Applies to Kaspersky Internet Security 2010
If the interactive mode is enabled in the Kaspersky Internet Security 2010 settings and in the Proactive Defense component settings the Prompt for action option is selected (the option is available only in versions from 18.104.22.1686), then in some cases the Kaspersky Internet Security 2010 dialog window that will inform you about suspicious activity may appear. The process will be detected as Process (PID: 0): kernel mode memory patch.
Keyloggers may send your personal information (logins, passwords, credit card numbers) you enter using your keyboard to a cyber criminal. However, similar actions can be performed not only by malicious programs, but also by some other not malicious applications installed on your computer. Very often these actions are performed by means of hotkeys to access some functions of an application installed on your computer.
In most cases, the process kernel mode memory patch (PID: 0) is not malicious. You can add this process to the exclusions list by clicking Add to exclusions.
In the Exclusion rule window you can find the information that the object kernel mode memory patch which is defined as PDM.Keylogger kernel mode memory patch will not be scanned by Proactive Defense. To add the rule click the OK button.
When the object is added to the list of exclusions the notification window that will inform you that behaviour similar to PDM.Keylogger allowed will appear.
If you suspect the process is malicious, perform the following actions:
Step 1. Run the anti-virus databases update.
Step 2. Run your computer full scan (open the main application window -go to the Scan My Computer tab - click Start Full Scan).
Step 3. Once the scan is complete, export scan report to a file.
Step 4. Create a request to Kaspersky Lab Technical Support via the My Kaspersky Account service. Describe your issue in all details and attach the created report file to the request.