BleepingComputer.com: Kl-detector Found This

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Kl-detector Found This should I be concerned about it?

#1 User is offline   Queen-Evie 

  • Official Bleepin' Bama Belle
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Moderator
  • Posts: 4,564
  • Joined: 24-February 07
  • Gender:Not Telling
  • Location:Tuscaloosa, Alabama

Posted 31 May 2007 - 07:29 PM

In another thread, boopme gave a link to KL-Detector for keyloggers.

Out of curiousity I decided to run it and it found the following:

KL-Detector has found a suspicious file:
C:\WINDOWS\Internet Logs\IAMDB.RDB

Please check; someone might have installed a keylogger on your computer!

You MAY want to take a look at:
C:\WINDOWS\Internet Logs\
C:\WINDOWS\system32\config\

The full report is

Below are some file operations that were done during the monitoring process.
Review them carefully and check for suspicious files.


C:\WINDOWS\Internet Logs\IAMDB.RDB
was modified.

C:\WINDOWS\Internet Logs
was modified.

C:\WINDOWS\Internet Logs\IAMDB.RDB
was modified.

C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf
was modified.

C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf
was modified.

C:\WINDOWS\Internet Logs\IAMDB.RDB
was modified.

C:\WINDOWS\Internet Logs\IAMDB.RDB
was modified.

C:\WINDOWS\Internet Logs\IAMDB.RDB
was modified.

C:\WINDOWS\Internet Logs\IAMDB.RDB
was modified.

C:\WINDOWS\Internet Logs\IAMDB.RDB
was modified.

C:\WINDOWS\Internet Logs\IAMDB.RDB
was modified.

C:\WINDOWS\Internet Logs\IAMDB.RDB
was modified.

C:\WINDOWS\system32\config\default.LOG
was modified.

C:\WINDOWS\system32\config\default.LOG
was modified.

C:\WINDOWS\Internet Logs\tvDebug.log
was modified.

C:\WINDOWS\Internet Logs\IAMDB.RDB
was modified.

C:\WINDOWS\system32\config\default.LOG
was modified.

C:\WINDOWS\system32\config\default.LOG
was modified.

C:\WINDOWS\system32\config\default.LOG
was modified.

C:\WINDOWS\system32\config\default.LOG
was modified.

C:\WINDOWS\system32\config\default.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\Internet Logs\EVIE.ldb
was modified.

C:\WINDOWS\Internet Logs\EVIE.ldb
was modified.

C:\WINDOWS\Internet Logs\ZALog.txt
was modified.

C:\WINDOWS\Internet Logs\fwpktlog.txt
was modified.

C:\WINDOWS\system32\config\default.LOG
was modified.

C:\WINDOWS\system32\config\default.LOG
was modified.

C:\WINDOWS\Internet Logs\IAMDB.RDB
was modified.

C:\WINDOWS\Internet Logs\IAMDB.RDB
was modified.

C:\WINDOWS\Internet Logs\EVIE.ldb
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\default.LOG
was modified.

C:\WINDOWS\system32\config\default.LOG
was modified.

C:\WINDOWS\system32\config\default.LOG
was modified.

C:\WINDOWS\system32\config\default.LOG
was modified.

C:\WINDOWS\Internet Logs\IAMDB.RDB
was modified.

Notice it says look at and review. What should I be looking for? I'm totally clueless on this one.
Nothing new has been installed on my computer, I'm careful about opening email attachments, I scan often with anti-virus, Spybot, etc.

If a HJT log is needed, let me know and I'll post one.

Right now, I'm going to start running all my "keep the computer clean and healthy" tools.

PS-if this isn't the correct forum for this, please move it to the appropriate place.

This post has been edited by Queen-Evie: 31 May 2007 - 07:31 PM

#2 User is offline   buddy215 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 4,591
  • Joined: 14-April 06
  • Gender:Male
  • Location:West Tennessee

Posted 31 May 2007 - 07:43 PM

"Iamdb.rdb file is where the user settings of ZA is stored. Backup.rdb is just a backup of the Iamdb file in case it goes missing for funny reasons. If you look at posts where we have asked users to reset their database due to corruption, you will see us telling them to delete these two files.

In the EULA, ZL relies on information from users to help them set priorites and aid them in the analaysis of many programs out there on the net for their SmartDefence Advisor database. The main thing collected is the permissions people give their programs (Indirectly related to the iamdb.rdb file). Knowing what are the most common programs users have will allow ZL to prioritise which program needs analysis first and the permissions people give can give an idea to Zone labs on whether the program is malicious or not. ZL does not collect people's personal information or surfing behaviour
http://www.helpscreen.com.au/index.php?msg...86363&cid=1

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users