||||
Symantec.com > Security Response > Threats and Risks > Spyware.SCKeyLogger
PRINT THIS PAGE

Spyware.SCKeyLogger

Printer Friendly Page

Updated: February 13, 2007 11:50:43 AM
Type: Spyware
Version: 2.2
Publisher: Soft-Central
Risk Impact: High
File Names: The filenames vary from one installation to another.
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP


When Spyware.SCKeyLogger is installed, it performs the following actions:
  1. Creates the following files:

    • %ProgramFiles%\SC-KeyLog PRO DEMO\Main.chm
    • %ProgramFiles%\SC-KeyLog PRO DEMO\Main.exe
    • %ProgramFiles%\SC-KeyLog PRO DEMO\Uninstall.exe
    • %System%\[RANDOM CHARACTERS].dat
    • %System%\[RANDOM CHARACTERS].dll
    • %System%\[RANDOM CHARACTERS].exe
    • %SystemDrive%\[RANDOM CHARACTERS].exe
    • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Main.lnk
    • %UserProfile%\Desktop\Main.lnk
    • %UserProfile%\Start Menu\Programs\SC-KeyLog PRO DEMO\Documentation.lnk
    • %UserProfile%\Start Menu\Programs\SC-KeyLog PRO DEMO\Main.lnk
    • %UserProfile%\Start Menu\Programs\SC-KeyLog PRO DEMO\Uninstall.lnk

      Notes:
    • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
    • %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
    • %SystemDrive% is a variable that refers to the drive on which Windows is installed. By default, this is drive C.
    • %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).

  2. Creates the following registry subkeys:

    HKEY_ALL_USERS\Applications\main.exe
    HKEY_ALL_USERS\Software\SC-KeyLog PRO\
    HKEY_CLASSES_ROOT\.kla
    HKEY_CLASSES_ROOT\klafile
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SC-KeyLog PRO

  3. Creates the following registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\[RANDOM CHARACTERS]

    so that it runs every time Windows starts.

  4. Records keystrokes, which are saved to a log file. The spyware has the functionality to regularly send log files by email to a predefined email address.

  5. Can be used to perform the following actions:

    Choose which keystrokes should be logged.
    Decide how often an email with the log file will be sent to a predefined email address.
    Define both the mail server and the email address to which the log file will be sent.
    Choose how the risk should run on the system and the files it should create.
    Choose whether a fake message should be displayed when a user installs this spyware.


Search by name
Example: W32.Beagle.AG@mm
Windows 7
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS