Redhand keylogger detected by System Mechanic

[Martin]

I downloaded System Mechanic 6 - a free version from Computeractive - to
give it a go (in a sandbox). It claims to have detected Redhand keylogger.

Now I've run KL Detect and it has not found a keylogger. I also ran
Spyware Doctor and Spybot and they did not detect anything but then I'm not
so sure they claim to be able to spot this Redhand keylogger..

I've tried to find something via Google about this keylogger without a greal
deal of joy but I did find someone's posting concerning System Mechanic 4
having detected Redhand keylogger.

I don't want to to tell System Mechanic to clean it up and find it's messed
up my system (as System Mechanic seems to have done to one or 2 other users
in the past).

Can anyone kindly tell me how I can determine whether or not this is a false
positive or a real detection?

Many thnaks

Martin

[David H. Lipman]

From: "Martin" <vdp3r@hotmail.com>

| I downloaded System Mechanic 6 - a free version from Computeractive - to
| give it a go (in a sandbox). It claims to have detected Redhand keylogger.
|
| Now I've run KL Detect and it has not found a keylogger. I also ran
| Spyware Doctor and Spybot and they did not detect anything but then I'm not
| so sure they claim to be able to spot this Redhand keylogger..
|
| I've tried to find something via Google about this keylogger without a greal
| deal of joy but I did find someone's posting concerning System Mechanic 4
| having detected Redhand keylogger.
|
| I don't want to to tell System Mechanic to clean it up and find it's messed
| up my system (as System Mechanic seems to have done to one or 2 other users
| in the past).
|
| Can anyone kindly tell me how I can determine whether or not this is a false
| positive or a real detection?
|
| Many thnaks
|
| Martin
|

I would NOT suggest using "System Mechanic 6".

If System Mechanic 6 indicated "Redhand keylogger" then file/files were detected. What
files ?

When the files are identified, please submit samples to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN

When you get the report(s), please post back the exact results.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

[vdp4r@hotmail.com]

On Jun 20, 10:07 pm, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
wrote:
> From: "Martin" <v...@hotmail.com>
>
> | I downloaded System Mechanic 6 - a free version from Computeractive - to
> | give it a go (in a sandbox). It claims to have detected Redhand keylogger.
> |
> | Now I've run KL Detect and it has not found a keylogger. I also ran
> | Spyware Doctor and Spybot and they did not detect anything but then I'm not
> | so sure they claim to be able to spot this Redhand keylogger..
> |
> | I've tried to find something via Google about this keylogger without a greal
> | deal of joy but I did find someone's posting concerning System Mechanic 4
> | having detected Redhand keylogger.
> |
> | I don't want to to tell System Mechanic to clean it up and find it's messed
> | up my system (as System Mechanic seems to have done to one or 2 other users
> | in the past).
> |
> | Can anyone kindly tell me how I can determine whether or not this is a false
> | positive or a real detection?
> |
> | Many thnaks
> |
> | Martin
> |
>
> I would NOT suggest using "System Mechanic 6".
>
> If System Mechanic 6 indicated "Redhand keylogger" then file/files were detected. What
> files ?
>
> When the files are identified, please submit samples to Virus Total --http://www.virustotal.com/flash/index_en.html
> The submission will then be tested against many different AV vendor's scanners.
> That will give you an idea what it is and who recognizes it. In addition, unless told
> otherwise, Virus Total will provide the sample to all participating vendors.
>
> You can also submit a suspect, one at a time, via the following email URL...
> mailto:s...@virustotal.com?subject=SCAN
>
> When you get the report(s), please post back the exact results.
>
> --
> Davehttp://www.claymania.com/removal-trojan-adware.htmlhttp://www.ik-cs.com/got-a-virus.htm


Sincere thanks for helping me out with this one, David.

The file was stkit432.dll in C:\WINNT\System32 (Windows 2000
Pro). I sent it in to be tested as you advised and it's come back
with a clean bill of health. The right-click properties details
of this file show it to be a Microsoft Visual Basic for Windows
file. So despite System Mechanic indicating that this is the RedHand
keylogger parasite, it seems it's a perfectly legitimate file.

It's been a good learning exercise for me and your website is also a
good discovery for me too.

I'm really grateful to you for your kind guidance with this problem.

Martin

[David H. Lipman]

From: <vdp4r@hotmail.com>


|
| Sincere thanks for helping me out with this one, David.
|
| The file was stkit432.dll in C:\WINNT\System32 (Windows 2000
| Pro). I sent it in to be tested as you advised and it's come back
| with a clean bill of health. The right-click properties details
| of this file show it to be a Microsoft Visual Basic for Windows
| file. So despite System Mechanic indicating that this is the RedHand
| keylogger parasite, it seems it's a perfectly legitimate file.
|
| It's been a good learning exercise for me and your website is also a
| good discovery for me too.
|
| I'm really grateful to you for your kind guidance with this problem.
|
| Martin
|

I'm glad to help. :-)

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm