database. If the database is passworded the keylogger still re-occurs before the password is put in.

So- several questions here if anyone can help :-

1 Is there any way I can get rid of it for good ?

2 Why don't AVG or, particularly, Windows defender detect it ?

3 Isn't WinXP supposed to have a firewall that stops things being sent out from the machine ?

4 How has Access become involved - none of my access databases have been exposed on line or received from anyone else - they are all mine !! ?



Best Regards
to all

Blott

  Fruit Bat /\0/\ 10:22 05 Aug 2006

1. Switch off system, restore scan with Pest patrol and remove logger.

2. AVG only detects viruses

3. XP firewall is incomming only you need something like Zone Alarm to stop out going aswell.

4. mdb is a database file format, thats how the logger is disguised.

  961 10:27 05 Aug 2006

Couple of things

When removing this sort of thing remember to disable system restore, as files often lurk there to reappear afterwards. Turn back on afterwards

Try a scan at Spyware Doctor which I believe will remove this. I believe the programme itself will prevent this keylogger installing and operating

  gudgulf 10:42 05 Aug 2006

I You wont get rid of this unless you uninstall Microsoft Access....the registry location you quote simply refers to the file extension used by Access databases.

click here

So if you delete it it will be recreated by Access.

2 AVG does not scan for Adware or Keyloggers.It is designed to seek out known viruses and worms.

Windows Defender does not detect it.....and I suspect none of the other antimalware scanners will detect it either.....becase the registry key identified by PestPatrol is a legitimate Access registry key.

IE it is a false positive!

3. Windows built in firewall only blocks incoming traffic...you need something like Sunbelt/Kerio or ZoneAlarm firewalls to block outgoing traffic as well.
4 Access has become involved because PestPatrol has decided a legitimate registry entry for Access database files is a keylogger.


This is a false positive....I have the same registry key on my own pc.As will anyone else with Access installed.

NOD32,WinDefender,Adaware,SpybotS&D,SuperAntispyware or AOL's Antispyware program detect anything untoward.


False positives with PestPatrol are not uncommon click here=

  gudgulf 11:01 05 Aug 2006

You may also find these links useful.

click here

click here

click here

  Blott 16:03 08 Aug 2006

Many thanks for the replies.

FruitBat - turn off system restore, rescan and remove with pest patrol - did the trick, and keylogger no longer detected.


961 - thanks - I didnt need Spyware Doctor, but have this noted for the future.


GudGulf - I'm going to be out of touch for a week or so but on my return I will go into your very interesting comments and links. I actually understand about a half of your advice !The "false positive" aspect is interesting.
Co-incidentally a friend of mine who knows even less about the subject than I do (i.e. not a lot) remarked that perhaps the Pest Patrol is designed to "detect" something that's not there occasionally just to show the purchaser that the programme is doing something !!
Many thanks for your help.


Regards to all
Blott

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

The Evil Within 2 review-in-progress

InVision Studio takes on Adobe XD and Sketch

iPhone X news: Release date, price, new features & specs

Comment transformer un iPhone en borne Wi-Fi ?