Alien Assault reported as keylogger by Kaspersky

[valkyrie]

I am wondering whether my Alien Assault v1.2 is a cracked version as my anti-virus keep complaining that the game behaviour is similar to a keylogger.

Can anyone please let me know if this is a real threat or a false alarm from Kaspersky.

Thanks.

[the_Fifth_Horseman]

There is no "cracked version", because there is nothing to crack in the first place.

Please upload a copy of the executable somewhere and post a link so we can compare it with the original.
Where did you get your copy from?

[Niklas]

Where did you download it from? Strategy Informer? If not, get that version. If so, Google for another game/app made using Allegro. Can be Allegro that listens to the keyboard for inputs that generates the warning...

[Niklas]

Also, do you mean v1.2 or v1.02? We habe not released a v1.2 but if you are using v1.02 you should get v1.022.

[Killgore85]

v1.021 is actually the most recent version at strategy informer
http://www.strategyinformer.com/pc/a...ame/34785.html

You might have a more recent WIP version Niklas, but it isn't generally available.

[Niklas]

Sorry, iPhone typo...v1.021 is the newest one, correct.

[valkyrie]

Thanks for the update. I forgot where i downloaded the game from but I was planning to upload the executable for you all to compare but things have gone bad.

My home network has been compromised and the router OS hacked. Basically disable all the security on the router. Now I am using mobile internet paying by the KBytes so I guess it will be expensive to upload anything for now. Anyway that still does not mean that this problem is due to the game itself until it is proven.

This is off topic but I would appreciate if somebody here who has any experience dealing with a hacker running loose in a network to give me some pointers.

Basically already formatted the compromised PC and losing all my high stat marines.
Change the password to the router (but forgot to erase and reinstall the firmware) and I thought all is well until i discover the router OS has been replaced again. The malware is still hiding somewhere in the network or has establish a backdoor somewhere.

Going to download a new firmware from linksys and overwrite the router. I guess all password should be entered using a virtual keyboard.

All computers are disconnected from the network for now, even the NAS. Just using the laptop with mobile connection. It is a losing battle.

I really do not want to format all the pc if i don't have to but i will not have any options left if the problems still exist after the replacing the router firmware. I have been trying to look for the offending program using netstat but so far no luck.

The pains of using windows.

Thanks.

[Niklas]

I have no good advice to give, but I feel you pain.

[Killgore85]

Malware removal guide
http://forums.majorgeeks.com/showthread.php?t=35407
Do yourself a favor and read through it thoroughly before you dive in and start changing a lot of settings and especially before editing the registry.

2 very useful programs for those situations
Spybot search & destroy http://www.safer-networking.org/en/download/index.html
ccleaner (crap cleaner) http://majorgeeks.com/download4191.html

As long as you only do what they recommend, you should be fine. If you want to edit your registry beyond it's recommendations, there's a risk that you could have to format your drive and start from scratch.

[the_Fifth_Horseman]

There's also HijackThis, which you could use to check both retgistry autoruns and currently active processes.

Quote:

If you want to edit your registry beyond it's recommendations, there's a risk that you could have to format your drive and start from scratch.

Not that bad. As long as you backup your registry beforehand, there are ways to restore it even if the original was so badly mauled that you can't start up the system at all (which, in all respect, should be rather difficult to achieve other than on purpose).

[Killgore85]

I had that happen several years ago.

[valkyrie]

Killgore,

Thanks for the useful link to the support forums. Run through the steps as suggested but did not find any malware on any of my networked PCs but nevertheless the forum provided a good systematic way to deal with malware.

I guess i have the problem taken care of after formatting my pc and flashing my router with the latest firmware. I hope...

Unfortunately this also means I got nothing to upload for the comparison. What I will do now is to download the game from the recommended site and see if kaspersky will give me the same keylogger complain.

[Niklas]

Looking forward to what it will say.

Just for the record, Our game has been given "spyware free" awards by two sites.

[Orgetorix]

There is nothing to worry about. I run Kaspesky and that is a generic warning it gives you with just about any game software, because the game is echoing the keyboard for your input, so technicaly they are correct. The program COULD be keylogging, but almost universially the program isn't. I get tired of it so I just disable that notification.

[valkyrie]

Quote:

Originally Posted by Niklas

Looking forward to what it will say.

Just for the record, Our game has been given "spyware free" awards by two sites.

I used the link provided in this website and downloaded AA v1.021 from strategy informer. Kaspersky reported the same keylogger warning. I attached a jpg for comments.

[the_Fifth_Horseman]

From what I understand, PDM.Keylogger is a false positive given by recent versions of Kaspersky on nearly any piece of software that utilises keyboard input.
http://support.kaspersky.com/kis2010...?qid=208281028

[valkyrie]

Quote:

Originally Posted by the_Fifth_Horseman

From what I understand, PDM.Keylogger is a false positive given by recent versions of Kaspersky on nearly any piece of software that utilises keyboard input.
http://support.kaspersky.com/kis2010...?qid=208281028

OK but what was reported was pid 0 which I would assume to be some OS processes but mine was having a pid 245.

I think it is fairly safe to say that is a false positive since Orgetorix also reported that his kaspersky give the same warning.