Hi,

I am testing a program called "eTrust EZ Antivirus" from CA, and now its realtime scanner found and logged this on my PC :

"2005/01/15 16:33:53.125 File infection: C:\System Volume Information\_restore{D79DAD9E-7D9F-4031-B899-C110FA32DCCC}\RP27\A0006815.dll is Win32.WinKeyLogger.C trojan. Deleted. "

I have made a purchase with a credit card this week, so now I got a bit nervous, as this is some kind of keylogge .

I updated the virus database and started the PC in safe mode. Made a full system scan, and it found nothing. Also run AdAware, that did not find "anything".

I checked if the file in system volume information was gone, and it was.

Now I can not find any more info about the keylogger.

My XP has done restore points every day, and no viruses was found there.

The virus was not found outside "System Volume Information" ?

I dont know how and when this keylogger has been installed on my pc, and I dont know if there is any way to find out either...

I installed this CA antivirus 2-3 days agoo, and it also has a firewall. (

Questions.

1) Is it safe to assume the infection has happend to day, as no other restore points seems to have this virus?

2) Is there a way to figure out the real name of the file "A0006815.dll" ?

3) Is it not strange the keylogger is not found outside "system volume information" ?

4) Is there some logs I can see from when this file was created on my disk?

5) If this program came on my PC today, how is it possible, as I have the firewall, all patches and virscan active ?

Any suggestions what else I shold / could do about this?

Thank you for Your time.