To-day I have a found a strange thing here myself. I scanned
my comp with Ad-aware SE, and it came up with 10 similar instances of Spyware Advanced Key Logger, the processes should be located in WINDOWS\SYSTEM\SHELL32.DLL I have looked into this dll, it is 1401104 b version 4.72.38.12.600 on Win98 SE unoficial SP, the file packers found Obsidium vx.x.x.x and ASProtect vx.x The Spyware Process is a CSI MATCH says Ad-Aware. I think it is a FP.
I scanned with all other Spybot SD, webroots Spyaudit, XCleaner that seems to clean it, also found nothing, updated SHELL32.DLL to Jotti nothing, and looked for all traces of advanced_keylogger also in the registry at: HKEY_LOCAL_MACHINE\software\microsoft\ and in system\currentset\services\svchost not there either.
What to do next? Anyone familiar with this or know more about it?
Polonus use that REPLACER program you have and copy shell32.dll from your win cd or download it from the net…
EDIT:Here it is Damian just scroll down to the S section and download it http://www.5starsupport.com/info/dll.htm
And yes i checked it’s the same version you have 8)
Well I am back as I explained, now I know all about this darned SHELL32.DLL and learned more then in 1 year. I put the old system file on a diskette, downloaded the fresh one, so I had a Swedish desktop without any shortcuts, but the taskbar was there. Did not panick and…
Reloaded the new system file, and then unpacked the old one back to its place (had saved it thank heavens), and probably cleansed it during the process or else these are certainly FP’s. So glad I landed back on my bare two feet and “wszystko gra” that means all is running. Just got the info from the Dutch anti-spyware forum, this is a FP from Ad-Aware, it sees SHELL32.DLL in Win 98SE as a keylogger. FALSE POSITIVE.
HAHA ;D Sorry Polonus but i cannot help but to laugh when i imagine you looking at that swedish desktop,sweating
and scratching your head when you figured out that .dll is swedish… ;D I had no idea it was swedish nor that replacer only works for 2000/XP.But you did learn something new and you got rid of those detections right So something good came out of it in the end right ;D But still i wonder what those “advanced keyloggers” detections were?FP or actual infections?
Well they sure are FP’s, next time Ad-Aware is updated they certainly will be gone. What I learned doing this, is how I can restore and unpack my clean system files from a CD or whatever medium. So you put all the non-compromised system files on a CD or DVD, and unpack them like the normal routine when one misses or is corrupted. Well just as with fiddling with the registry, you first have to back up them somewhere, like in Win98 SE unofficial SP2: C:\Windows\Helpdesk\SFC as a place for the back-up system files. As an emergency exercise this is fabulous. And now in hide-sight I can laugh about it all.
For those on Win98SE the FP for shell32.dll were in Ad Aware definitions: SE1R82 of 19.12.2005.
Just received email notification of a new Ad-Aware update
( R84 ), though "R83" appears to have been
skipped, and saw no mention of any "correction" to your
Dutch-based "false-positive"; perhaps you should :
"If you think something needs to be sent to us for review, visit our submission site at:
http://www.lavasofthelp.net/submit/ "