Avast 6.0 Let Keyboard.exe Through Without A Peep

Avast 6.0 let keyboard.exe slip right through yesterday on my WIN 7 Premium x64 installation.

Luckily Comodo’s Defense+ caught it when it tried to install some hooks into dwmapi.dll and sandboxed the sucker.

Appears keyboard.exe was downloaded to my Win 7 download folder. Have no clue what did it but I know I didn’t manually do it. It must have piggybacked on another download or IE did it.

That’s why you should always use a layer architecture.
Try to send the sample to virus(at)avast(dot)com

Sorry. Keyboard.exe is long gone. Flushed down the malware toliet!

You should run a bootscan with avast and maybe even a scan with MBAM just for piece of mind, would of been nice if you could have forwarded the sample to avast since you are blaming avast for missing it but dont give them a chance to test it and add it to there data base, makes it seem pointless in even reporting it now that you gotton rid of the sample,
What were you downloading and from which site?

Yeah, I ran additional anti-malware scans and I am clean.

I have no clue how this was downloaded. I do recollect very brief popup attempt prior to the time Comodo sandboxed it. I say brief because the screen changed and what appeared to be a popup appeared but it happened so fast I could not determine what it was and definitely did not have a chance to respond to it. I had extended the display time of my Comodo popups so I suspect this was an Avast popup.

The time noted in my Comodo logs show the sandoxing occuring right after a reboot. This explains why I never saw a Comodo alert for it. I stongly suspect the malware was downloaded prior to that. BTW - I would had never know about this if I had not been by chance reviewing my Comodo logs.

I did check all my Avast event history and it shows no malious activity occurred for the entire day.

I suspect that keyboard.exe could be a rogue keylogger that did not have a known signature?

I suspect that keyboard.exe could be a rogue keylogger that did not have a known signature?
upload suspicious file(s) to www.virustotal.com and test with 43 malware scanners when you have the result, copy the url in the address bar and post it here for us to see

alternatives
Jottis malware scan http://virusscan.jotti.org/
VirSCAN http://virscan.org/

Read post 2, he’s already gotten rid of the file.

I know, it was meant for next time :wink:

Ok :slight_smile:

Actually, I didn’t delete keyboard.exe.

The file was sandboxed by Comodo at 11:11 AM. Since this occured at a reboot, I didn’t get any alerts which was a bit strange. I didn’t see the activity in my Comodo log until early in the afternoon. By that time I had rebooted a couple of times. All I can figure is Comodo deleted it from the sandbox when it found it, scanned it in its cloud, and found it malicious.

I am still trying to figure out how keyboard.exe got placed in my download folder. Since there are versions of this file that are not malicous, appears someone has figured out a way to piggyback it on another download and get away with it.

This is the first case I can say I miss NIS 2011 that I have installed on my XP SP3 installation. Norton’s File Insight would have alerted me at least that the file had downloaded.