Evjl's Rain

Level 39
Content Creator
AV-Tester
Verified
Joined
Apr 18, 2016
Messages
2,800
Operating System
Windows 8.1
Antivirus
Avast
#1
today, I had a bit of free time and I monitored my CPU usage
I noticed that explorer.exe CPU usage rarely stayed at 0%. It constantly varied between 0.1-1% while I was doing nothing for several minutes

I used Process Explorer to find the culprit and I could see that zemana antilogger caused it
Zemana antilogger injected a few .dll files to explorer.exe

I disabled ID thief protection

here is some screenshots proving it
note: ke6d28~1.dll = KeyCrypt64(1).dll = KeyCrypt64(2).dll = KeyCrypt64(3).dll (just different names)
2.PNG 1.PNG 3.PNG 4.PNG 5.PNG 6.PNG

What is your opinion?
I believe that Zemana antimalware won't have this problem because it doesn't have these kind of .dll files
 

Lockdown

From AppGuard
Developer
Verified
Joined
Oct 24, 2016
Messages
4,345
#2
today, I had a bit of free time and I monitored my CPU usage
I noticed that explorer.exe CPU usage rarely stayed at 0%. It constantly varied between 0.1-1% while I was doing nothing for several minutes

I used Process Explorer to find the culprit and I could see that zemana antilogger caused it
Zemana antilogger injected a few .dll files to explorer.exe

I disabled ID thief protection

here is some screenshots proving it
note: ke6d28~1.dll = KeyCrypt64(1).dll = KeyCrypt64(2).dll = KeyCrypt64(3).dll (just different names)

What is your opinion?
I believe that Zemana antimalware won't have this problem because it doesn't have these kind of .dll files
1. Explorer.exe will typically show < 0.05 % with a browser open and not moving the cursor around (move the cursor along the taskbar and it will spike)
2. Process Explorer itself averages approximately 1.5 % CPU
3. Unless there is some kind of problem\issue that you have not stated...
4. Zemana will say you have too much free time on your hands
 

Evjl's Rain

Level 39
Content Creator
AV-Tester
Verified
Joined
Apr 18, 2016
Messages
2,800
Operating System
Windows 8.1
Antivirus
Avast
#3
I did a reboot and everything was the same
I uninstalled zemana using geek uninstaller, the dlls were not removed. I performed a reboot and manually deleted all files in that folder. Now, explorer.exe is staying at absolutely 0% no matter what I'm doing
The dlls are no longer injecting into explorer so no more CPU usage

I can expect that kind of answer from zemana. That's why I don't want to email them and wait for unhelpful answers
 

Lockdown

From AppGuard
Developer
Verified
Joined
Oct 24, 2016
Messages
4,345
#4
I uninstalled zemana using geek uninstaller, the dlls were not removed. I performed a reboot and manually deleted all files in that folder. Now, explorer.exe is staying at absolutely 0% no matter what I'm doing
1. Open a browser and open Explorer
2. Hover the cursor across the browser and Explorer taskbar icons
3. Explorer should temporarily spike to above 1 % CPU in Process Explorer (Windows TaskMgr rounds off to whole numbers and then you also have to take into account the update rate)

I don't think 1 % CPU for Explorer is a deal breaker; compare that to some internet security suites running at idle

Also, compare the the Zemana anti-logger HIPS CPU consumption to the integrated AV scanner monitoring at idle
 
D

Deleted member 65228

Guest
#5
note: ke6d28~1.dll = KeyCrypt64(1).dll = KeyCrypt64(2).dll = KeyCrypt64(3).dll (just different names)
An estimation could be that they inject code into running processes and then the injected code communicates with the driver so the correct keystrokes can be sent to the correct process and spoofed for all the others which may or may not be trying to intercept. That would make sense at least.

Personally, I don't see problem here. I suggest you contact Zemana at their official support, they'll be able to assist you best in diagnosing any potential problems and resolving them: Support For AntiLogger
 

Evjl's Rain

Level 39
Content Creator
AV-Tester
Verified
Joined
Apr 18, 2016
Messages
2,800
Operating System
Windows 8.1
Antivirus
Avast
#6
I don't think 1 % CPU for Explorer is a deal breaker; compare that to some internet security suites running at idle

Also, compare the the Zemana anti-logger HIPS CPU consumption to the integrated AV scanner monitoring at idle
I agree but I don't want my laptop resource to be used by the feature I disabled. Instead of antilogger, I can use ZAM, which doesn't have this problem
but both still create and inject dll to the system even after removal as we have discussed a lot here. They don't want to answer the exact reason

An estimation could be that they inject code into running processes and then the injected code communicates with the driver so the correct keystrokes can be sent to the correct process and spoofed for all the others which may or may not be trying to intercept. That would make sense at least.

Personally, I don't see problem here. I suggest you contact Zemana at their official support, they'll be able to assist you best in diagnosing any potential problems and resolving them: Support For AntiLogger
thank you, my may try but according to my experience with zemana support, they all said everything was normal and didn't admit the bugs I reported
I expect the same answer this time
 

Lockdown

From AppGuard
Developer
Verified
Joined
Oct 24, 2016
Messages
4,345
#7
I agree but I don't want my laptop resource to be used by the feature I disabled. Instead of antilogger, I can use ZAM, which doesn't have this problem
but both still create and inject dll to the system even after removal as we have discussed a lot here. They don't want to answer the exact reason
You will have a much better experience with SpyShelter. More importantly, it is a much more capable\powerful product in your knowledgeable hands.

Just sayin'...