Updated: February 13, 2007 11:38:41 AM
Type: Spyware
Version: 5.2
Publisher: Ikitek
Risk Impact: High
File Names: kbhook4.dll,kl.exe,klkernel.exe,uninst.exe
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows NT, Windows XP
When Spyware.IkitecKL is installed, it performs the following actions:
- Adds the value:
"(Default)"="%ProgramFiles%\Auto Keylogger\kl.exe"
to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\kl.exe
Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
- Adds the values:
"DisplayName"="Auto Keylogger 5.2"
"UninstallString"="%ProgramFiles%\Auto Keylogger\uninst.exe"
"DisplayIcon"="%ProgramFiles%\Auto Keylogger\kl.exe"
"DisplayVersion"="5.2"
"NSIS:StartMenuDir"="Auto Keylogger"
"URLInfoAbout"="http:/ /www.ikitek.com"
"Publisher"="Ikitek Software"
to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Auto Keylogger
3. Adds the value:
"WndMsg"="%ProgramFiles%\Auto Keylogger\klkernel.exe"
to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
so the spyware runs every time that Windows starts.
4. Adds the value:
"WndMsg"="%ProgramFiles%\Auto Keylogger\klkernel.exe"
to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
so the spyware is run as a service every time Windows 95/98/Me starts.
5. Creates the following files:
- %ProgramFiles%\Auto Keylogger\klkernel.dat
- %ProgramFiles%\Auto Keylogger\kl.hlp
- %ProgramFiles%\Auto Keylogger\kl.exe
- %ProgramFiles%\Auto Keylogger\kl.cnt
- %ProgramFiles%\Auto Keylogger\kbhook4.dll
- %ProgramFiles%\Auto Keylogger\whatsnew.txt
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
