Jump to content

poptrayu from sourceforge site gave keylogger and screen logger messages

Recommended Posts

Online Armor is a fine program.  I hope it keeps an independent firewall existence, as I like my firewall not in a suite (layering mentalitiy.) Maybe the biggest problem it has is that the free program is so good and it is hard to find extras to encourage upgrade.  I last owned the paid version back when it was indepentista, before Emsi, and I liked the port tweaking that was not in the free version.  Also there was some super special on Bits du Jour or somewhere. 

Maybe an upgrade marketing push would help.  I know I would find various ways to put out $10-25 acceptable.  Note how some companies give real specials at the end-of-year and various times, often for longer licenses of 2 or 3 years or lifetime on multi-computers. Offers too good to refuse ... if you really like the program, as many do with Online Armor.

Once OA is setup, alarms are few.  I got one the other day for poptrayu.exe, which I downloaded from the SourceForge site, author Jessica Brown.  A respected program, an email notifier, usually used for gmail.  The message said keylogger and screen logger in two separate messages, and to be cautious about allowing. A bit of a surprise since an email notifier does not do much special.  (My only theory is a toolbox used in development that has special functions, not used in the program.)

The SourceForge forum has not yet put up my post (last post up was weeks ago).  VirusTotal gives 57 clean, 0 bad.

Any feedback from Emsisoft would be appreciated.


Steven Avery
Bayside, NY

Link to post
Share on other sites

The HIPS alert doesn't necessarily say anything about whether it is malicious or not. Keylogger behavior is very common for all applications that support hotkeys or that process raw keyboard/mouse input like games for example. Same is true for screen logging, which is triggered by anything that tries to manipulate or take pictures the screen in more advanced ways. If you trust the application or if you compiled it yourself, then you should be able to safely allow it.

Link to post
Share on other sites


And maybe Online Armor can consider this ok.


I also received a response on the PopTrayU forum.

"PopTrayU has an option to set global hot-keys that will cause PopTrayU to pop up on the screen or check for new mail, even when you are in another application. So PopTrayU registers specific user-definable hot-key combinations using the RegisterHotKey windows library function and listens for WM_HOTKEY windows messages if the registered key combination is pressed. As far as false positive of screen logger, it might be caused by windows style hooks to correct the background color of the time pickers ( http://stackoverflow.com/questions/10335310/style-properties-for-tdatetimepickerexplains a bit about the need for this). You have to incercept the WM_PAINT windows message and manually paint the control is the gist of it. It appears there are a lot of reports online about Online Armor being overly broad in it's criterion for detecting key-loggers resulting in many benign applications being detected as possibly harmful.

PopTrayU is also open source, you are more than welcome to review the entirety of the source code in the SVN repository, or build the application from source (presuming you have access to the needed compilers), if desired. The XE4 branch in the repository is the current source code." - Jessica Brown, author of PoptrayU




Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...