Lode

O.A. Flags Battery Monitor 1.1.12 as a Keylogger

Recommended Posts

Hi!

 

I had been using Battery Monitor 1.1.12 for quite some time, but day before yesterday OA gave a popup warning about this program, saying:

 

"Keylogger Detected"

 

I attach a screen shot of the popup I made before I hit "Allow", but left "Remember my decision" unchecked. 

 

But thinking it is better to be safe than sorry, I just removed the program.

 

Share this post


Link to post
Share on other sites

If you trust the program, you can allow it. I don't know why this particular program might need to record keyboard input, if all it is doing is acting as a battery monitor. Can you let me know who makes this software, and what their website is?

Share this post


Link to post
Share on other sites

It might be a false positive of course. This is what Battery Monitor 1.1.12 looks like: http://download.cnet.com/Laptop-Battery-Monitor/3000-2094_4-10442542.html

 

There is a link on that page that leads to another page and link to this site: http://www.exosyphen.com/

 

Also, there is this website which shows an almost identical battery monitor, probably made by the same people later: http://www.exs-studios.com/

 

I emailed them trough the latter website -now 3 days ago- about OA reporting this as a keylogger, but no reply yet.

Edited by GT500
made "exs-studios.com" link non-clickable

Share this post


Link to post
Share on other sites

PS: 

Clicking on that last link gives an error message, as you might have noticed. Just copy/paste it in a new browser tab:  http://www.exs-studios.com/

Edited by GT500
made link non-clickable

Share this post


Link to post
Share on other sites

I just received a reply:

.............................................

Hello,
The software is ours but it doesn’t do any keyloggin/etc.
Robert Muresan
Technical Director, exosyphen studios

.............................................

 

I believe Robert. And with over 70.000 downloads so far for the 1.1.12 version since 2005 -from CNET Download.com alone- it would be known by now if it were a keylogger. 

 

In the mean time I have installed it again -actually version 1.1.17- and I think the OA warning was a false positive. 

 

I like this software because I learned that the best way to prolong the life of a laptop battery is to keep it charged at 40%. Since I only need the battery when I move my laptop from my living room to my bedroom -if I don't want to turn it off- I don't normally keep the battery in it, and just put it in when I'm about to walk with it, unplug the AC current, plug it back in once in the other room, and remove the battery again. This is seldom, as I usually sit with it in my living room.

 

To keep it charged at 40% is easy with this battery monitor, as it can be set to sound an alarm when the battery reaches 40% charge, whether while discharging or charging. So when during charging I hear the alarm, I remove the battery which will have reached 40%, and I do the same in case I charged it over 40%. Then I use the laptop while the battery slowly discharges, and when the alarm sounds -at 40%- I remove the battery.

 

I found out about this 40% business here for Lithium-ion batteries: http://batteryuniversity.com/learn/article/how_to_store_batteries

Share this post


Link to post
Share on other sites

The version of Battery Monitor I downloaded from CNet didn't work in Windows 7, so I uninstalled it and downloaded from the "exs-studios.com" website and that version is working. I'm also not seeing any notifications from Online Armor about it, however it could be because I have it running in a virtual machine on a computer that has no battery.

Would it be possible for you to upload BatteryMonitor.exe to VirusTotal, and then post the link to the analysis?

Share this post


Link to post
Share on other sites

I'm also using Windows 7 (Home Premium) and all 3 Battery Monitor versions I tried work. I also surf by default in the sandbox -Sandboxie- but installed this as usual outside of that on my hard disk.

 

My apologies that my pc knowledge is limited, and that the following might be mostly superfluous.

 

I had version 1.1.17 installed after I removed 1.1.12, and because OA had given that warning for 1.1.12 -and not for 1.1.17, I removed 1.1.17 and re-installed 1.1.12. I wanted  to upload BatteryMonitor.exe version 1.1.12 to VirusTotal, and then post the link to the analysis at your request.

 

But that went not without some difficulties. This time I downloaded it first from hxxp://www.brothersoft.com/laptop-battery-monitor-43137.html

That resulted in a mess, even though I ticked "Custom installation" and un-ticked all add-on options. OA again flagged it as a keylogger: 

 

 

 

After the above had installed more OA popups appeared about things that had nothing to do with Battery Monitor it seemed to me, so -not knowing how to get rid of that- I re-set my laptop back using a backup made a few days ago.

 

But on that one I already had 1.1.17, so I un-installed it -Revo Uninstaller to make it a clean one- and re-installed 1.1.12, this time from http://download.cnet.com/Laptop-Battery-Monitor/3000-2094_4-10442542.html 

 

Again here also I chose "Custom" etc., but then this appeared and I allowed it:

Here I checked on-line and allowed it 

 

No keylogger warning this time.

 

In the mean time SpyShelter gave a popup, and I had it send me to VirusTotal:

 

Before I had tried to upload BatteryMonitor.exe by first typing that in my search bar in Start to find it, but it might have been the installer -I wouldn't know how to find "BatteryMonitor.exe" in any other way due to my limited pc knowledge- but then this appeared: https://www.virustotal.com/file/analysis/failed/

 

I hope that upload to VirusTotal through SpyShelter helped.

 

PS: Maybe it is my Opera browser, but when I edit the above in the normal option I get a completely blank post. So I hit "Edit" again -and the post appears again- and then use the "Use Full Editor" mode and it appears after hitting "Submit Modified Post."

 

Share this post


Link to post
Share on other sites

Correction (as I cannot edit the above anymore):

 

Here I checked on-line and allowed it:

Then this appeared and I allowed it:

 

And here I chose "RunSafer":

 

 

I didn't tick "Remember my decision" because I wanted to await the verdict here. 

 

(Before using the backup I had saved some of the above on an external drive so I could post it here afterwards.)

Share this post


Link to post
Share on other sites

I suppose you meant this following website?  http://www.exs-studios.com/

Because when I click on the link you gave I get the 404 error message again.

 

To try it out again, I un-installed 1.1.17 and installed 1.3.3 again. It does work on my Windows 7 (Home Premium), but with this error message appearing sometimes:

It appears when the alarm sounds for example, when the battery reaches the 40% charge point. So it does work, but with this flaw. Reason I'm going to remove it again, and re-install 1.1.17. 

 

I finally know how to find BatteryMonitor.exe to upload it to VirusTotal. For anyone still learning as I am how to find files:

Start > Computer > Local Disk (C:) > Program Files (x86) > Laptop Battery Monitor > BatteryMonitor. 

 

The result for Battery Monitor 1.3.3 on VirusTotal was 0 malware detections out of 42 AV tests results:

Share this post


Link to post
Share on other sites

PS:

I just had VirusTotal also scan 1.1.12, and the result was 0/41

https://www.virustotal.com/file/1624d6bebbccaf891d66d85e6b2b59ec9b027c3cfb4b2db1dfd1341ccccd50b2/confirmation/?ajax=false&detection-ratio=0/41&blob=AMIfv95cEzfc4zObHxBKkGzWliQFlflQUfJd_uCcCdec1PSR_jp6bn1lS6QXVNg5BC3ynRhJT6MyrrLZtTt27023kMgaa3TMGQP2sP_jYQiHBSOOiXDmn50BHW_hcoF4sG_cqKcIwIsZDxez24gMe0q79jFZgMxLmQ&last-analysis=1251995380&filename=BatteryMonitor.exe

 

To have VirusTotal scan 1.1.12 I only found it again on CNET Download.com. On all other sites I looked they would download other versions -even though it said 1.1.12- but this time I had none of the problems I mentioned above. Maybe last time I did not un-check the extra add-ons carefully enough...

Share this post


Link to post
Share on other sites

FWIW:  I used that application for some time on my XP laptops and saw Threatfire and AVG's bahavior blocker throw up alerts.  I don't recall if it ever tried to connect out or if I blocked such in the firewall.  While it may be intrusive, I never found it to be malicious.

Just allow/remember all the alerts but block/remember any for connections to the Internet.  The latter assuming you have "Intercept loopback interface" not checked in Options > Firewall.

When I got a Win7 laptop last year, I went with a Sidebar Gadget instead.  I like this Battery Monitor...
http://www.julien-manici.com/gadgets/
Julien makes some nice Gadgets.

Keyloggers (and other behaviors interpreted to be as such) are a quite common way of "doing things" in Windows that are allowable.  I also run Zemana AntiLogger and I had to allow five rules for keylogging in perfectly nice apps - one of which is BullGuard Antivirus.

That you acknowledge your "pc knowledge is limited" and with your use of OA and Spy Shelter, you have stumbled upon the Fun! associated with behavior blockers, HIPS and outbound filtered packet firewalls.  Good luck with that.

Cheers.

Share this post


Link to post
Share on other sites

Thank you. 

I installed the battery monitor you recommended, and it looks very nice. But it has no alarm when the charge reaches a pre-set %.

I did not see any way to un-install it, as it did not appear in the programs list, nor in Revo-Uninstaller. I found it by typing "battery monitor" in the Start search bar (don't know what it's called) and removed it to the waste basket ("Prullenbak" in Dutch). But still it was fully functional on my desktop:

So I mailed Julien, and this was his kind reply:

...............................................................

"Hi,
If you want to uninstall my Battery Monitor gadget, right click on the Windows desktop, choose "Gadgets".
In the window that shows up, there is a list of all your installed gadgets. Right click on mine, and select "uninstall".
Regards,
Julien MANICI

...............................................................

This option was a total surprise to me, as I had not clicked on my desktop since I have Windows 7 (1 1/2 years). The last time was in Windows xp before I had the current laptop.

 

SpyShelter recently flagged something from Realtek (audio) as a keylogger. I had SpyShelter send it to VirusTotal for me, and of the 42 AVs only one -Trend-Micro- had it as malware: a Trojan. Which I assume was a false positive, or something innocent. 

 

But better a false positive by being extra cautious, than no detection when it is malware. Same in this OA case. ; )

 

OA always shows up first asking me for allowance or not when I install a new program. After I allow it SpyShelter comes to attention, asking the same. As if it lets OA go first... a real gentleman-like behavior. : D

 

PS: I already had "intercept loopback" un-checked. but for more Fun now checked "Notify me when programs are allowed to access the internet." Just for a while.  

Share this post


Link to post
Share on other sites

From what you have posted thus far, it sounds like you have never seen the warning from Online Armor when using Battery Monitor 1.1.17? If that is the case, then I recommend using that version rather than the one that is causing Online Armor to pop up notifications.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.