Hello Forum, can anyone assist me with this one, I have 3 licences KIS Ver 10 9.0.0.463 and 9.0.0.459 and all machines are indicating a threat called PDM Keylogger. I suspect that KIS is picking up this code from the program itself. anyway to block it out or is it just a bug in this program, or some other nasty.
Thanks
Full Version: PDM Keylogger Detected in Treats Ver. 10
QUOTE (Garry @ Aug 17 2009, 07:15 AM) 
Hello Forum, can anyone assist me with this one, I have 3 licences KIS Ver 10 9.0.0.463 and 9.0.0.459 and all machines are indicating a threat called PDM Keylogger. I suspect that KIS is picking up this code from the program itself. anyway to block it out or is it just a bug in this program, or some other nasty.
Thanks
Thanks
Provide the 'detection' as its listed from your Reports.
Kaspersky -> Click on 'Reports' -> Click on 'Detailed Report'
Highly likely that its just your Keyboard driver. Especially for for multimedia keyboards. (Internet/email/favourites buttons etc)
aKshun
Thanks again for your replys, this is the very first entry in the reports on the very first time KIS run after I updated it to 9.0.0.463 it was happening on the prior vers also.
I do have a multimedia wireless keyboard, I have not installed any drivers as Vista auto runs these units.
Absent (events: 3)
16/08/2009 8:15:29 AM Proactive Defense Detected: PDM.Keylogger Keylogger activity kernel mode memory patch
16/08/2009 8:15:29 AM Proactive Defense Detected: PDM.Keylogger Keylogger activity kernel mode memory patch
16/08/2009 8:32:19 AM File Anti-Virus Processing error D Read error
Any more help I would appreciate
Thanks again for your replys, this is the very first entry in the reports on the very first time KIS run after I updated it to 9.0.0.463 it was happening on the prior vers also.
I do have a multimedia wireless keyboard, I have not installed any drivers as Vista auto runs these units.
Absent (events: 3)
16/08/2009 8:15:29 AM Proactive Defense Detected: PDM.Keylogger Keylogger activity kernel mode memory patch
16/08/2009 8:15:29 AM Proactive Defense Detected: PDM.Keylogger Keylogger activity kernel mode memory patch
16/08/2009 8:32:19 AM File Anti-Virus Processing error D Read error
Any more help I would appreciate
QUOTE (Garry @ Aug 17 2009, 05:57 PM)
aKshun
Thanks again for your replys, this is the very first entry in the reports on the very first time KIS run after I updated it to 9.0.0.463 it was happening on the prior vers also.
I do have a multimedia wireless keyboard, I have not installed any drivers as Vista auto runs these units.
Absent (events: 3)
16/08/2009 8:15:29 AM Proactive Defense Detected: PDM.Keylogger Keylogger activity kernel mode memory patch
16/08/2009 8:15:29 AM Proactive Defense Detected: PDM.Keylogger Keylogger activity kernel mode memory patch
16/08/2009 8:32:19 AM File Anti-Virus Processing error D Read error
Any more help I would appreciate
Thanks again for your replys, this is the very first entry in the reports on the very first time KIS run after I updated it to 9.0.0.463 it was happening on the prior vers also.
I do have a multimedia wireless keyboard, I have not installed any drivers as Vista auto runs these units.
Absent (events: 3)
16/08/2009 8:15:29 AM Proactive Defense Detected: PDM.Keylogger Keylogger activity kernel mode memory patch
16/08/2009 8:15:29 AM Proactive Defense Detected: PDM.Keylogger Keylogger activity kernel mode memory patch
16/08/2009 8:32:19 AM File Anti-Virus Processing error D Read error
Any more help I would appreciate
Yup, definitely looks like it would be the Multimedia Keyboard.
Can you save your full report and attach it a reply. I just need to find the name of the keyboard driver thats been used then i'll give you the instructions to add it to Trusted.
Hi again, how do I output the full expanded report to a file
QUOTE (Garry @ Aug 17 2009, 06:05 PM)
Hi again, how do I output the full expanded report to a file
Kaspersky 2010 -> Report (top right) -> Detailed Report -> Save (top right)
Save it as a text file
Hi, sorry the output button was there looking at me,
File attached
File attached
QUOTE (Garry @ Aug 17 2009, 06:09 PM)
Hi, sorry the output button was there looking at me,
File attached
File attached
Hmm, not quite what i needed. Not your fault, is mine.
Can you click the 'dropdown' from the top left inside the reports and choose 'Proactive Defense'. Save that report for me.
Proactive defence file attached
Sorry for the delay Garry, i had to pack-up and take the incredible Melbourne rail system home.
My first assumption appears incorrect, this isn't your keyboard driver. But a program attempting to hook into the kernel. This could be dangerous, depending on the software performing it. Based on the log it says its 'legal' software. Which means its identified.
In this case i believe its something legal you have on your system that requires a hook into your kernel. I wouldn't be able to say what based on the reports, as Kaspersky is only detecting the hook not the application causing it.
You can do one of two things.
Create a GetSystemInfo report and post it here.
Create a GetSystemInfo report and send it to the lads at KasperskyANZ.
I'd go with number 2, but number 1 might show some people on the forum how it all works. Up to you really.
My first assumption appears incorrect, this isn't your keyboard driver. But a program attempting to hook into the kernel. This could be dangerous, depending on the software performing it. Based on the log it says its 'legal' software. Which means its identified.
In this case i believe its something legal you have on your system that requires a hook into your kernel. I wouldn't be able to say what based on the reports, as Kaspersky is only detecting the hook not the application causing it.
You can do one of two things.
Create a GetSystemInfo report and post it here.
Create a GetSystemInfo report and send it to the lads at KasperskyANZ.
I'd go with number 2, but number 1 might show some people on the forum how it all works. Up to you really.
Hello aKshun
I have decided to upload my sys. info file onto the forum to see what we can arrive at. Thanks, All comments welcome
I have decided to upload my sys. info file onto the forum to see what we can arrive at. Thanks, All comments welcome
QUOTE (Garry @ Aug 18 2009, 06:51 AM)
Hello aKshun
I have decided to upload my sys. info file onto the forum to see what we can arrive at. Thanks, All comments welcome
I have decided to upload my sys. info file onto the forum to see what we can arrive at. Thanks, All comments welcome
Hello Garry,
My money is on 'PeerGuardian2' or 'Hard Disk Sentinel Pro'.
Best bet is to disable the detection of 'Kernal Mode Memory Patch'.
Kaspersky -> Settings -> Proactive Defense -> Untick 'Operating System Kernal Modification'
By default the above is unticked. Kaspersky will just detect when another product hooking into your system kernal.
---
For note other common programs that will do this are, Multiplayer Games (punkbuster, VAC etc), System Monitors, Hard Drive Monitors.
The option for 'Operating System Kernal Modification' exists, but for most users is far too much protection. Should you become or know you are infected, it could be useful to enable, but for general use; it will just return false positives.
Hello aKshun
This is a print attached of the screen where you indicated to go, it does not contain the check box we are looking for.
This is a print attached of the screen where you indicated to go, it does not contain the check box we are looking for.
Nearly there mate, just hit the Settings button in the top right.
aKshun
I have been into that setting icon, there is not a label as you describe to disable, I am at work at the moment so I cannot quote the labels, from memory there is one labelled something around PDM Keylogging. If you cannot see a screen I will sent you another screen dump to night.
I have been into that setting icon, there is not a label as you describe to disable, I am at work at the moment so I cannot quote the labels, from memory there is one labelled something around PDM Keylogging. If you cannot see a screen I will sent you another screen dump to night.
QUOTE (Garry @ Aug 19 2009, 11:12 AM)
aKshun
I have been into that setting icon, there is not a label as you describe to disable, I am at work at the moment so I cannot quote the labels, from memory there is one labelled something around PDM Keylogging. If you cannot see a screen I will sent you another screen dump to night.
I have been into that setting icon, there is not a label as you describe to disable, I am at work at the moment so I cannot quote the labels, from memory there is one labelled something around PDM Keylogging. If you cannot see a screen I will sent you another screen dump to night.
This should be where you can edit it.
aKsun
The label "Operating system kernal modification" does not appear in my list, it is the only one missing on the list, I have nine items only this one is missing. Any clues on how I can make it appear on the settings list.
The label "Operating system kernal modification" does not appear in my list, it is the only one missing on the list, I have nine items only this one is missing. Any clues on how I can make it appear on the settings list.
QUOTE (Garry @ Aug 19 2009, 06:34 PM)
aKsun
The label "Operating system kernal modification" does not appear in my list, it is the only one missing on the list, I have nine items only this one is missing. Any clues on how I can make it appear on the settings list.
The label "Operating system kernal modification" does not appear in my list, it is the only one missing on the list, I have nine items only this one is missing. Any clues on how I can make it appear on the settings list.
Wow that's interesting. Would make sense though, perhaps its somehow disappeared while being locked into use. I could recommend a repair to be sure, or even a fresh install of the newest version. Odd that, that simple option has gone amiss.
Might be time to contact Kaspersky ANZ support.
Aksun
I have 2 Vista machines and 2 machines running XpPro, this item does not appear in either Vista machines but does appear in the XP machines, so I reckon Vista does this activity differently. Do you run Vista Home Premium or XP. Can anyone else comment on whether this item appaears in the settings on Vista or not?
I have 2 Vista machines and 2 machines running XpPro, this item does not appear in either Vista machines but does appear in the XP machines, so I reckon Vista does this activity differently. Do you run Vista Home Premium or XP. Can anyone else comment on whether this item appaears in the settings on Vista or not?
AkShun
The version I have on this machine has been installed less than a week ago, it is the latest 0.0.0463, I just think Vista does not display the Operating System Kernal Modification.
The version I have on this machine has been installed less than a week ago, it is the latest 0.0.0463, I just think Vista does not display the Operating System Kernal Modification.
QUOTE (Garry @ Aug 20 2009, 08:35 AM)
AkShun
The version I have on this machine has been installed less than a week ago, it is the latest 0.0.0463, I just think Vista does not display the Operating System Kernal Modification.
The version I have on this machine has been installed less than a week ago, it is the latest 0.0.0463, I just think Vista does not display the Operating System Kernal Modification.
That is a high possibility, Vista and XP have different kernels.
I am running Windows 7, which uses the same Kernel as Vista, and I do not have the option in Kaspersky either.
~gremlin
I have exactly the same error. I got home today and booted up windows 7 ultimate x64 and Kaspersky told me the same thing. On the international site for Kaspersky this is being reported by many people (increasingly in the last week) so I believe it is a Kaspersky false positive. I have not installed anything new.
24/11/2009 5:29:21 PM Task started Kaspersky Internet Security Proactive Defense
24/11/2009 5:30:17 PM Detected: PDM.Keylogger Absent Keylogger activity kernel mode memory patch
24/11/2009 5:30:18 PM Detected: PDM.Keylogger Absent Keylogger activity kernel mode memory patch Action selected by user
Status: Suspicious (events: 1)
24/11/2009 5:30:17 PM Suspicious legal software that can be used by criminals for damaging your computer or personal data PDM.Keylogger kernel mode memory patch Medium
Full Log:
Date: Yesterday (events: 22)
My Protection (events: 2)
23/11/2009 5:38:04 PM Your computer is protected Kaspersky Internet Security
23/11/2009 2:54:09 AM Protection is not running Kaspersky Internet Security
File Anti-Virus (events: 1)
23/11/2009 5:37:45 PM Task started Kaspersky Internet Security File Anti-Virus
Mail Anti-Virus (events: 1)
23/11/2009 5:37:46 PM Task started Kaspersky Internet Security Mail Anti-Virus
Web Anti-Virus (events: 1)
23/11/2009 5:37:46 PM Task started Kaspersky Internet Security Web Anti-Virus
Network Attack Blocker (events: 1)
23/11/2009 5:37:46 PM Task started Kaspersky Internet Security Network Attack Blocker
Anti-Spam (events: 1)
23/11/2009 5:37:45 PM Task started Kaspersky Internet Security Anti-Spam
Application Control (events: 2)
23/11/2009 9:50:09 PM Allowed: Low level disk access FTPRush FTP Client Low level disk access Device\HarddiskVolume4 Low level disk access
23/11/2009 5:37:46 PM Task started Kaspersky Internet Security Application Control
Proactive Defense (events: 1)
23/11/2009 5:37:46 PM Task started Kaspersky Internet Security Proactive Defense
Firewall (events: 1)
23/11/2009 5:37:45 PM Task started Kaspersky Internet Security Firewall
IM Anti-Virus (events: 1)
23/11/2009 5:37:46 PM Task started Kaspersky Internet Security IM Anti-Virus
Objects Scan (events: 2)
23/11/2009 6:11:27 PM Task completed Kaspersky Internet Security Rootkit Scan
23/11/2009 6:07:56 PM Task started Kaspersky Internet Security Rootkit Scan
My Update Center (events: 8)
23/11/2009 10:34:18 PM Task completed Kaspersky Internet Security My Update Center
23/11/2009 10:33:29 PM Task started Kaspersky Internet Security My Update Center
23/11/2009 8:14:08 PM Task completed Kaspersky Internet Security My Update Center
23/11/2009 8:13:29 PM Task started Kaspersky Internet Security My Update Center
23/11/2009 5:53:47 PM Task completed Kaspersky Internet Security My Update Center
23/11/2009 5:52:59 PM Task started Kaspersky Internet Security My Update Center
23/11/2009 12:55:37 AM Task completed Kaspersky Internet Security My Update Center
23/11/2009 12:54:58 AM Task started Kaspersky Internet Security My Update Center
Date: Today (events: 26)
My Protection (events: 1)
24/11/2009 7:58:28 AM Protection is not running Kaspersky Internet Security
File Anti-Virus (events: 1)
24/11/2009 5:29:21 PM Task started Kaspersky Internet Security File Anti-Virus
Mail Anti-Virus (events: 1)
24/11/2009 5:29:21 PM Task started Kaspersky Internet Security Mail Anti-Virus
Web Anti-Virus (events: 1)
24/11/2009 5:29:21 PM Task started Kaspersky Internet Security Web Anti-Virus
Network Attack Blocker (events: 1)
24/11/2009 5:29:21 PM Task started Kaspersky Internet Security Network Attack Blocker
Anti-Spam (events: 1)
24/11/2009 5:29:21 PM Task started Kaspersky Internet Security Anti-Spam
Application Control (events: 5)
24/11/2009 3:09:57 AM MPAS-D_BD1.EXE Placed in group Trusted Signed by the digital signature of entrusted manufacturers
24/11/2009 3:09:59 AM MPMINISIGSTUB.EXE Placed in group Trusted Signed by the digital signature of entrusted manufacturers
24/11/2009 3:09:59 AM Microsoft Malware Protection Signature Update Stub Placed in group Trusted Signed by the digital signature of entrusted manufacturers
24/11/2009 5:29:21 PM Task started Kaspersky Internet Security Application Control
24/11/2009 5:44:15 PM Windows CardSpace Placed in group Trusted Signed by the digital signature of entrusted manufacturers
Proactive Defense (events: 3)
24/11/2009 5:29:21 PM Task started Kaspersky Internet Security Proactive Defense
24/11/2009 5:30:17 PM Detected: PDM.Keylogger Absent Keylogger activity kernel mode memory patch
24/11/2009 5:30:18 PM Detected: PDM.Keylogger Absent Keylogger activity kernel mode memory patch Action selected by user
Firewall (events: 1)
24/11/2009 5:29:21 PM Task started Kaspersky Internet Security Firewall
IM Anti-Virus (events: 1)
24/11/2009 5:29:21 PM Task started Kaspersky Internet Security IM Anti-Virus
My Update Center (events: 10)
24/11/2009 12:53:30 AM Task started Kaspersky Internet Security My Update Center
24/11/2009 12:54:04 AM Task completed Kaspersky Internet Security My Update Center
24/11/2009 3:13:29 AM Task started Kaspersky Internet Security My Update Center
24/11/2009 3:13:49 AM Task completed Kaspersky Internet Security My Update Center
24/11/2009 5:33:29 AM Task started Kaspersky Internet Security My Update Center
24/11/2009 5:33:44 AM Task completed Kaspersky Internet Security My Update Center
24/11/2009 7:53:29 AM Task started Kaspersky Internet Security My Update Center
24/11/2009 7:54:09 AM Task completed Kaspersky Internet Security My Update Center
24/11/2009 5:44:28 PM Task started Kaspersky Internet Security My Update Center
24/11/2009 5:45:24 PM Task completed Kaspersky Internet Security My Update Center
24/11/2009 5:29:21 PM Task started Kaspersky Internet Security Proactive Defense
24/11/2009 5:30:17 PM Detected: PDM.Keylogger Absent Keylogger activity kernel mode memory patch
24/11/2009 5:30:18 PM Detected: PDM.Keylogger Absent Keylogger activity kernel mode memory patch Action selected by user
Status: Suspicious (events: 1)
24/11/2009 5:30:17 PM Suspicious legal software that can be used by criminals for damaging your computer or personal data PDM.Keylogger kernel mode memory patch Medium
Full Log:
Date: Yesterday (events: 22)
My Protection (events: 2)
23/11/2009 5:38:04 PM Your computer is protected Kaspersky Internet Security
23/11/2009 2:54:09 AM Protection is not running Kaspersky Internet Security
File Anti-Virus (events: 1)
23/11/2009 5:37:45 PM Task started Kaspersky Internet Security File Anti-Virus
Mail Anti-Virus (events: 1)
23/11/2009 5:37:46 PM Task started Kaspersky Internet Security Mail Anti-Virus
Web Anti-Virus (events: 1)
23/11/2009 5:37:46 PM Task started Kaspersky Internet Security Web Anti-Virus
Network Attack Blocker (events: 1)
23/11/2009 5:37:46 PM Task started Kaspersky Internet Security Network Attack Blocker
Anti-Spam (events: 1)
23/11/2009 5:37:45 PM Task started Kaspersky Internet Security Anti-Spam
Application Control (events: 2)
23/11/2009 9:50:09 PM Allowed: Low level disk access FTPRush FTP Client Low level disk access Device\HarddiskVolume4 Low level disk access
23/11/2009 5:37:46 PM Task started Kaspersky Internet Security Application Control
Proactive Defense (events: 1)
23/11/2009 5:37:46 PM Task started Kaspersky Internet Security Proactive Defense
Firewall (events: 1)
23/11/2009 5:37:45 PM Task started Kaspersky Internet Security Firewall
IM Anti-Virus (events: 1)
23/11/2009 5:37:46 PM Task started Kaspersky Internet Security IM Anti-Virus
Objects Scan (events: 2)
23/11/2009 6:11:27 PM Task completed Kaspersky Internet Security Rootkit Scan
23/11/2009 6:07:56 PM Task started Kaspersky Internet Security Rootkit Scan
My Update Center (events: 8)
23/11/2009 10:34:18 PM Task completed Kaspersky Internet Security My Update Center
23/11/2009 10:33:29 PM Task started Kaspersky Internet Security My Update Center
23/11/2009 8:14:08 PM Task completed Kaspersky Internet Security My Update Center
23/11/2009 8:13:29 PM Task started Kaspersky Internet Security My Update Center
23/11/2009 5:53:47 PM Task completed Kaspersky Internet Security My Update Center
23/11/2009 5:52:59 PM Task started Kaspersky Internet Security My Update Center
23/11/2009 12:55:37 AM Task completed Kaspersky Internet Security My Update Center
23/11/2009 12:54:58 AM Task started Kaspersky Internet Security My Update Center
Date: Today (events: 26)
My Protection (events: 1)
24/11/2009 7:58:28 AM Protection is not running Kaspersky Internet Security
File Anti-Virus (events: 1)
24/11/2009 5:29:21 PM Task started Kaspersky Internet Security File Anti-Virus
Mail Anti-Virus (events: 1)
24/11/2009 5:29:21 PM Task started Kaspersky Internet Security Mail Anti-Virus
Web Anti-Virus (events: 1)
24/11/2009 5:29:21 PM Task started Kaspersky Internet Security Web Anti-Virus
Network Attack Blocker (events: 1)
24/11/2009 5:29:21 PM Task started Kaspersky Internet Security Network Attack Blocker
Anti-Spam (events: 1)
24/11/2009 5:29:21 PM Task started Kaspersky Internet Security Anti-Spam
Application Control (events: 5)
24/11/2009 3:09:57 AM MPAS-D_BD1.EXE Placed in group Trusted Signed by the digital signature of entrusted manufacturers
24/11/2009 3:09:59 AM MPMINISIGSTUB.EXE Placed in group Trusted Signed by the digital signature of entrusted manufacturers
24/11/2009 3:09:59 AM Microsoft Malware Protection Signature Update Stub Placed in group Trusted Signed by the digital signature of entrusted manufacturers
24/11/2009 5:29:21 PM Task started Kaspersky Internet Security Application Control
24/11/2009 5:44:15 PM Windows CardSpace Placed in group Trusted Signed by the digital signature of entrusted manufacturers
Proactive Defense (events: 3)
24/11/2009 5:29:21 PM Task started Kaspersky Internet Security Proactive Defense
24/11/2009 5:30:17 PM Detected: PDM.Keylogger Absent Keylogger activity kernel mode memory patch
24/11/2009 5:30:18 PM Detected: PDM.Keylogger Absent Keylogger activity kernel mode memory patch Action selected by user
Firewall (events: 1)
24/11/2009 5:29:21 PM Task started Kaspersky Internet Security Firewall
IM Anti-Virus (events: 1)
24/11/2009 5:29:21 PM Task started Kaspersky Internet Security IM Anti-Virus
My Update Center (events: 10)
24/11/2009 12:53:30 AM Task started Kaspersky Internet Security My Update Center
24/11/2009 12:54:04 AM Task completed Kaspersky Internet Security My Update Center
24/11/2009 3:13:29 AM Task started Kaspersky Internet Security My Update Center
24/11/2009 3:13:49 AM Task completed Kaspersky Internet Security My Update Center
24/11/2009 5:33:29 AM Task started Kaspersky Internet Security My Update Center
24/11/2009 5:33:44 AM Task completed Kaspersky Internet Security My Update Center
24/11/2009 7:53:29 AM Task started Kaspersky Internet Security My Update Center
24/11/2009 7:54:09 AM Task completed Kaspersky Internet Security My Update Center
24/11/2009 5:44:28 PM Task started Kaspersky Internet Security My Update Center
24/11/2009 5:45:24 PM Task completed Kaspersky Internet Security My Update Center
It is an alert by the PDM (pro-active defense) component.
Try turning it off, rebooting and turning on the PDM again (If you are only certain it is not an alert to anything malware related.)
You can however in 64-bit leave the PDM off I believe...it has it's own protection that the 32-bit does not.
I have the same thing this is on my laptop, which has a finger print scanner. which i think might be the case but i want to be sure so could you please help me out. i attached the file for you to view. ThanksClick to view attachment
hey Austin,
as Akshun said earlier, this is probably the point where you need to generate a GetSystemInfo report and either send through a request to the Kas helpdesk and get them to answer your question, or post here and we can attempt to make an educated guess on what the issue is...
as Akshun said earlier, this is probably the point where you need to generate a GetSystemInfo report and either send through a request to the Kas helpdesk and get them to answer your question, or post here and we can attempt to make an educated guess on what the issue is...
QUOTE (Mordoc @ Feb 28 2010, 05:34 PM)
hey Austin,
as Akshun said earlier, this is probably the point where you need to generate a GetSystemInfo report and either send through a request to the Kas helpdesk and get them to answer your question, or post here and we can attempt to make an educated guess on what the issue is...
as Akshun said earlier, this is probably the point where you need to generate a GetSystemInfo report and either send through a request to the Kas helpdesk and get them to answer your question, or post here and we can attempt to make an educated guess on what the issue is...
How would i do so in getting a get system info report. thanks for the help. once i get it i will post it on here first for you guys to try and help your best. thanks again.
Try this link - https://forum.kasperskyanz.com.au/index.php?showtopic=102
It gives full instructions on how to download the tool, where from, and how to upload the results to the parser site, so we can have look at
what is running.
Also, has the finger print scanner has been added to the trusted zone yet?
Settings-Options-Threats and Exclusions-Exclusions-Trusted applications
I'd at least set this rule, reboot and see if the alert goes away before posting a GSI log.
QUOTE (norwegian @ Mar 1 2010, 04:57 PM)
Try this link - https://forum.kasperskyanz.com.au/index.php?showtopic=102
It gives full instructions on how to download the tool, where from, and how to upload the results to the parser site, so we can have look at
what is running.
Also, has the finger print scanner has been added to the trusted zone yet?
Settings-Options-Threats and Exclusions-Exclusions-Trusted applications
I'd at least set this rule, reboot and see if the alert goes away before posting a GSI log.
It gives full instructions on how to download the tool, where from, and how to upload the results to the parser site, so we can have look at
what is running.
Also, has the finger print scanner has been added to the trusted zone yet?
Settings-Options-Threats and Exclusions-Exclusions-Trusted applications
I'd at least set this rule, reboot and see if the alert goes away before posting a GSI log.
i don't know how to select the scanner its self there are just a bunch of folders that say they don't match my search :S
hi
guys i have the same problem as well i was going to the get system info thingy and send it to the guys at kaspersky anz
any help on how to get the system info would be great?
thanx
guys i have the same problem as well i was going to the get system info thingy and send it to the guys at kaspersky anz
any help on how to get the system info would be great?
thanx
hi
guys i figured out ho to get a getsystem info thingy
i can't post it here coz its too big.. buti could really use some help...plzzzz
thanx
guys i figured out ho to get a getsystem info thingy
i can't post it here coz its too big.. buti could really use some help...plzzzz
thanx
Should be small enough, its just a text file.
no it is a text file but its around 1.37 mb i don know how its heaps long
sorry abt all this i'm just a beginner but i have the file in a zip format now and i have uploaded it to this post... hope u can help...thanxx
aKsun
The label "Operating system kernal modification" does not appear in my list, it is the only one missing on the list, I have nine items only this one is missing. Any clues on how I can make it appear on the settings list.
hi i have the same problem but i'm on windows 7 and tonights the first time its come up
any help would be greatly appreciated
Thx
ToPcAt66
The label "Operating system kernal modification" does not appear in my list, it is the only one missing on the list, I have nine items only this one is missing. Any clues on how I can make it appear on the settings list.
hi i have the same problem but i'm on windows 7 and tonights the first time its come up
any help would be greatly appreciated
Thx
ToPcAt66
QUOTE (norwegian @ Nov 24 2009, 10:20 PM)
It is an alert by the PDM (pro-active defense) component.
Try turning it off, rebooting and turning on the PDM again (If you are only certain it is not an alert to anything malware related.)
You can however in 64-bit leave the PDM off I believe...it has it's own protection that the 32-bit does not.
Try turning it off, rebooting and turning on the PDM again (If you are only certain it is not an alert to anything malware related.)
You can however in 64-bit leave the PDM off I believe...it has it's own protection that the 32-bit does not.
Hi can you tell me how to turn it off i have 64-bit on mine thx
Do you have KIS or KAV?
In KIS it is found in the settings - "Proactive Defense". Simply turn it off.
Although, you may be able to play with the setting there to find what is causing an issue.
There is a known bug too for 'kernel patch modification' which is being worked on.
Just because you see this error, doesn't mean anything untoward.
QUOTE (Austin @ Mar 8 2010, 01:50 PM)
i don't know how to select the scanner its self there are just a bunch of folders that say they don't match my search :S
There a running process for the finger print scanner, it needs to be added to the trusted zone, which is accessiable via adding an item to the trusted zone..
Try this at least first.
QUOTE (ToPcAt66 @ Mar 18 2010, 06:21 AM)
aKsun
The label "Operating system kernal modification" does not appear in my list, it is the only one missing on the list, I have nine items only this one is missing. Any clues on how I can make it appear on the settings list.
The label "Operating system kernal modification" does not appear in my list, it is the only one missing on the list, I have nine items only this one is missing. Any clues on how I can make it appear on the settings list.
This is found in the proactive defense-settings.
It is usually the only one unchecked in the list.
QUOTE (norwegian @ Mar 18 2010, 11:54 AM)
This is found in the proactive defense-settings.
It is usually the only one unchecked in the list.
It is usually the only one unchecked in the list.
Hi
I've had a look and its not there
Why do you want to turn it off in the first place, are you having troubles?
also is this KAV or KIS?
I've asked this question already....you're not very forth-coming with info for us to help....what ever it is that makes you want to turn it off.
QUOTE (norwegian @ Mar 22 2010, 01:18 PM)
Why do you want to turn it off in the first place, are you having troubles?
also is this KAV or KIS?
I've asked this question already....you're not very forth-coming with info for us to help....what ever it is that makes you want to turn it off.
also is this KAV or KIS?
I've asked this question already....you're not very forth-coming with info for us to help....what ever it is that makes you want to turn it off.
This is what i replied to at the start
I have exactly the same error. I got home today and booted up windows 7 ultimate x64 and Kaspersky told me the same thing. On the international site for Kaspersky this is being reported by many people (increasingly in the last week) so I believe it is a Kaspersky false positive. I have not installed anything new.
24/11/2009 5:29:21 PM Task started Kaspersky Internet Security Proactive Defense
24/11/2009 5:30:17 PM Detected: PDM.Keylogger Absent Keylogger activity kernel mode memory patch
24/11/2009 5:30:18 PM Detected: PDM.Keylogger Absent Keylogger activity kernel mode memory patch Action selected by user
Status: Suspicious (events: 1)
24/11/2009 5:30:17 PM Suspicious legal software that can be used by criminals for damaging your computer or personal data PDM.Keylogger kernel mode memory patch Medium
The same thing happend to me its not come up since and i've followed what other users have put and gone into the said place and the one thing is not in the list ... and i'm on windows 7 and have both 32 and 64 bit so was wondering what i should do or if there is anything i can do now
many thx for reading
ToPcAt66
I have exactly the same error. I got home today and booted up windows 7 ultimate x64 and Kaspersky told me the same thing. On the international site for Kaspersky this is being reported by many people (increasingly in the last week) so I believe it is a Kaspersky false positive. I have not installed anything new.
24/11/2009 5:29:21 PM Task started Kaspersky Internet Security Proactive Defense
24/11/2009 5:30:17 PM Detected: PDM.Keylogger Absent Keylogger activity kernel mode memory patch
24/11/2009 5:30:18 PM Detected: PDM.Keylogger Absent Keylogger activity kernel mode memory patch Action selected by user
Status: Suspicious (events: 1)
24/11/2009 5:30:17 PM Suspicious legal software that can be used by criminals for damaging your computer or personal data PDM.Keylogger kernel mode memory patch Medium
The same thing happend to me its not come up since and i've followed what other users have put and gone into the said place and the one thing is not in the list ... and i'm on windows 7 and have both 32 and 64 bit so was wondering what i should do or if there is anything i can do now
many thx for reading
ToPcAt66
If you want, post a GSI log so we can check the running processes etc, but to stop the alert, there is only one way to do it, see - http://support.kaspersky.com/kis2010/proactive?qid=208281028
Does this help?
Without a little more info, I can't say any more.
Could you also help me?
I have visualize a PDM Keylogger detect by Kaspersky pure. In the attachment i join my GetSystemInfo and the Proactive Defense report. I already accept the change in the registry. How can I rollback this issue and which program can cause it.
Thanks.
srvictor.
Request Entity Too Large
I have visualize a PDM Keylogger detect by Kaspersky pure. In the attachment i join my GetSystemInfo and the Proactive Defense report. I already accept the change in the registry. How can I rollback this issue and which program can cause it.
Thanks.
srvictor.
Request Entity Too Large
QUOTE (srvictor @ Jul 7 2010, 01:34 PM)
Could you also help me?
I have visualize a PDM Keylogger detect by Kaspersky pure. In the attachment i join my GetSystemInfo and the Proactive Defense report. I already accept the change in the registry. How can I rollback this issue and which program can cause it.
Thanks.
srvictor.
Request Entity Too Large
I have visualize a PDM Keylogger detect by Kaspersky pure. In the attachment i join my GetSystemInfo and the Proactive Defense report. I already accept the change in the registry. How can I rollback this issue and which program can cause it.
Thanks.
srvictor.
Request Entity Too Large
Here's the GetSystemInfo.
QUOTE (srvictor @ Jul 7 2010, 12:45 PM)
Here's the GetSystemInfo.
Hello.
As mentioned through the thread; these are normally False Positives. Detections of either legal software or the OS itself.
Kaspersky has made no change to this detection; in fact the log states it allowed it.
You have a lot of security products on your system. All of which perform a rather complex and detailed role on your system. Any of these can be your detection, due to the places the software must access to perform its job.
In other words, don't stress. You said you made a registry change, I'm not sure what that is in relation to. Your proactive defense log only shows a single instance of PDM.Keylogger and then it was allowed. No registry mention at all.
Thanks aKshun. I thought that the permission that I made in the proactive defense was impact on the registry.
You said "You have a lot of security products on your system." Do you think that i can remove some or add another one that accomplished another task on the computer?
Thanks a lot.
You said "You have a lot of security products on your system." Do you think that i can remove some or add another one that accomplished another task on the computer?
Thanks a lot.
Thats entirely up to you. If you were running more than one "On-Access" scanner i would recommend to remove one.
But the two others from my understanding are "On-Demand".
But the two others from my understanding are "On-Demand".
I have exactly the same error. I came back today and started Windows 7 Ultimate x64 and Kaspersky said the same thing. On the international website for Kaspersky This was reported by many people (more and more in the last week), so I guess it is a false positive Kaspersky. I did not install anything new.
I believe it could be false reading.... I recently started using KIS's "Virtual Keyboard"... it was only after the first time I used it, did this PDM Keylogger pop up.
I observed, that the detection of the keylogger would only appear if I used the VK and after i had restarted windows.
If within a session, and I did not use the VK, then the detected keylogger would not appear after restarting windows.
So far it hasn't been detected during a session and only after windows startup.
I've done full scans of the computer and its only my game "trainers" that have trojans (false positives)
hope it helps
Windows 7 Ultimate x64 ver. 6.1 Build 7600.
KIS2010 AU ver.9.0.0.736. Definition date 09/09/2010 0718HRS
KIS2010 Virtual Keyboard utilised with Mozilla Firefox ver 3.6.9.
I observed, that the detection of the keylogger would only appear if I used the VK and after i had restarted windows.
If within a session, and I did not use the VK, then the detected keylogger would not appear after restarting windows.
So far it hasn't been detected during a session and only after windows startup.
I've done full scans of the computer and its only my game "trainers" that have trojans (false positives)
hope it helps
Windows 7 Ultimate x64 ver. 6.1 Build 7600.
KIS2010 AU ver.9.0.0.736. Definition date 09/09/2010 0718HRS
KIS2010 Virtual Keyboard utilised with Mozilla Firefox ver 3.6.9.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.