SpyMyPC Pro Keylogger found in Vista Beta 2 software.

Discussion in 'Windows Vista Security' started by Mike, Aug 18, 2006.

  1. Mike

    Mike Guest

    I found the keylogger program "SpyMyPC Pro" in the
    Windows\System32\DriverStore\FileRepository directory.

    It's in a Windows Input Printer Driver file.
    I used "SPYCOP version 7" to find the keylogger.

    I thought it was a false, I installed Vista Beta 2 on a Fresh Hard drive on
    a differrent PC, and sure enough the keylogger is there.

    I've found the keylogger in the same file on 5 Vista beta 2 PC's.

    Microsoft you need to check this out as SpyCop has never given me a FALSE
    positive.
     
    Mike, Aug 18, 2006
    #1
    1. Advertisements

  2. What does SpyCop support have to say about this finding?
    What Vista build is this, and what source did you get it from?
     
    Bill Sanderson, Aug 19, 2006
    #2
    1. Advertisements

  3. Mike

    Mike Guest

    I left message on Spycop support. Still waiting for reply.

    Here's the info:

    The dll's in question are: "smpclrc.dll" and "smpclrd.dll"

    These dll's are identified as belonging to the "SpyMyPC Pro by Benutec" a
    Keyloggin program.

    These dll's are located in:

    Windows\System32\DriverStore\FileRepository\prnsa001.inf_3632565a\I386
    directory.

    What's interesting is they are in a SamSung Printer driver directory. Not
    that a Korean company would do such a thing? "SONY" comes to mind.

    So there's the info, if anyone cares.

    BTW I have the Printer that this driver installs and I deleted these dll's
    and my printer STILL Functions just FINE, so Hmmmmmmm!!!!!

    False positive I don't know, but without these dll's in my system, shouldn't
    my printer and it's features not work, or tell me there's a problem?

    Food for thought
     
    Mike, Aug 19, 2006
    #3
  4. Mike

    Tony Hoyle Guest

    Yawn. The *first* hit in google for these files gives:

    http://www.fileproperties.com/s/smpclrc.dll.htm

    Sounds like spycop is a pile of junk if it's calling microsoft signed
    drivers spyware.

    Tony
     
    Tony Hoyle, Aug 19, 2006
    #4
  5. I'm inclined to think this is a false positive. Given the beta nature of
    Vista, I don't think it is too surprising that removing these files doesn't
    elicit any apparent failure with regard to printing. Have you verified that
    the files are really gone, and haven't been replaced by some protective
    mechanism?

    I think the likelyhood of a keylogger--especially a known commercial
    product--being included in legitimate Vista media is quite low.

    All anti-spyware products have a risk for false positives. I wouldn't hold
    such an occurrence against a vendor, but I would look carefully at their
    response (or lack of)--to such reports.

    Since you can grab the .dll files in question, another approach would be to
    submit them to, for example, www.virustotal.com and see whether any of the
    vendors there identify them as bad. This is not a perfect science--not all
    antivirus vendors include spyware in their definition sets, but enough do
    that I think this is well worth doing with a file that you believe to be
    bad.

    --
     
    Bill Sanderson, Aug 22, 2006
    #5
  6. Mike

    FireWall2 Guest

    Mike,

    Routinely, those third party applications as you describe, intentionally and
    wrongly indentify OS Spyware just for tricking you for wrongly believing they
    are providing a service.

    Please be assured, if you have 5 Vista's running that supposedly contain
    Spyware applications;

    1) Un-knowingly you installed the Spyware via third party applications.

    2) Certain # 1 did not occur because Vista will not allow such malware
    deploy within Vista !!!
     
    FireWall2, Jan 15, 2007
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.