Re: System Spy -- Key Logger

On Mon, 22 Nov 2004, Roger Padilla Jr  wrote:

> All,
>      I was wondering if anyone has some information on a particular  
> piece of
> spyware called "System Spy -- Key Logger".  It is not detected by either
> Ad-aware or Spybot -- it is being identified by Pest Patrol's free online
> scanner.  I have tried numerous searches to isolate the nature of the
> payload and delivery mechanism.  There are a number of Spyware companies
> that do have it registered in their threat databases, and they all  
> classify
> System Spy as a key logger.  So far my research has typically resolved to
> gambling sites and a number of Spying software programs that can be
> purchased or downloaded.  There are at least three computers I have come
> across that have been identified as having this particular spyware.  Any
> help would be appreciated.

Your post piqued my interest, so I ran PestScan myself.  I got quite a few
false positives.

I combed through the results and it seems to me that PestScan will give a
positive when it finds
a file of the same name as a file used by a piece of spyware.

For example, I got a positive for System Spy, too.  The only thing I could
find on my system that matched with Pest Patrol's descriptive data for
this spyware was under "File Analyses".  The file name was setup.inf.
It's not surprising that I
had a file of this name on my system.  And it wasn't the System Spy file.

Can anyone help to confirm this "false positive by file name only"
scenario?

Thanks!

--
Using Opera's revolutionary e-mail client: http://www.opera.com/m2/