I read many very positive reviews about your PDF product and was very excited about it until I found this one below. Its a shame - you have so many great reviews and a great product. I suggest that you respond to this here and on CNET.

Embeds a Keylogger-Winective PC keylogger in registry

20-Dec-2005 02:10:44 AM
Reviewer: http://www.download.com/3642-6675-2622765.html - altered

Pros: Didn't even use it, but it embedded a keylogger, so I don't like a darn thing about it.

Cons: I haven't even had a chance to use it, but when I ran the free edition of Spyroot Spysweeper, a Registry Key popped up as the Winective PC keylogger. Here is the keys name from my computer:*****

When I went in to regedit to check what this belonged to, well, imagine my surprise when it was PDF redirect's typelib key. So, I uninstalled and have deleted the key (which didn't get deleted with the uninstall). I am so disappointed, I thought that CNET was looking out for us when it came to spyware, especially something as dangerous as a keylogger. Get rid of this asap.

Yikes!

Thank you for the warning ninterdo. I appreciate it. I will investigate this further and report back here and on the CNET board as well. I will pull PDF reDirect off the market if what he says is true.

In the mean time, I have taken the http://www.exp-systems.com/downloads.htm - downloads page on this site "offline" to prevent any other downloads for now until I can confirm that PDF reDirect is a "clean" download.

Thanks again,

Hi Ninterdo,

   Here are the results of my investigation (see below for the boring technical details): the Spysweeper report seems to be a "False Positive" issue with Spysweeper. I have confirmed that PDF reDirect does NOT install any keylogger software. Therefore, I have re-opened the downloads page on the forum. I will provide Spysweeper's reply as soon as I receive it. Note that Norton Anti-Virus, F-Secure and Kaspersky had the same false positive problem, and all of them corrected their definition files to fix the problem. I am hopeful that Spysweeper will do the same.

   Thank you again for expressing your concern: I appreciate you bringing this to my attention. Once I get confirmation from Spysweeper that the issue was a false positive, would it be acceptable to you that I delete this post? I will keep the original post open though.

   Regards,

Michel Korwin-Szymanowski

--------------------

Description: The latest version of Spysweeper reports that “System Monitor found: wintective pc keylogger” after PDF reDirect is installed.

Explanation: PDF reDirect Pro (included with PDF reDirect) provides the user the ability to send e-mails of the newly created PDF file. This feature makes use of a 3rd party component I purchased called the “OstroSoft SMTP Component” which is manufactured by Ostrosoft ( http://www.ostrosoft.com/ - www.ostrosoft.com ) in Staten Island in New York. This component is (apparently) also being used by a Keylogger program called “wintective pc keylogger”, manufactured by Wintective ( http://wintective.terkud.com/ - http://wintective.terkud.com/ ).

When Spysweeper runs, it finds the registry key for the Ostrosoft component, and (incorrectly) reports that the “wintective pc keylogger” is installed. In the next page of the program, it more clearly states that it found “traces” of the keylogger. The “traces” it refers to is that of the e-mail SMTP component from Ostrosoft which is used by PDF reDirect (and many other legitimate programs).

Does PDF reDirect or PDF reDirect Pro install a keylogger? No.

What Next? This error is known as a “false positive”. Ostrosoft reported the same problem with Norton Antivirus who corrected their error a few days later. F-Secure and Kaspersky also started reporting the same thing and eventually corrected their definition files too. Ostrosoft and Spysweeper have been informed of the problem. I will report on their replies as soon as hear back from them.

Note: Spysweeper found a “registry key” not an actual keylogger. The registry key itself is harmless.

------------------------------------

For the sake of completeness: here is the log of my investigation.

1. Closed the Downloads web page from the web site.
2. Replied to concern raised on Forum (started investigation)
3. Compared CNET Download to the Original File to determine if the CNET file was tampered with. Results are shown here and show that the CNET file is the original file that I uploaded back in June 2005, and was not tampered with.
1. Downloaded PDF reDirect from the CNET web site.
2. Compared size of the CNET Download to that of the original file:

                                                               i.      CNET Download:  6,150,595 bytes

                                                             ii.      Original File:         6,150,595 bytes

3. Compared CRC of the two files. CRC stands for “cyclic redundancy check”. This value will change if someone tampers with the file and changes some of the data inside.

                                                               i.      CNET Download:  3E9607C

                                                             ii.      Original File:         3E9607C

4. Run Anti-Virus (NOD32 by eset) check on both files. Both files came out “clean”. Here is the log:
1. Scan performed at: 12/20/2005 19:09:39 PM
2. Scanning Log
3. NOD32 version 1.1318 (20051211) NT
4. Command line: C:\EXP\Products\PDF_Redirect_Pro\Admin\Product Support\Keylogger Complaint\Compare Download to Original
5. Operating memory - is OK
6.  
7. Date: 20.12.2005  Time: 19:09:45
8. Scanned disks, folders and files: C:\EXP\Products\PDF_Redirect_Pro\Admin\Product Support\Keylogger Complaint\Compare Download to Original\
9. Number of scanned files: 2
10. Number of threats found: 0
11. Time of completion: 19:09:45 Total scanning time: 0 sec (00:00:00)
5. Downloaded and Installed the latest SpySweeper v4.5
6. Ran Spysweeper v4.5 (note: I have PDF reDirect Pro v2.1 installed).
1. I was asked if I wanted to download and use the latest definition file. I chose “yes”.

                                                               i.      Program version given as v4.5.5 (Build 604)

                                                             ii.      Definition File given as v588

2. Results: Spysweeper reports that “System Monitor found: wintective pc keylogger”
3. On the next page, Spysweeper says that “traces” of the keylogger were found in the form of a registry entry, not the actual keylogger software.
4. I decided NOT to remove the offending registry key for now so that I could investigate further. Closed Spysweeper.
5. Ran RegEdit to look at the entire registry key – The TypeLib belongs (indeed) to a third party sub-component that is installed by PDF reDirect which is the e-mail component of PDF reDirect Pro. This component is manufactured by Ostrosoft and is used to send e-mail. Here are the details:

                                                               i.      Company: OstroSoft SMTP Component

                                                             ii.      Web Site: http://www.ostrosoft.com/

                                                            iii.      Filename: OSSMTP.dll

                                                            iv.      Where installed: C:\WINDOWS\SYSTEM32

7. Researched “wintective pc keylogger”. What is it?
1. From the manufacturer’s web site ( http://wintective.terkud.com/ - http://wintective.terkud.com/ ): Wintective is a stealthy monitoring spyware which allows you to secretly track all activities of computer users and automatically deliver logs to you via e-mail.
2. Wintective (KeyLogger & Screen Shots Capture) is a Windows application capable of monitoring any user, and any activity on the computer where it is installed.
3. It is a stealthy monitoring spyware which allows you to secretly track all activities of computer users and automatically deliver logs to you via e-mail
8. Informed Spysweeper and Ostrosoft that they are experiencing a False Positive Problem.
9. Updated Web Site Forum.

10. Re-opened download section.