Metropol

This week, I installed the latest version (1.4) of spyware remover Spybot Search & Destroy.
Having just booted my PC into Windows 2000, the antivirus program I'm currently using on
this OS (AntiVir) displayed the following alarming and somewhat unexpected warning:



Surely a popular anti-malware program such as Spybot S+D couldn't be bundling malware,
or have malicious programmers found a way of compromising it so soon after it's release?

I chose to quarantine the file in question. But will this cause Spybot S+D to no longer
work. Should I uninstall Spybot S+D. Has AntiVir reporting what could be classed as
a false positive? I'm a bit reluctant to install a second AV prog in case it clashes
with AntiVir. I'll download/install AVG7.0, and give it a go anyway . . .

From Wikipedia (http://en.wikipedia.org/wiki/Heuristic_ ... science%29)

Heuristics in virus scanning

In a virus scanner, enabling the heuristics option, which is available in most commercial and free scanners such as AntiVir (http://www.free-av.com), will tell the scanner to attempt to pattern match on known viruses. For example, most virus scanners have a library of definitions, which are codes that match what the viruses look like. Enabling heuristics tells the program that if a program, file, or part of a program looks like a virus but the definition isn't exact, go ahead and let the user know that the file is potentially a virus. Enabling heuristics usually takes a little longer, but as usual with computer safety, it's better safe than sorry.

It is probably a false-positive result (not uncommon); try using another AV program, and send an e-mail to Spybot's author reporting the problem.

also, bare in mind if that application provides system-wide hotkeys, it will be using the same systems calls as a key logger would.

windows xp has some additional protection against key stroke logging software which use a dll-hook. many edit boxes are now simply by-passed and filtered through the chain.