Key Logger Reported Inside Install File (False Positive?!)

Forum for end Users only - for Raster-XChange, convert any Windows document or image to a :
BMP,PNG, GIF, PBM, PGM, PPM, JBIG2, JPEG, JPEG2000, JNG, PCX, DCX, TGA, TIFF, WBMP.

Moderators: TrackerSupp-Daniel, Tracker Support, Vasyl-Tracker Dev Team, Sean - Tracker, Chris - Tracker Supp, Tracker Supp-Stefan, Ivan - Tracker Software

Post Reply
Pro User
User
Posts: 13
Joined: Thu Feb 08, 2007 4:39 pm
Location: USA

Key Logger Reported Inside Install File (False Positive?!)

Post by Pro User » Wed Apr 11, 2007 3:20 am

Hello Tracker Support:

I recently did an anti-spyware scan that included some to-be-installed programs, and was very surprised to find a key logger reported inside an install file for Raster-XChange that I downloaded directly from the Tracker website in January (or so). I like your products very much (I have a license for PDF-XChange Pro), but want to be safe using them! Hoping it's a false positive - e.g. files inside your install file coincidentally had similar names to those associated with the key logger?

The key logger name is "aSpy v2.12", and full details on its associated files are at Computer Associates website (they are the current publishers of the Anti-Spyware program, PestPatrol), link:
http://www3.ca.com/securityadvisor/pest ... =453101425

Below are the details of the scan, and I still have the unzipped file if you're interested in it:

File (unzipped): RXC.exe, 3739 KB Nov 25 2006 11:24 am

Anti-Spyware Program:
Spyware X-Terminator 4.4 (same as PestPatrol v4)
Definition Files: Jan 27, 2007, and a second scan with ones downloaded today.

It reported inside of RXC.exe, the Pest:
Pest: aSpy v2.12
Pest Info: Category: Key Logger Author: Pro-EXESoftware
Release Date: 12/15/2006 0:00:00

It also gave the following details about RXC.exe:
PVT: -1897429879 MD5: 3cb942ae445f186b48f1845aa240e2f6
Date: 11/25/2006 11:24:40 AM Company Name: Tracker Software
File Description: Raster-XChange Setup File Version: 1.02.0036.0000

Thank you in advance for investigating.
.

John - Tracker Supp
Site Admin
Posts: 8202
Joined: Tue Jun 29, 2004 10:34 am
Location: Vancouver Island - Canada
Contact:

Post by John - Tracker Supp » Wed Apr 11, 2007 8:43 am

Hi,

Thanks for your message - as you will appreciate this is a surprise to us - we certainly do not intentionally include any such content and suspect (and hope) that it is a false/positive alarm from the product in question.

Could you please email the installer in question and the file mentioned and we will run our own checks urgently here and come back.

If you could send as much info as possible we would be most grateful - please send to :

usrfiles@tracker-software.com - there is no limit on the inbox - but all files must be zipped to pass through our email server.

many thanks.
If posting files to this forum - you must archive the files to a ZIP, RAR or 7z file or they will not be uploaded - thank you.

Best regards
Tracker Support
http://www.tracker-software.com

Pro User
User
Posts: 13
Joined: Thu Feb 08, 2007 4:39 pm
Location: USA

Post by Pro User » Wed Apr 11, 2007 1:26 pm

Just to notify you: as requested, I emailed to you a few minutes ago the install file RXC.exe (zipped as requested).
.

Pro User
User
Posts: 13
Joined: Thu Feb 08, 2007 4:39 pm
Location: USA

Post by Pro User » Wed Apr 11, 2007 5:41 pm

FYI there is some info in the Scan Results that is consistent with the (to me) more likely explaination of a false positive:
I looked at the Scan Results again & then looked in Spyware X-Terminator's Help file. The Scan Results has a category "Certainty" = "Confidence level of Spyware X-terminator analysis", for which there are 2 choices:
"Confirmed: This detection is exact."
"Suspected: The result of Spyware X-terminator's inference engine."

The Scan Results listed "Suspected".
.

John - Tracker Supp
Site Admin
Posts: 8202
Joined: Tue Jun 29, 2004 10:34 am
Location: Vancouver Island - Canada
Contact:

Post by John - Tracker Supp » Wed Apr 11, 2007 7:51 pm

Hi,

Thanks for the info supplied and I have to say we are confident this is a false/positive.

We did some research and it would appear a common peice of 'Spyware' happens to use the same installer we use to create our installtion files and some antispyware software has been reported as picking up on this as a possible indicator of the possibility of the software being installed being suspect.

As you will appreciate, if true - this is a pretty 'random' way to identify possible problems and I would urge you to contact your spyware authors to ask them to check the file and give a reason for the issue.

Many thanks for your assistance and cooperation - if you need any additional info or help in anyway - please do come back.

thanks
If posting files to this forum - you must archive the files to a ZIP, RAR or 7z file or they will not be uploaded - thank you.

Best regards
Tracker Support
http://www.tracker-software.com

Pro User
User
Posts: 13
Joined: Thu Feb 08, 2007 4:39 pm
Location: USA

Post by Pro User » Thu Apr 12, 2007 12:43 pm

Thank you very much for investigating. Very glad Tracker concluded it was a false positive!
.

John - Tracker Supp
Site Admin
Posts: 8202
Joined: Tue Jun 29, 2004 10:34 am
Location: Vancouver Island - Canada
Contact:

Post by John - Tracker Supp » Thu Apr 12, 2007 9:07 pm

Pleasure - please do come back if we can assist further.
If posting files to this forum - you must archive the files to a ZIP, RAR or 7z file or they will not be uploaded - thank you.

Best regards
Tracker Support
http://www.tracker-software.com

Frederik
User
Posts: 2
Joined: Fri Oct 14, 2005 3:17 pm

Re: Key Logger Reported Inside Install File (False Positive?!)

Post by Frederik » Mon Jul 07, 2008 8:55 pm

Hi,

I tried the same today and F-Secure Antivirus reported
Monitor.Win32.Keylogger (riskware)
inside RCX.EXE

I will send them the file for inspection. It seems as if there is a persistent problem ...

Regards,

frederik

Frederik
User
Posts: 2
Joined: Fri Oct 14, 2005 3:17 pm

Re: Key Logger Reported Inside Install File (False Positive?!)

Post by Frederik » Tue Jul 08, 2008 9:27 pm

I sent the file to f-secure and they made sure, that there is nothing in it. They will update their databases.

frederik

Tom - Tracker

Re: Key Logger Reported Inside Install File (False Positive?!)

Post by Tom - Tracker » Wed Jul 09, 2008 1:38 pm

Thanks :)

Post Reply