Q&A Zemana Antilogger's injected dll causes persistent explorer.exe CPU usage

Discussion in 'Zemana' started by Evjl's Rain, Sep 4, 2017.

  1. Evjl's Rain

    Evjl's Rain Level 28
    Trusted AV Tester

    Apr 18, 2016
    1,784
    13,100
    Vietnam
    Windows 8.1
    Avast
    Official Website:
    www.zemana.com
    today, I had a bit of free time and I monitored my CPU usage
    I noticed that explorer.exe CPU usage rarely stayed at 0%. It constantly varied between 0.1-1% while I was doing nothing for several minutes

    I used Process Explorer to find the culprit and I could see that zemana antilogger caused it
    Zemana antilogger injected a few .dll files to explorer.exe

    I disabled ID thief protection

    here is some screenshots proving it
    note: ke6d28~1.dll = KeyCrypt64(1).dll = KeyCrypt64(2).dll = KeyCrypt64(3).dll (just different names)
    2.PNG 1.PNG 3.PNG 4.PNG 5.PNG 6.PNG

    What is your opinion?
    I believe that Zemana antimalware won't have this problem because it doesn't have these kind of .dll files
     
  2. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,699
    11,809
    AppGuard LLC Virginia, U.S.
    1. Explorer.exe will typically show < 0.05 % with a browser open and not moving the cursor around (move the cursor along the taskbar and it will spike)
    2. Process Explorer itself averages approximately 1.5 % CPU
    3. Unless there is some kind of problem\issue that you have not stated...
    4. Zemana will say you have too much free time on your hands
     
    Sunshine-boy, davisd, XhenEd and 4 others like this.
  3. Evjl's Rain

    Evjl's Rain Level 28
    Trusted AV Tester

    Apr 18, 2016
    1,784
    13,100
    Vietnam
    Windows 8.1
    Avast
    I did a reboot and everything was the same
    I uninstalled zemana using geek uninstaller, the dlls were not removed. I performed a reboot and manually deleted all files in that folder. Now, explorer.exe is staying at absolutely 0% no matter what I'm doing
    The dlls are no longer injecting into explorer so no more CPU usage

    I can expect that kind of answer from zemana. That's why I don't want to email them and wait for unhelpful answers
     
  4. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,699
    11,809
    AppGuard LLC Virginia, U.S.
    1. Open a browser and open Explorer
    2. Hover the cursor across the browser and Explorer taskbar icons
    3. Explorer should temporarily spike to above 1 % CPU in Process Explorer (Windows TaskMgr rounds off to whole numbers and then you also have to take into account the update rate)

    I don't think 1 % CPU for Explorer is a deal breaker; compare that to some internet security suites running at idle

    Also, compare the the Zemana anti-logger HIPS CPU consumption to the integrated AV scanner monitoring at idle
     
  5. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    890
    6,271
    Caille
    Windows 10
    An estimation could be that they inject code into running processes and then the injected code communicates with the driver so the correct keystrokes can be sent to the correct process and spoofed for all the others which may or may not be trying to intercept. That would make sense at least.

    Personally, I don't see problem here. I suggest you contact Zemana at their official support, they'll be able to assist you best in diagnosing any potential problems and resolving them: Support For AntiLogger
     
    davisd, Fritz, rockstarrocks and 3 others like this.
  6. Evjl's Rain

    Evjl's Rain Level 28
    Trusted AV Tester

    Apr 18, 2016
    1,784
    13,100
    Vietnam
    Windows 8.1
    Avast
    I agree but I don't want my laptop resource to be used by the feature I disabled. Instead of antilogger, I can use ZAM, which doesn't have this problem
    but both still create and inject dll to the system even after removal as we have discussed a lot here. They don't want to answer the exact reason

    thank you, my may try but according to my experience with zemana support, they all said everything was normal and didn't admit the bugs I reported
    I expect the same answer this time
     
    davisd, frogboy and rockstarrocks like this.
  7. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,699
    11,809
    AppGuard LLC Virginia, U.S.
    You will have a much better experience with SpyShelter. More importantly, it is a much more capable\powerful product in your knowledgeable hands.

    Just sayin'...
     
    davisd and Evjl's Rain like this.
Loading...
Similar Threads Forum Date
Q&A Do HitmanPro and Zemana Antimalware need active data connection for scanning? General Security Discussions Jan 2, 2018
Compare Protection MalwareBytes free vs. Zemana free vs. Hitman Pro vs. Emsisoft EK Best 2nd line of defence for PC? Compare Apps Dec 29, 2017
Help Me Decide Zemana Antimalware Premium vs Malwarebytes 3 Premium /win10/ Compare Apps Dec 10, 2017