|
| How to remove Spyware.KeyStalker |
|
| Author:Spyware.KeyStalker Hits: UpdateTime:2008-8-14 9:40:52 |
|
|
|
|
|
|
For remove Spyware.KeyStalker virus,please clean/delete all Spyware.KeyStalker infected files and Delete/Modify any values Spyware.KeyStalker added to the registry as following:
When the program is executed, it creates the following folder:
%ProgramFiles%\KSP Demo\Projects\temp
It also creates the following files:
- %UserProfile%\Desktop\KeyStalker PRO Demo.lnk
- %UserProfile%\Start Menu\Programs\Brown Software Technologies\KeyStalker PRO Demo\KeyStalker PRO Demo.lnk
- %UserProfile%\Start Menu\Programs\Brown Software Technologies\KeyStalker PRO Demo\Readme-Help.lnk
- C:\Documents and Settings\All Users\Application Data\Protexis\664171249.plf
- %ProgramFiles%\KSP Demo\Projects\[DATE AND TIME]\[DATE AND TIME].jpg
- %ProgramFiles%\KSP Demo\EventScheduler.mdb
- %ProgramFiles%\KSP Demo\Help.rtf
- %ProgramFiles%\KSP Demo\KSPDemo.exe
- %ProgramFiles%\KSP Demo\Localization.txt
- %ProgramFiles%\KSP Demo\Localization.xml
- %ProgramFiles%\KSP Demo\riched32.dll
- %ProgramFiles%\KSP Demo\RunAtStartupTool.exe
- %ProgramFiles%\KSP Demo\vbalflbr6.dll
- %Windìr%\Installer\[RANDOM NUMBERS].msi
- %System%\actskn43.ocx
- %System%\dijpg.dll
- %System%\ijl11.dll
- %System%\Memman.vxd
- %System%\skinboxer43.dll
Next, it creates the following registry subkeys:
- HKEY_CURRENT_USER\Software\VB and VBA Program Settings\KeyStalker PRO
- HKEY_LOCAL_MACHINE\SOFTWARE\Brown Software Technologies
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared\Modules
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{338DC50B-4C96-4293-8619-CB50D77CAB5A}
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Brown Software Technologies
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Brown Software Technologies
The program then creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"MSRegScan" = "C:\Program Files\KSP Demo\KSPDemo.exe"
It also creates the following registry entries:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\Memman.vxd" = "1"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\actskn43.ocx" = "1"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\dijpg.dll" = "1"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\ijl11.dll" = "1"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\msvbvm50.dll" = "2"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\skinboxer43.dll" = "2"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\msvcrt.dll" = "4"
The program performs the following activities on the compromised computer:
- Logs keystrokes
- Records screen shots
- Logs Web sites visited
- Sends an email with the gathered information to a remote user
For successful remove Spyware.KeyStalker virus,you may also need do as following:
1. Temporarily Disable System Restore .
2. Update the virus definitions. Reboot computer in SafeMode;
3. Delete the IE temp files,some Spyware.KeyStalker temp file exisit there.
4.If you failed to remove Spyware.KeyStalker,please go to our remove help forum:http://help.antiviruses123.com
|
| End Of The Article How to remove Spyware.KeyStalker remove process |
|
Spyware.PCSurveilPro
Spyware.SpyMonitor
Spyware.HidetoolsSpy
Spyware.HBScreenSpy
Spyware.SilentMonitor
Spyware.LightLogger
Trojan.Spamuzle
Trojan.Spamuzle!inf
PyroAntiSpy
Spyware.UltimateKeylog
SpywareScanner2008
AntiSpyware removal i…
Spyware.TupInsight
Spyware.SpyBossPro
Spyware.ExpressKeylog
Spyware.Borzoi
Internet Speed Monitor…
Trojan.Spryct
SpyGuarder
DisableSpyware remova…
|
