Redhand keylogger detected by System Mechanic

[vdp4r@hotmail.com]

On Jun 20, 10:07 pm, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
wrote:
> From: "Martin" <v...@hotmail.com>
>
> | I downloaded System Mechanic 6 - a free version from Computeractive - to
> | give it a go (in a sandbox). It claims to have detected Redhand keylogger.
> |
> | Now I've run KL Detect and it has not found a keylogger. I also ran
> | Spyware Doctor and Spybot and they did not detect anything but then I'm not
> | so sure they claim to be able to spot this Redhand keylogger..
> |
> | I've tried to find something via Google about this keylogger without a greal
> | deal of joy but I did find someone's posting concerning System Mechanic 4
> | having detected Redhand keylogger.
> |
> | I don't want to to tell System Mechanic to clean it up and find it's messed
> | up my system (as System Mechanic seems to have done to one or 2 other users
> | in the past).
> |
> | Can anyone kindly tell me how I can determine whether or not this is a false
> | positive or a real detection?
> |
> | Many thnaks
> |
> | Martin
> |
>
> I would NOT suggest using "System Mechanic 6".
>
> If System Mechanic 6 indicated "Redhand keylogger" then file/files were detected. What
> files ?
>
> When the files are identified, please submit samples to Virus Total --http://www.virustotal.com/flash/index_en.html
> The submission will then be tested against many different AV vendor's scanners.
> That will give you an idea what it is and who recognizes it. In addition, unless told
> otherwise, Virus Total will provide the sample to all participating vendors.
>
> You can also submit a suspect, one at a time, via the following email URL...
> mailto:s...@virustotal.com?subject=SCAN
>
> When you get the report(s), please post back the exact results.
>
> --
> Davehttp://www.claymania.com/removal-trojan-adware.htmlhttp://www.ik-cs.com/got-a-virus.htm


Sincere thanks for helping me out with this one, David.

The file was stkit432.dll in C:\WINNT\System32 (Windows 2000
Pro). I sent it in to be tested as you advised and it's come back
with a clean bill of health. The right-click properties details
of this file show it to be a Microsoft Visual Basic for Windows
file. So despite System Mechanic indicating that this is the RedHand
keylogger parasite, it seems it's a perfectly legitimate file.

It's been a good learning exercise for me and your website is also a
good discovery for me too.

I'm really grateful to you for your kind guidance with this problem.

Martin

[David H. Lipman]

From: <vdp4r@hotmail.com>


|
| Sincere thanks for helping me out with this one, David.
|
| The file was stkit432.dll in C:\WINNT\System32 (Windows 2000
| Pro). I sent it in to be tested as you advised and it's come back
| with a clean bill of health. The right-click properties details
| of this file show it to be a Microsoft Visual Basic for Windows
| file. So despite System Mechanic indicating that this is the RedHand
| keylogger parasite, it seems it's a perfectly legitimate file.
|
| It's been a good learning exercise for me and your website is also a
| good discovery for me too.
|
| I'm really grateful to you for your kind guidance with this problem.
|
| Martin
|

I'm glad to help. :-)

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm