You are here: Home | Forum | tspy - Trojan keylogger
You are currently viewing our boards as a guest which gives you limited access to view most of the discussions, articles and other free features. By joining our Virgin Media community you will have full access to all discussions, be able to view and post threads, communicate privately with other members (PM), respond to polls, upload your own images/photos, and access many other special features. Registration is fast, simple and absolutely free so please join our community today.
There are reports of this infection being picked up all over the net, but only by Trend Micro which is consistently finding these two all over the place and astounding people with secure systems.
TSPY_CIMUZ
TSPY_AGENT.TQ
I think the idea that Trend have a false positive makes a lot of sense to me at this stage but I have not proved it yet and of course it does not feel safe to gamble that it is the case. I cannot ignore the fact that scared punters make eager customers so there is little incentive to debunk a false positive for any of the antivirus companies.
Well, providing your computer is not displaying any odd signs then you are probably right.
However, always remember that HJT doesn't see everything. Not by a long way. Activescan, Kapersky, Housecall, SilentRunners, FindIt ... these, and others, see much deeper and reveal things HJT won't show ("false positives" notwithstanding ).
if you had a active keylogger and no outbound traffic and no established connection to it as well as no listening ports I would suspect it is a false positive considering the above found in google.
Although I may have done the same and done a format.
OK I have got to own up ! After doing a thorough scan with Kaspersky online scanner I found two potential viruses culprites buried deep in my email folders.
One was a phishing link for a paypal scam which I had reported and the other an unknown attachment which I had never opened on principle. Since I backup my email to independant partitions and IDE I had three copies of each on the same rig.
They were not active but I think they were triggering Trend so not a false positive exactly but I think the phishing link must have been recognised as a component of the key logger even though I was not infected due its inclusion in Trend's recognition data.
So not false positives IMHO but not necessarily an active infection.
Join CF
You are here: 
).
