1. /
  2. Security Response/
  3. Spyware.SmartPCKeylog

Spyware.SmartPCKeylog

Updated:
February 1, 2008 3:25:25 PM
Type:
Spyware
Name:
Smart PC Keylogger
Version:
3.02
Publisher:
Irocs-Kingdom.com
Risk Impact:
Medium
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
When the program is executed, it creates the following folder:
%ProgramFiles%\SPK Demo\projects\temp

Next, it creates the following files:
  • %UserProfile%\Desktop\Smart Pc Keylogger Demo.lnk
  • %UserProfile%\Start Menu\Programs\Irocs-Kingdom.com Software\Smart Pc Keylogger Demo\Readme-Help.lnk
  • %UserProfile%\Start Menu\Programs\Irocs-Kingdom.com Software\Smart Pc Keylogger Demo\Smart Pc Keylogger Demo.lnk
  • %ProgramFiles%\SPK Demo\EventScheduler.mdb
  • %ProgramFiles%\SPK Demo\Help.rtf
  • %ProgramFiles%\SPK Demo\Localization.txt
  • %ProgramFiles%\SPK Demo\Localization.xml
  • %ProgramFiles%\SPK Demo\projects\[RANDOM NAME]\caplog*.log
  • %ProgramFiles%\SPK Demo\SPKDemo.exe
  • %Windìr%\Installer\[RANDOM FILE NAME].msi


It also creates the following clean files:
  • %ProgramFiles%\SPK Demo\riched32.dll
  • %ProgramFiles%\SPK Demo\vbalflbr6.dll
  • %System%\actskn43.ocx
  • %System%\dijpg.dll
  • %System%\ijl11.dll
  • %System%\Memman.vxd
  • %System%\skinboxer43.dll
  • %System%\mscomctl.ocx
  • %System%\mswinsck.ocx


The program then creates the following registry subkeys:
  • HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Smart Pc Keylogger
  • HKEY_LOCAL_MACHINE\SOFTWARE\Irocs-Kingdom.com
  • HKEY_LOCAL_MACHINE\SOFTWARE\Irocs-Kingdom.com\Smart Pc Keylogger
  • HKEY_LOCAL_MACHINE\SOFTWARE\Irocs-Kingdom.com\Smart Pc Keylogger\Settings
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared\Modules\[RANDOM NAME]\Settings
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6AA39623-CEDB-4AEA-BE4C-104C7E93502C}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Irocs-Kingdom.com Software\Smart Pc Keylogger Demo
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Irocs-Kingdom.com Software\Smart Pc Keylogger Demo


The program may run in stealth mode in order to hide it's activities from the user.

It performs the following actions on the computer:
  • Records screenshots
  • Monitors user activities
  • Logs user activities


The gathered information is saved and may be viewed by a remote attacker.
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver