I found the keylogger program "SpyMyPC Pro" in the Windows\System32\DriverStore\FileRepository directory. It's in a Windows Input Printer Driver file. I used "SPYCOP version 7" to find the keylogger. I thought it was a false, I installed Vista Beta 2 on a Fresh Hard drive on a differrent PC, and sure enough the keylogger is there. I've found the keylogger in the same file on 5 Vista beta 2 PC's. Microsoft you need to check this out as SpyCop has never given me a FALSE positive.
What does SpyCop support have to say about this finding? What Vista build is this, and what source did you get it from?
I left message on Spycop support. Still waiting for reply. Here's the info: The dll's in question are: "smpclrc.dll" and "smpclrd.dll" These dll's are identified as belonging to the "SpyMyPC Pro by Benutec" a Keyloggin program. These dll's are located in: Windows\System32\DriverStore\FileRepository\prnsa001.inf_3632565a\I386 directory. What's interesting is they are in a SamSung Printer driver directory. Not that a Korean company would do such a thing? "SONY" comes to mind. So there's the info, if anyone cares. BTW I have the Printer that this driver installs and I deleted these dll's and my printer STILL Functions just FINE, so Hmmmmmmm!!!!! False positive I don't know, but without these dll's in my system, shouldn't my printer and it's features not work, or tell me there's a problem? Food for thought
Yawn. The *first* hit in google for these files gives: http://www.fileproperties.com/s/smpclrc.dll.htm Sounds like spycop is a pile of junk if it's calling microsoft signed drivers spyware. Tony
I'm inclined to think this is a false positive. Given the beta nature of Vista, I don't think it is too surprising that removing these files doesn't elicit any apparent failure with regard to printing. Have you verified that the files are really gone, and haven't been replaced by some protective mechanism? I think the likelyhood of a keylogger--especially a known commercial product--being included in legitimate Vista media is quite low. All anti-spyware products have a risk for false positives. I wouldn't hold such an occurrence against a vendor, but I would look carefully at their response (or lack of)--to such reports. Since you can grab the .dll files in question, another approach would be to submit them to, for example, www.virustotal.com and see whether any of the vendors there identify them as bad. This is not a perfect science--not all antivirus vendors include spyware in their definition sets, but enough do that I think this is well worth doing with a file that you believe to be bad. --
Mike, Routinely, those third party applications as you describe, intentionally and wrongly indentify OS Spyware just for tricking you for wrongly believing they are providing a service. Please be assured, if you have 5 Vista's running that supposedly contain Spyware applications; 1) Un-knowingly you installed the Spyware via third party applications. 2) Certain # 1 did not occur because Vista will not allow such malware deploy within Vista !!!
