SpyMyPC Pro found Vista Beta 2 product

Discussion in 'Windows Vista Security' started by Mike, Aug 18, 2006.

  1. Mike

    Mike Guest

    You Might want t scan your Vista Beta 2 PC's for the keylogger program
    "SpyMyPC Pro"

    i installed SpyCop, an Anti-Keylogger program, and was NOT Happy to find a
    Keylogger Program s part of the Vista Software.

    The keylogger resides in the Windows\Syste32\DriveStore\FileRepository
    directory.

    The keylogger is in a Windows Input Printer Driver file.

    You need the latest version of SpyCop to find the Keylogger dll's

    Microsoft, you need to do some better Internal security checks.

    Have a great day!!!!!
     
    Mike, Aug 18, 2006
    #1
    1. Advertisements

  2. Mike

    Peter M Guest

    Spycop has given false positives before and there's no program that will
    give 100% non-false. OTOH if you dl'd your vista from a torrent all bets are
    off. Interestingly you won't name the file.
     
    Peter M, Aug 19, 2006
    #2
    1. Advertisements

  3. Mike

    Raven Mill Guest

    Sounds like an ad for SpyCop ...
     
    Raven Mill, Aug 19, 2006
    #3
  4. Mike

    Mike Guest

    It's not an AD for SpyCop, and yes I will name the suspect dll's tomorrow,
    when I load Vista on another PC. I already deleted the two dll's with SpyCop.

    Sorry about not listing them.

    I will list them tommorrow.
     
    Mike, Aug 19, 2006
    #4
  5. Agreed.
     
    Mark D. VandenBerg, Aug 19, 2006
    #5
  6. Mike

    Mike Guest

    I left message on Spycop support. Still waiting for reply.

    Here's the info:

    The dll's in question are: "smpclrc.dll" and "smpclrd.dll"

    These dll's are identified as belonging to the "SpyMyPC Pro by Benutec" a
    Keyloggin program.

    These dll's are located in:

    Windows\System32\DriverStore\FileRepository\prnsa001.inf_3632565a\I386
    directory.

    What's interesting is they are in a SamSung Printer driver directory. Not
    that a Korean company would do such a thing? "SONY" comes to mind.

    So there's the info, if anyone cares.

    BTW I have the Printer that this driver installs and I deleted these dll's
    and my printer STILL Functions just FINE, so Hmmmmmmm!!!!!

    False positive I don't know, but without these dll's in my system, shouldn't
    my printer and it's features not work, or tell me there's a problem?

    Food for thought
     
    Mike, Aug 19, 2006
    #6
  7. As was asked, but not answered, in your other thread, "What build number,
    and from where did you obtain your copy?"

    In 5384.4 x64, that directory does not exist.
     
    Mark D. VandenBerg, Aug 19, 2006
    #7
  8. Mike

    Jane C Guest

    Jane C, Aug 19, 2006
    #8
  9. Mike

    Jane C Guest

    C:\Windows\System32\DriverStore\FileRepository\prnsa001.inf_92e71c3e in
    Vista 5384.4 x64 ;) which has an Amd64 folder instead of i386, and yes,
    those 2 .dlls are in there ;)
     
    Jane C, Aug 19, 2006
    #9
  10. Mike

    Raven Mill Guest


    I also have no such folder. I have an Intel system, same build as Mark.

    No folder:
    Windows\System32\DriverStore\FileRepository\prnsa001.inf_3632565a

    Where did you get your copy of Vista?
     
    Raven Mill, Aug 19, 2006
    #10
  11. Mike

    Raven Mill Guest

    Yep...

    Mike, just for the record, and I consider myself somewhat of an expert on
    this only because, for my radio show, I test a LOT of
    anti-virus/spyware/adware utilities. One thing I've noticed with these is
    that, not only do many of them give false positives, or even some that "find
    spyware" which is NOT spyware, just to make you think you need to buy the
    program to "fix" your PC.

    Also, it says it has been tested to run on Vista Beta but isn't supported,
    (That means it probably doesn't work well) and some features don't work on
    x64 version of Vista Beta. So you really should find a utility that is
    shown to work with the OS you're using it on.
     
    Raven Mill, Aug 19, 2006
    #11
  12. Mike

    Jeff Guest

    Hi,
    According to Fileproperties.com; those dll's in question are as follows:
    Windows Vista
    SMPCLRC.DLL


    Windows, Vista, Operating System, Winfs
    Samsung Printer Driver
    Microsoft® Windows® Operating System

    Windows Vista
    SMPCLRD.DLL



    Windows, Vista, Operating System, Winfs
    plug-in
    Samsung


    Um,

    And they are in the build from MSFT themselves; at least in build 5472

    Jeff
     
    Jeff, Aug 22, 2006
    #12
  13. So--has anyone passed them by the vendors represented at www.virustotal.com
    for example?

    I'm still of the opinion that this is a false positive--the other question I
    have is whether these files are signed by Microsoft--your evidence seems to
    point in that direction, but I'd like to be sure.

    --
     
    Bill Sanderson, Aug 23, 2006
    #13
  14. Mike

    Raven Mill Guest

    Bill...

    I decided to change the subject line, as the old one makes it seem like
    we're all actually considering this real, and not the fact that someone
    opened their crack before thinking...

    It's definately a false positive.

    Several factors were the keys:

    a: The files were part of a PRINTER DRIVER. If you're going to put a key
    logger somewhere, that's got to be the dumbest place to do it.

    b: It was the printer driver that came on the Vista disk itself, so yes,
    they were MS signed files. (I assume that ALL the drivers ON the Vista
    disk are MS-signed...can't imagine that they wouldn't be...)

    c: SpyCop, the utility that found the "infected files" says right on their
    site that the program doesn't work correctly on Vista x64, which is where
    they had it installed.

    d: Every anti-spyware vendor around OTHER than SpyCop says those files are
    NOT infected with a keylogger.

    e: Anytime a utility vendor DOESN'T respond to such an obviously horrid
    "infection", you can pretty well be assured that even THEY think it's
    nothing to bother with.

    So, just for the record folks... WINDOWS VISTA IS A BETA AND ANY ANTISPYWARE
    UTILITY OUT AT THE MOMENT IS EVEN *LESS* OFFICIAL.

    At THIS time, if you come up with a "hit" on your AV, etc...check it with
    OTHER utilities to see if THEY come up with the same thing before you start
    posting on the newsgroups that Vista is infected with whatever.
     
    Raven Mill, Aug 23, 2006
    #14
  15. Thanks, and I agree. In fact, the bit of evidence that was probably telling
    at the beginning was that deleting these "keylogger" files had no effect on
    the operation of the PC. In my limited experience, removing a keylogger in
    place is a very sticky operation--usually a reinstall of Windows seems to be
    needed to get it right.

    I don't know of any antispyware that can claim never to have false
    positives--this one isn't as disastrous as, say, one which suggests that the
    user remove their antivirus protection, which has happened in reasonably
    recent memory.
     
    Bill Sanderson, Aug 23, 2006
    #15
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.