AlphaOne Technology Support Forums
Welcome, Guest. Please login or register.
December 02, 2008, 10:47:07 AM

Login with username, password and session length
Search:     Advanced search
1733 Posts in 827 Topics by 4756 Members
Latest Member: Uobeley
* Home Help Search Login Register
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Spyware Alerts  |  Topic: Spyware.KeyboardLogger 0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Spyware.KeyboardLogger  (Read 804 times)
Brad
SysAdmin
Tech Team
Hero Member
********
Offline Offline

Posts: 391



View Profile
Spyware.KeyboardLogger
« on: June 13, 2005, 12:57:32 AM »
Behavior
Spyware.KeyboardLogger logs keystrokes and records the windows in which they were entered.

Symptoms
Files are detected as Spyware.KeyboardLogger

Transmission
Spyware.KeyboardLogger must be manually installed.

technical details
File names: keyspy.exe

When Spyware.KeyboardLogger is installed it does the following:

   1. Creates the following files:

          * %SystemDrive%\Documents and Settings\All Users\Application Data\KLog\ins.dat
          * %UserProfile%\Start Menu\Programs\Keyboard Logger Pro\Help.lnk
          * %UserProfile%\Start Menu\Programs\Keyboard Logger Pro\Keyboard Logger.lnk
          * %UserProfile%\Start Menu\Programs\Keyboard Logger Pro\Order on-line.lnk
          * %UserProfile%\Start Menu\Programs\Keyboard Logger Pro\Uninstall.lnk
          * %ProgramFiles%\Keyboard Logger\KeySpy.exe (Spyware.Keyboardlogger)
          * %ProgramFiles%\Keyboard Logger\kh.dll
          * %ProgramFiles%\Keyboard Logger\kl.chm
          * %ProgramFiles%\Keyboard Logger\license.txt
          * %ProgramFiles%\Keyboard Logger\Order.url
          * %ProgramFiles%\Keyboard Logger\Readme.txt
          * %ProgramFiles%\Keyboard Logger\Uninstall.exe

            Note:
          * %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] (Windows NT/2000/XP).
          * %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
          * %SystemDrive% is a variable that refers to the drive on which Windows is installed. By default, this is drive C.

   2. Adds the following value:

      "pskl" = "%ProgramFiles%\Keyboard Logger Pro\keyspy.exe"

      to the registry subkey:

      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

      so that the risk runs every time Windows starts.

   3. Creates the following registry subkeys:

      HKEY_CURRENT_USER\Software\Keyboard Logger Pro
      HKEY_CLASSES_ROOT\{RandomCLSID}

REMOVAL INSTRUCTIONS
See: http://securityresponse.symantec.com/avcenter/venc/data/spyware.keyboardlogger.html

To delete the values from the registry
   1. Click Start > Run.
   2. Type regedit

      Then click OK.

      Note: If the registry editor fails to open the risk may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.

   3. Navigate to and delete the following subkey:

      HKEY_CURRENT_USER\Software\Keyboard Logger Pro

   4. Navigate to the subkey:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

   5. In the right pane, delete the value:

      "pskl" = "%ProgramFiles%\Keyboard Logger Pro\Keyspy.exe"

   6. Exit the Registry Editor.
Logged
Mambo Hosting Resources
Pages: [1] Go Up Print 
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Spyware Alerts  |  Topic: Spyware.KeyboardLogger « previous next »
Jump to:  

Powered by MySQL Powered by PHP AlphaOne Technology Support Forums | Powered by SMF 1.0.7.
© 2001-2005, Lewis Media. All Rights Reserved. 		Valid XHTML 1.0! Valid CSS!