Earlier today, I updated the spyware definitions on my computer for the Pest Patrol program. This software is part of the eTrust antivirus program suite and is written by Computer Associates. I then did a scan and it detected a registry entry identified as “advanced keylogger.” The precise registry keys are contained in HKEY_LOCAL_MACHINE/SOFTWARE/software.

After some experimentation, I discovered that the offending registry keys are created during the registration of Downloader Pro, so I assume that they are registration information and not a keylogger. Still, keyloggers are a worrisome issue, and I wondered if anyone else had run into this?

BTW, by use of a hard drive image, I repeated the above process three times and on every occasion there was no spyware identification before registering Downloader Pro and there was afterwards.

Thanks

Gene Killian

Probably the "key" in keylogger refers to the DLpro registration key, rather than the keys on the keyboard.

But indeed, it would be nice to eliminate suspicion.

Rob

Sounds like a false positive, probably because heuristical methods are used to find unknown (new) malware.

Downloader Pro does write some values to the registry when it is installed but it is most definitely not key logging or spyware.

I did a little more research and found the following page that deals with the "Advanced Keylogger":

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094239

The third item on this page under "Registry Items" (k7c0db872a3f777c0) is the same as the registry key created when I installed Downloader Pro. This is what was found by the spyware program.

I never thought that Downloader Pro was installing a keylogger, and I'm sure it’s a false-positive. It's just a bit disconcerting when a reputable spyware program tells you that your computer has keylogger spyware.

Thanks for the responses,

Gene Killian

It must just be a strange coincidence. Perhaps the keylogger uses the same installer or is masquerading as a legitimate program.