Itunes and Firefox listed as possible keyloggers!!??

seascorpion · ‎06-17-2008

I recently activated eavesdropping protection.

Norton 360 (v.2.3.0.9) has since identified firefox.exe (my primary browser) and itunes.exe as keyloggers and "blocked" them. I have left the programs "blocked" for now although they seem to be working fine. I have run several virus scans with 360 which revealed 2 low threat tracking cookies and nothing else beyond the keyloggers.

Other than successfully using the registry fix, to eliminate the "ccSvcHst error on shutdown", this is the first issue I've had with 360 since installing it on a freshly imaged hd last week.

Have I been hacked somehow or is this likely a false positive? Should I unblock both programs or leave things the way they are for now?

What steps, if any, do you recommend?

Thanks in advance.

Windows XP Pro MCE 2005 SP2, Spybot S & D (Tea Timer), Firefox 2.0.0.14, itunes 7.6.2.9

Message Edited by seascorpion on 06-24-2008 04:42 AM

Message Edited by seascorpion on 06-24-2008 04:49 AM

---------

"My CPU is a neural net processor, a learning computer." Terminator 2

Norton 360v.2.3.0.9
Windows XP Pro MCE 2005 SP2

Norton 360v.2.3.0.9
Windows XP Pro Media Center Edition 2005 SP2

scott_moen · ‎06-23-2008

seascorpion,

Could you please also provide the versions of both Firefox and iTunes which are causing this issue? I personally use both of these applications and have not received any alerts from N360 regarding either. That doesn't necessarily mean it isn't a false positive. I have occasionally received false positives in a virus scan (although not with N360) and in that case it had to do with a new virus definition which happened to match executable code in one of my applications. In that case, it was fixed with the next definition update.

~scott

SaLaDiN · ‎05-31-2008

I have a similar problem...Norton 360 (v.2.3.0.9) cz has identified ICQ.exe as a polling keylogger, winpatrol.exe and ctfmon.exe as hook keyloggers and blocked them...

ICQ v 6.0

WinPatrol 2008 Free v 15.0.2008.0

Message Edited by SaLaDiN on 06-24-2008 09:27 AM

seascorpion · ‎06-17-2008

scott_moen wrote:
seascorpion,

Could you please also provide the versions of both Firefox and iTunes which are causing this issue?

Perhaps you didn't see it litsted in my post but the versions I have installed are Firefox 2.0.0.14 and itunes 7.6.2.9.

Any other info you need?

---------

"My CPU is a neural net processor, a learning computer." Terminator 2

Norton 360v.2.3.0.9
Windows XP Pro MCE 2005 SP2

Norton 360v.2.3.0.9
Windows XP Pro Media Center Edition 2005 SP2

scott_moen · ‎06-23-2008

Sorry, I generally don't read signatures so I did miss it in the first post. Thank you for your reply. I think the only other piece of information that might be pertinent would be when this first started to occur.

~scott

seascorpion · ‎06-17-2008

Scott,

Thanks for your prompt response.

I believe that I activated Eavesdropping Protection for the first time either Saturday June 21st or Sunday the 22nd.

After going to the eavesdropping section of 360 yesterday morning I noticed that itunes and firefox were listed as keyloggers on the 23rd -- I didn't receive any alert prior to that.

I just checked my Eavesdropping Protection Settings in 360 and discovered that itunes now has a date/time of 6/24 @ 5AM as the last time it was blocked-- firefox still has the original 6/23 date and time.

I was on the computer with itunes playing music in the background at 5 this morning. However, I never unblocked itunes so why would 360 block the program again?

Incidentally, I was surprised that Eavesdropping Protection was not on by default. Is this the standard setup?

Message Edited by seascorpion on 06-24-2008 02:32 PM

---------

"My CPU is a neural net processor, a learning computer." Terminator 2

Norton 360v.2.3.0.9
Windows XP Pro MCE 2005 SP2

Norton 360v.2.3.0.9
Windows XP Pro Media Center Edition 2005 SP2

seascorpion · ‎06-17-2008

Did a little detective work on google and found out that this is a well known problem-- at least within the firefox community.

http://support.mozilla.com/tiki-view_forum_thread.php?comments_parentId=27488&forumId=1

[quote]I did a live chat with a Symantec support agent and he said that when certain programs automatically check for updates at startup it may trigger 360 to block the outbound access of the program temporarily until you shut down and restart the program.

What Norton says is that the Firefox.exe and browser is fine - it's the add-on extensions that sometimes trigger it as being a key-logger or screen capture program.

You can disable the Eavesdropping Protection obviously, but I simply modified the settings for Firefox.exe to "allow."[/quote]

For those with this problem in the future a more general solution can be found here:

http://support.mozilla.com/en-US/kb/Configuring+Norton+360

I didn't initially connect this with the keylogger-firefox issue but I have had occasional browser failures the last few days which is consistent with the conflict described in the above link.

Although this doesn't address itunes I presume that when it access the web for updates etc. it is triggering the same reaction in Eavesdropping Protection that firefox.exe does.

I'm going to "allow" firefox and do a bit more research before allowing itunes.

Thoughts?

Message Edited by seascorpion on 06-24-2008 04:14 PM

---------

"My CPU is a neural net processor, a learning computer." Terminator 2

Norton 360v.2.3.0.9
Windows XP Pro MCE 2005 SP2

Norton 360v.2.3.0.9
Windows XP Pro Media Center Edition 2005 SP2

scott_moen · ‎06-23-2008

seascorpion,

It looks like you found the solution while I was still trying to replicate the problem I'm glad it turned out to be something benign instead of an issue with your computer.

In general, the Eavesdropping Protection has the narrow task of watching for outbound traffic from your computer and blocking it if it thinks there is potentially personal information being sent to a remote site. Norton 360's antivirus and antimalware components are there to ensure that no malicious code ends up on your system. When they work together, your computer is doublly safe: even if you somehow end up with a virus, Eavesdropping protection will prevent it from sending anything damaging off your system.

I do know that iTunes checks for new updates when it starts up. If you are routinely running system scans for viruses then you should be OK to unblock iTunes - if you want to allow it to check for updates.

I hope this has been helpful for you, even though in the end you found the solution on your own. If there's anything else we can help with feel free to either send a PM or start a thread.

~scott

seascorpion · ‎06-17-2008

scott_moen wrote:

I hope this has been helpful for you.

The problem has been solved and we created a record that those who search the forum with a simalar problem in the future can use. I'd call that very helpful!

Thanks Scott.

---------

"My CPU is a neural net processor, a learning computer." Terminator 2

Norton 360v.2.3.0.9
Windows XP Pro MCE 2005 SP2

Norton 360v.2.3.0.9
Windows XP Pro Media Center Edition 2005 SP2

Allen_K · ‎04-09-2008

seascorpion wrote:
The problem has been solved and we created a record that those who search the forum with a simalar problem in the future can use. I'd call that very helpful!

The orginal poster to the thread (you in this case) has that control. See the green 'Solution?' buttons to the right? Click the one next to post that you would like to mark as the solution.

Message Edited by Allen_K on 06-25-2008 11:57 AM

Allen