Spyware.KeyLoggerPro

Printer Friendly Page

Updated: February 13, 2007 11:40:14 AM

Type: Spyware

Version: 5.3.0

Publisher: ExploreAnywhere Software

Risk Impact: High

File Names: keyloggerpro-setup-sw.exe,KeyloggerPro.exe

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

When Spyware.KeyLoggerPro is executed, it performs the following actions:

Creates the following files:
- %ProgramFiles%\ExploreAnywhere\KeyloggerPro\Visit ExploreAnywhere Software, LLC Website.url
- %ProgramFiles%\ExploreAnywhere\KeyloggerPro\Visit the Official Keylogger Pro Website.ur
- %ProgramFiles%\ExploreAnywhere\KeyloggerPro\Purchase Keylogger Pro Now!.url
- %ProgramFiles%\ExploreAnywhere\KeyloggerPro\Readme.txt
- %ProgramFiles%\ExploreAnywhere\KeyloggerPro\license.txt
- %ProgramFiles%\ExploreAnywhere\KeyloggerPro\top.jpg
- %ProgramFiles%\ExploreAnywhere\KeyloggerPro\help.htm
- %Windir%\kpconfig.dat.
- %ProgramFiles%\ExploreAnywhere\KeyloggerPro\KeyloggerPro.exe
- %ProgramFiles%\ExploreAnywhere\KeyloggerPro\klpsscap.dll
- %Windir%\kphooks32.dll
- C:\Documents and Settings\All Users\Start Menu\Programs\Keylogger Pro TRIAL\Keylogger Pro.lnk
- C:\Documents and Settings\All Users\Start Menu\Programs\Keylogger Pro TRIAL\Keylogger Pro Users Guide.lnk
- C:\Documents and Settings\All Users\Start Menu\Programs\Keylogger Pro TRIAL\Visit the Official Keylogger Pro Website.lnk
- C:\Documents and Settings\All Users\Start Menu\Programs\Keylogger Pro TRIAL\Readme.lnk
- C:\Documents and Settings\All Users\Start Menu\Programs\Keylogger Pro TRIAL\License Agreement.lnk
- C:\Documents and Settings\All Users\Start Menu\Programs\Keylogger Pro TRIAL\Purchase Keylogger Pro Now!.lnk
- %Windir%\unvise32.exe
- C:\Documents and Settings\All Users\Start Menu\Programs\Keylogger Pro TRIAL\Remove Keylogger Pro TRIAL.lnk
- %ProgramFiles%\ExploreAnywhere\KeyloggerPro\uninstal.log
- C:\Documents and Settings\All Users\Application Data\kp32\cfg
  
  Notes:
- %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
- %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
Adds the value:

"1Win32Cfg" = "%ProgramFiles%\ExploreAnywhere\KeyloggerPro\keyloggerpro.exe"

to the registry keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

so that Spyware.KeyLoggerPro runs every time Windows starts.
Adds the values:

"buy_url" ="http:/ /www.exploreanywhere.com/buy.php"
"site_url" = "http:/ /www.exploreanywhere.com"

to the registry key:

HKEY_LOCAL_MACHINE\Software\ExploreAnywhere Software\KeyloggerPro
Adds the values:

"DisplayName" = "Keylogger Pro TRIAL"
"UninstallString" = "%Windir%\unvise32.exe %ProgramFiles%\ExploreAnywhere\KeyloggerPro\uninstal.log"

to the registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Keylogger Pro TRIAL
Adds the value:

"%Windir%\unvise32.exe" = "0x1"

to the registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls
Deletes the following registry values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\1SysApp HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\1SysApp
Displays product introduction.
Displays the Software License Agreement.
Allows installation options as follows:
- Administrator: Start menu shortcuts and documentation.
- Stealth/Hidden: No Start menu shortcuts and documentation.
  
  Note: The default installation folder is %ProgramFiles%\ExploreAnywhere\KeyloggerPro.
Allows Start Menu program folder options with optional uninstall features.

Removal

Summary

Search Threats

Search by name

_{Example: W32.Beagle.AG@mm}