Hacktool.Keylogger

Printer Friendly Page

Updated: February 13, 2007 11:43:15 AM
Type: Hack Tool
Risk Impact: Low
File Names: Hook.dll
Systems Affected: Windows

Behavior


Hacktool.Keylogger is a hacktool that logs keystrokes on the compromised computer.

Symptoms


The presence of one or more files detected as Hacktool.Keylogger.

Transmission


This hacktool can be installed as part of a threat, such as a Trojan horse.

Antivirus Protection Dates

  • Initial Rapid Release version May 30, 2003
  • Latest Rapid Release version April 17, 2018 revision 007
  • Initial Daily Certified version May 30, 2003 revision 041
  • Latest Daily Certified version April 17, 2018 revision 017
  • Initial Weekly Certified release date May 31, 2003

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Updated: February 13, 2007 11:43:15 AM
Type: Hack Tool
Risk Impact: Low
File Names: Hook.dll
Systems Affected: Windows


Hacktool.Keylogger is a hacktool used to log keystrokes on a compromised computer.

This hacktool often appears as part of a threat, such as a Trojan horse. The keystrokes can be sent to the Trojan as Window Message.

Updated: February 13, 2007 11:43:15 AM
Type: Hack Tool
Risk Impact: Low
File Names: Hook.dll
Systems Affected: Windows


These procedures pertain to all current and recent Symantec security products, including the Symantec Antivirus and Norton Antivirus product lines. Symantec Security Response has tested all the virus definitions for quality assurance.

  1. Update the virus definitions.
  2. Run a full system scan and delete all the files detected as Hacktool.Keylogger.

1. Updating the virus definitions
If your computer shows symptoms of this program, update your virus definitions.

There are two ways to obtain the most recent virus definitions:
  • Running LiveUpdate, which is the easiest way to obtain virus definitions: These virus definitions are posted to the LiveUpdate servers once each week (usually on Wednesdays), unless there is a major virus outbreak. To determine whether definitions for this threat are available by LiveUpdate, refer to the Virus Definitions (LiveUpdate).
  • Downloading the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are posted on U.S. business days (Monday through Friday). You should download the definitions from the Symantec Security Response Web site and manually install them. To determine whether definitions for this threat are available by the Intelligent Updater, refer to the Virus Definitions (Intelligent Updater).

    The Intelligent Updater virus definitions are available: Read "How to update virus definition files using the Intelligent Updater" for detailed instructions.


2. Scanning for and deleting all the files detected as Hacktool.Keylogger.
  1. Start your Symantec antivirus program, and then run a full system scan.

    Note: If you ran the Add/Remove programs applet as described in the previous section, all the files may have been removed, and thus none of them will be detected.
  2. If any files are detected as Hacktool.Keylogger and depending on which software version you are using, you may see one or more of the following options:

    Note: This applies only to versions of Norton AntiVirus that support security risk detection. If you are running a version of Symantec AntiVirus Corporate Edition that supports security risk detection, and security risk detection has been enabled, you will only see a message box that gives the results of the scan. If you have questions in this situation, contact your network administrator.
    • Exclude (Not recommended): If you click this button, it will set the risk so that it is no longer detectable. That is, the antivirus program will keep the security risk on your computer and will no longer detect it to remove from your computer.

    • Ignore or Skip: This option tells the scanner to ignore the risk for this scan only. It will be detected again the next time that you run a scan.

    • Cancel: This option is new to Norton Antivirus 2005. It is used when Norton Antivirus 2005 has determined that it cannot delete a security risk. This Cancel option tells the scanner to ignore the risk for this scan only, and thus, the risk will be detected again the next time that you run a scan.

      To actually delete the security risk:
      • Click its file name (under the Filename column).
      • In the Item Information box that displays, write down the full path and file name.
      • Then use Windows Explorer to locate and delete the file.

        If Windows reports that it cannot delete the file, this indicates that the file is in use. In this situation, complete the rest of the instructions on this page, restart the computer in Safe mode, and then delete the file using Windows Explorer. Restart the computer in Normal mode.

    • Delete: This option will attempt to delete the detected files. In some cases, the scanner will not be able to do this.
      • If you see a message, "Delete Failed" (or similar message), manually delete the file.
      • Click the file name of the risk that is under the Filename column.
      • In the Item Information box that displays, write down the full path and file name.
      • Then use Windows Explorer to locate and delete the file.

        If Windows reports that it cannot delete the file, this indicates that the file is in use. In this situation, complete the rest of the instructions on this page, restart the computer in Safe mode, and then delete the file using Windows Explorer. Restart the computer in Normal mode.