Activity Monitor Detection - May 6, 2007

When I scanned a system that had the monitoring portion of Activity Monitor installed, i.e. the system was the one doing the monitoring, with various antivirus and antispyware programs, a couple reported its presence.

I scanned the system with Bazooka Adware and Spyware Scanner version 1.13.03. It reported that it did not detect anything.

When I scanned the system with Spybot Search & Destroy version 1.4 with detection update 2007-05-02, it reported the presence of Activity Monitor.

Search results from Spybot - Search & Destroy
Product/DescriptionType/Action
Activity Monitor: User settings
HKEY_USERS\S-1-5-21-1922275950-1779413670-3725303808-1142\Software\SoftActivity\Activity Monitor
Registry key
nothing done

I did not have Spybot take any action, since the software should be on the system.

When I ran a full scan of the system with Windows Defender version 1593 with definition version 1.18.2533.5 created on 5/2/2007 at 2:54 PM, it reported the presence of Activity Monitor.

Windows Defender Scan Results
NameAlert levelActionStatus
Monitoring Tool:Win32/ActivityMonitor Medium Select an action  

Category:
Monitoring Software

Description:
This program monitors user activity, such as keystrokes typed.

Advice:
Review the alert details to see why the software was detected. If you do not like how the software operates or if you do not recognize and trust the publisher, consider blocking or removing the software.

Resources:
regkey:
HKCU@S-1-5-21-3311668830-4122888013-919780041-500\Software\Softactivity\Activity Monitor

regkey:
HKCU@S-1-5-21-1922275950-1779413670-3725303808-1142\Software\Softactivity\Activity Monitor

file:
C:\Program Files\Security\Activity Monitor\amagent39.exe

View more information about this item online

Threat Overview
Class/typePotentially Unwanted Software - MW
DiscoveredSeptember 29, 2006
CirculatingNo
Affected operating systems 
Affected software Not specified
Infection ratingLow
Recovery difficultyEasy
Damage ratingLow
Transmission ratingLow

For action, I had the choice of "remove", "quarantine" "ignore", "allow allow"; I chose "always allow".

A scan with the antivirus program, ClamWin 0.90.2, with definitions updated 18:05 05 May 2007, did not detect anything. Nor did scans with two other antivirus programs: BitDefender Free Edition 8 with definitions updated on 5/6/2007 and Symantec AntiVirus Corporate Edition (Program: 8.1.0.825, Scan engine: 4.2.0.7, Virus Definition File Version: 5/6/2007 rev. 18).

References:

  1. Spybot Search & Destroy information on Activity Monitor