1. /
  2. Security Response/
  3. Spyware.SuperKeylogger

Spyware.SuperKeylogger

Updated:
February 13, 2007 11:48:57 AM
Type:
Spyware
Risk Impact:
High
File Names:
%UserProfile%\Desktop\SuperKeylogger.lnk %SystemDrive%\Documents and Settings\All Users\Start Men
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows NT, Windows Server 2003, Windows XP

When Spyware.SuperKeylogger is executed, it performs the following actions:
  1. Creates the following files:

    • %UserProfile%\Desktop\SuperKeylogger.lnk
    • %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Sklgr30\SuperKeylogger.lnk
    • %ProgramFiles%\Sklgr30\1\aslee.log
    • %ProgramFiles%\Sklgr30\appLog1.log
    • %ProgramFiles%\Sklgr30\appLog2.log
    • %ProgramFiles%\Sklgr30\Aslee.dll
    • %ProgramFiles%\Sklgr30\config.dll
    • %ProgramFiles%\Sklgr30\Mainapppath.sys
    • %ProgramFiles%\Sklgr30\ms.dll
    • %ProgramFiles%\Sklgr30\Naslee.dll
    • %ProgramFiles%\Sklgr30\PCService.exe
    • %ProgramFiles%\Sklgr30\SChal.exe
    • %ProgramFiles%\Sklgr30\ServiceName.ini
    • %ProgramFiles%\Sklgr30\Settings.dll
    • %ProgramFiles%\Sklgr30\Sk.exe
    • %ProgramFiles%\Sklgr30\sklgr.exe
    • %ProgramFiles%\Sklgr30\UnInstaller.exe


      Note:
    • %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP)
    • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
    • %SystemDrive% is a variable that refers to the drive on which Windows is installed. By default, this is drive C.

  2. Adds the value:

    "sysApp" = "C:\Program Files\Sklgr30\sklgr.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

  3. Monitors and records keystrokes, instant message conversations, and Web sites visited.

  4. Periodically captures screenshots.



Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver