Key Logger False?

[pat]

Actmon PC & Internet Monitoring Commercial Key Logger
came out in the scan on two of my XP Pro machines as a
severe threat. The infected file is windows\system32
\unzdll.dll. I went ahead and cleaned the file. Was this
an error? If so what can I do to recover? I have always
used Spybot and it never showed this file to be a threat.

 

[Bill Sanderson]

Files with this name could be either innocent or malicious. Have you
checked the quarantine area, to see whether it's stored there?

Tools, Spyware Scan, Manage Spyware quarantine

 

[pat]

Hi Bill
I checked and the files were not saved in quarantine.
Perhaps a system restore will bring them back to both
machines? No problems noted on either machine yet.

Thanks

 

[Bill Sanderson]

System restore will definitely work. It'd be good for you to try to pin
down what third-party product you've knowingly installed relates to that
file. Perhaps there will be copyright information in the file itself that
will help make that clear.

You DON'T want to have a keylogger in place on your machine, so I'd be very
cautious about leaving that file in place if you can't satisfy yourself as
to its origin. Renaming it would be a minimal action to take.

 

[pat]

I found out what the file is from. It comes with AOPA
Airport Directory. This is a false positive. Also I get
false positives from Jeppesen Flightmap software. MS
Antispyware identifies it as Radlight with four registry
keys.

 

[Bill Sanderson]

Great. Listing such products here may help. In addition, if you have
contacts with the vendor, you can point them to:

http://support.microsoft.com/kb/892340 Microsoft Windows AntiSpyware (Beta)
identifies a program as a spyware threat (Listing criteria and Dispute
process)

which has a link to a form to help possibly get the issue taken care of.