Assigned Zemana Antilogger's injected dll causes persistent explorer.exe CPU usage

This thread is being handled by a member of the staff.
Status
Not open for further replies.

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
today, I had a bit of free time and I monitored my CPU usage
I noticed that explorer.exe CPU usage rarely stayed at 0%. It constantly varied between 0.1-1% while I was doing nothing for several minutes

I used Process Explorer to find the culprit and I could see that zemana antilogger caused it
Zemana antilogger injected a few .dll files to explorer.exe

I disabled ID thief protection

here is some screenshots proving it
note: ke6d28~1.dll = KeyCrypt64(1).dll = KeyCrypt64(2).dll = KeyCrypt64(3).dll (just different names)
2.PNG 1.PNG 3.PNG 4.PNG 5.PNG6.PNG

What is your opinion?
I believe that Zemana antimalware won't have this problem because it doesn't have these kind of .dll files
 
5

509322

today, I had a bit of free time and I monitored my CPU usage
I noticed that explorer.exe CPU usage rarely stayed at 0%. It constantly varied between 0.1-1% while I was doing nothing for several minutes

I used Process Explorer to find the culprit and I could see that zemana antilogger caused it
Zemana antilogger injected a few .dll files to explorer.exe

I disabled ID thief protection

here is some screenshots proving it
note: ke6d28~1.dll = KeyCrypt64(1).dll = KeyCrypt64(2).dll = KeyCrypt64(3).dll (just different names)

What is your opinion?
I believe that Zemana antimalware won't have this problem because it doesn't have these kind of .dll files

1. Explorer.exe will typically show < 0.05 % with a browser open and not moving the cursor around (move the cursor along the taskbar and it will spike)
2. Process Explorer itself averages approximately 1.5 % CPU
3. Unless there is some kind of problem\issue that you have not stated...
4. Zemana will say you have too much free time on your hands
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
I did a reboot and everything was the same
I uninstalled zemana using geek uninstaller, the dlls were not removed. I performed a reboot and manually deleted all files in that folder. Now, explorer.exe is staying at absolutely 0% no matter what I'm doing
The dlls are no longer injecting into explorer so no more CPU usage

I can expect that kind of answer from zemana. That's why I don't want to email them and wait for unhelpful answers
 
5

509322

I uninstalled zemana using geek uninstaller, the dlls were not removed. I performed a reboot and manually deleted all files in that folder. Now, explorer.exe is staying at absolutely 0% no matter what I'm doing

1. Open a browser and open Explorer
2. Hover the cursor across the browser and Explorer taskbar icons
3. Explorer should temporarily spike to above 1 % CPU in Process Explorer (Windows TaskMgr rounds off to whole numbers and then you also have to take into account the update rate)

I don't think 1 % CPU for Explorer is a deal breaker; compare that to some internet security suites running at idle

Also, compare the the Zemana anti-logger HIPS CPU consumption to the integrated AV scanner monitoring at idle
 
D

Deleted member 65228

note: ke6d28~1.dll = KeyCrypt64(1).dll = KeyCrypt64(2).dll = KeyCrypt64(3).dll (just different names)
An estimation could be that they inject code into running processes and then the injected code communicates with the driver so the correct keystrokes can be sent to the correct process and spoofed for all the others which may or may not be trying to intercept. That would make sense at least.

Personally, I don't see problem here. I suggest you contact Zemana at their official support, they'll be able to assist you best in diagnosing any potential problems and resolving them: Support For AntiLogger
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
I don't think 1 % CPU for Explorer is a deal breaker; compare that to some internet security suites running at idle

Also, compare the the Zemana anti-logger HIPS CPU consumption to the integrated AV scanner monitoring at idle
I agree but I don't want my laptop resource to be used by the feature I disabled. Instead of antilogger, I can use ZAM, which doesn't have this problem
but both still create and inject dll to the system even after removal as we have discussed a lot here. They don't want to answer the exact reason

An estimation could be that they inject code into running processes and then the injected code communicates with the driver so the correct keystrokes can be sent to the correct process and spoofed for all the others which may or may not be trying to intercept. That would make sense at least.

Personally, I don't see problem here. I suggest you contact Zemana at their official support, they'll be able to assist you best in diagnosing any potential problems and resolving them: Support For AntiLogger
thank you, my may try but according to my experience with zemana support, they all said everything was normal and didn't admit the bugs I reported
I expect the same answer this time
 
5

509322

I agree but I don't want my laptop resource to be used by the feature I disabled. Instead of antilogger, I can use ZAM, which doesn't have this problem
but both still create and inject dll to the system even after removal as we have discussed a lot here. They don't want to answer the exact reason

You will have a much better experience with SpyShelter. More importantly, it is a much more capable\powerful product in your knowledgeable hands.

Just sayin'...
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top