I want to have keylogger for personal/security reasons only.
And i know it is detected as trojan because it has trojan engine, so i added path in:
Settings->Exclusions, and
REAL-TIME SHIELDS->File System Shield->Expert Settings->Exclusions
even in scan settings (quick scan and full system scan)
There should be no mistakes in path because i selected folder using Avast (i didn’t type it).
So, when i install ardamax keylogger (with Avast off) it works fine,
but when i turn on Avast it just deletes POL.exe, and its not even in “virus chest”.
Excluding the whole folder is leaving too large a hole in security.
You should specifically exclude the file. Open the file system shield exclusions again and edit the path, change the * bit at the end to \pol.exe.
Next you should ensure the exclusions options include Read (R) Write (W) and Execute (X) otherwise it would be picked up if they aren’t all checked.
Avast doesn’t delete as its primary action unless you either have the options set to delete or set to Ask and choose delete at that point.
I don’t really know what is detecting this or when as you don’t say. Ardamax being a hidden resource to try and do its sneaky key-logging may be being detected by the anti-rootkit scan 8 minutes after boot or by the file system shield in installation.
If you can do a screen shot of just the avast alert window, that will answer that particylar question.
Avast has anti-rootkit scanning built in and runs 8 minutes after boot (or on certain on-demand scans) and this is why I asked about a screen shot of the alert as it hasn’t been clearly identified exactly what is alerting.
