Spyware.ComKeylogger

Printer Friendly Page

Updated: February 13, 2007 11:45:56 AM
Type: Spyware
Version: 1.3
Publisher: ETN
Risk Impact: High
File Names: etnkeylog.msi ETNKL.exe
Systems Affected: Windows

Behavior


Spyware.ComKeylogger is a spyware program that logs key strokes, catures screenshots, and monitors Internet activity. It also can email logs to a predefined address.

Symptoms


Your Symantec program detects Spyware.ComKeylogger.

Transmission


This security risk must be manually installed.

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version February 01, 2015 revision 020
  • Initial Daily Certified version July 22, 2005
  • Latest Daily Certified version March 21, 2011 revision 033
  • Initial Weekly Certified release date July 27, 2005

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Updated: February 13, 2007 11:45:56 AM
Type: Spyware
Version: 1.3
Publisher: ETN
Risk Impact: High
File Names: etnkeylog.msi ETNKL.exe
Systems Affected: Windows


When Spyware.ComKeylogger is installed, it does the following:

  1. Creates the following files:

    • %UserProfile%\Desktop\ComputerKeylogger.com Full.lnk
    • %UserProfile%\Local Settings\Temp\JET9024.tmp
    • %UserProfile%\Local Settings\Temp\~DF3212.tmp
    • %UserProfile%\Start Menu\Programs\ETN Software\ComputerKeylogger.com Full\ComputerKeylogger.com Full.lnk
    • %UserProfile%\Start Menu\Programs\ETN Software\ComputerKeylogger.com Full\Readme-Help.lnk
    • %ProgramFiles%\ETNKL\ETNKL.exe - detected as Spyware.ComKeylogger
    • %ProgramFiles%\ETNKL\EventScheduler.ldb
    • %ProgramFiles%\ETNKL\EventScheduler.mdb
    • %ProgramFiles%\ETNKL\Help.rtf
    • %ProgramFiles%\ETNKL\riched32.dll
    • %Windir%\Installer\[random_name].msi - detected as Spyware.ComKeylogger
    • %System%\actskn43.ocx
    • %System%\dijpg.dll
    • %System%\richtx32.ocx
    • %System%\skinboxer43.dll

      Note:
    • %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
    • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt (Windows NT/2000).
    • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
    • %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).

  2. Creates the following registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00F442C2-5C9E-4ae5-AF7D-FB4E0350C2E3}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13AFA3A3-5687-487c-93F2-63D5DA468F4E}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BE669B7-D464-438A-94A7-7FDA6C47BA47}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32239586-29DE-4268-8AF3-CE7658D3D672}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AAECB3B-3D56-47c7-8706-77899E73802A}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62289CBE-3BE2-4ba9-AC20-A911C900039A}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66A21AEA-5A05-46b5-B7CD-C1AAAF4770CD}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78E5A540-1850-11CF-9D53-00AA003C9CB6}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{795514CB-A81C-48f6-87AB-5B22D433D5D8}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFC634B0-4B8B-11CF-8989-00AA00688B10}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B195FE25-16D9-4d1b-AD10-0701F9A5E277}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B617B991-A767-4F05-99BA-AC6FCABB102E}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA8C584B-209C-4d54-8BB1-8AB5F1DCA18E}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D1698320-77BD-4776-96FD-C3C8D71E57E2}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E28DD8A6-E9BC-4d3e-A7F7-BC9644138CE2}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC2EC911-E047-4810-9535-6CAFE1ADC3AD}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDBA2AAC-8A00-4eed-A2E4-74BFB760BE10}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Component Categories\{55E89939-3D2B-4954-80EA-2703A8EA1A10}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3B7C8862-D78F-101B-B9B5-04021C009402}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{859321D0-3FD1-11CF-8981-00AA00688B10}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{92AEA298-248E-45DB-97B6-A8C7CD5892E7}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A4AB5D2E-CEAE-4DD2-B99F-C9508575ADC7}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B3F3C14C-FED2-45B8-9EE2-036460E8B171}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E9A5593C-CAB0-11D1-8C0B-0000F8754DA1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ED117630-4090-11CF-8981-00AA00688B10}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF19F6B2-10D9-46B1-9050-2E8E2C4B2DDD}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3B7C8863-D78F-101B-B9B5-04021C009402}\1.2
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{61DDCB65-FFA8-42EE-9AB9-88EC8184120C}\1.0
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{74848F95-A02A-4286-AF0C-A3C755E4A5B3}\1.0
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveSkin4.Skin2
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveSkin4.Skin2.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveSkin4.SkinLabel2
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveSkin4.SkinLabel2.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RICHTEXT.RichtextCtrl
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RICHTEXT.RichtextCtrl.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SkinBoxer43.SkinBoxer
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SkinBoxer43.SkinBoxer.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\D76BD97D6440ED747ABDE9813D71C215
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7E0033D-A631-4E97-8CEF-53C3F362BE9F}
    HKEY_LOCAL_MACHINE\SOFTWARE\ETN\ComputerKeylogger.com
    HKEY_CURRENT_USER\Software\Microsoft\Installer\Features\D3300E7C136A79E4C8FE353C3F26EBF9
    HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\D3300E7C136A79E4C8FE353C3F26EBF9
    HKEY_CURRENT_USER\Software\Microsoft\Installer\UpgradeCodes\D76BD97D6440ED747ABDE9813D71C215
    HKEY_CURRENT_USER\Software\Classes\CLSID\{0000002F-0000-0000-C000-000000000046}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{00020420-0000-0000-C000-000000000046}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{00020421-0000-0000-C000-000000000046}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{00020422-0000-0000-C000-000000000046}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{00020423-0000-0000-C000-000000000046}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{00020425-0000-0000-C000-000000000046}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{0002E005-0000-0000-C000-000000000046}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}
    HKEY_CURRENT_USER\Software\Classes\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}
    HKEY_CURRENT_USER\Software\Classes\Interface\{1EFB6594-857C-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{1EFB6595-857C-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{1EFB6597-857C-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{1EFB6599-857C-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{20DD1B9B-87C4-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER\Software\Classes\Interface\{20DD1B9D-87C4-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER\Software\Classes\Interface\{232E4565-87C3-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER\Software\Classes\Interface\{232E4569-87C3-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER\Software\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}
    HKEY_CURRENT_USER\Software\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}
    HKEY_CURRENT_USER\Software\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}
    HKEY_CURRENT_USER\Software\Classes\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}
    HKEY_CURRENT_USER\Software\Classes\Interface\{2C247F21-8591-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{2C247F22-8591-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{2C247F24-8591-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{2C247F26-8591-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{35053A20-8589-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{35053A21-8589-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{603C7E7E-87C2-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER\Software\Classes\Interface\{603C7E7F-87C2-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER\Software\Classes\Interface\{66833FE4-8583-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{66833FE5-8583-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{66833FE7-8583-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{66833FE9-8583-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{66833FEB-8583-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{66833FED-8583-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{8E3867A1-8586-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{8E3867A2-8586-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{8E3867A4-8586-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{8E3867AA-8586-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{B09DE713-87C1-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER\Software\Classes\Interface\{B09DE714-87C1-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER\Software\Classes\Interface\{BDD1F049-858B-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{BDD1F04A-858B-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{BDD1F04C-858B-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{BDD1F04E-858B-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{BDD1F050-858B-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{BDD1F051-858B-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{BDD1F053-858B-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{BDD1F055-858B-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{C74190B4-8589-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{C74190B5-8589-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{C74190B7-8589-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{C74190B8-8589-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{C8A3DC00-8593-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{DD9DA660-8594-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{DD9DA662-8594-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{DD9DA664-8594-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{DD9DA665-8594-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{F08DF952-8592-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{F08DF953-8592-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER\Software\Classes\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}
    HKEY_CURRENT_USER\Software\Classes\Interface\{FE387538-44A3-11D1-B5B7-0000C09000C4}
    HKEY_CURRENT_USER\Software\Classes\Interface\{FE387539-44A3-11D1-B5B7-0000C09000C4}
    HKEY_CURRENT_USER\Software\Classes\Component Categories
    HKEY_CURRENT_USER\Software\Classes\MSComCtl2.Animation
    HKEY_CURRENT_USER\Software\Classes\MSComCtl2.Animation.2
    HKEY_CURRENT_USER\Software\Classes\MSComCtl2.DTPicker
    HKEY_CURRENT_USER\Software\Classes\MSComCtl2.DTPicker.2
    HKEY_CURRENT_USER\Software\Classes\MSComCtl2.FlatScrollBar
    HKEY_CURRENT_USER\Software\Classes\MSComCtl2.FlatScrollBar.2
    HKEY_CURRENT_USER\Software\Classes\MSComCtl2.MonthView
    HKEY_CURRENT_USER\Software\Classes\MSComCtl2.MonthView.2
    HKEY_CURRENT_USER\Software\Classes\MSComCtl2.UpDown
    HKEY_CURRENT_USER\Software\Classes\MSComCtl2.UpDown.2
    HKEY_CURRENT_USER\Software\Classes\MSComctlLib.ImageComboCtl
    HKEY_CURRENT_USER\Software\Classes\MSComctlLib.ImageComboCtl.2
    HKEY_CURRENT_USER\Software\Classes\MSComctlLib.ImageListCtrl
    HKEY_CURRENT_USER\Software\Classes\MSComctlLib.ImageListCtrl.2
    HKEY_CURRENT_USER\Software\Classes\MSComctlLib.ListViewCtrl
    HKEY_CURRENT_USER\Software\Classes\MSComctlLib.ListViewCtrl.2
    HKEY_CURRENT_USER\Software\Classes\MSComctlLib.ProgCtrl
    HKEY_CURRENT_USER\Software\Classes\MSComctlLib.ProgCtrl.2
    HKEY_CURRENT_USER\Software\Classes\MSComctlLib.SBarCtrl
    HKEY_CURRENT_USER\Software\Classes\MSComctlLib.SBarCtrl.2
    HKEY_CURRENT_USER\Software\Classes\MSComctlLib.Slider
    HKEY_CURRENT_USER\Software\Classes\MSComctlLib.Slider.2
    HKEY_CURRENT_USER\Software\Classes\MSComctlLib.TabStrip
    HKEY_CURRENT_USER\Software\Classes\MSComctlLib.TabStrip.2
    HKEY_CURRENT_USER\Software\Classes\MSComctlLib.Toolbar
    HKEY_CURRENT_USER\Software\Classes\MSComctlLib.Toolbar.2
    HKEY_CURRENT_USER\Software\Classes\MSComctlLib.TreeCtrl
    HKEY_CURRENT_USER\Software\Classes\MSComctlLib.TreeCtrl.2
    HKEY_CURRENT_USER\Software\Classes\MSComDlg.CommonDialog
    HKEY_CURRENT_USER\Software\Classes\MSComDlg.CommonDialog.1
    HKEY_CURRENT_USER\Software\Classes\MSWinsock.Winsock
    HKEY_CURRENT_USER\Software\Classes\MSWinsock.Winsock.1
    HKEY_CURRENT_USER\Software\Classes\OldFont
    HKEY_CURRENT_USER\Software\Classes\StdFont
    HKEY_CURRENT_USER\Software\Classes\StdPicture
    HKEY_CURRENT_USER\Software\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}
    HKEY_CURRENT_USER\Software\Classes\TypeLib\{000204EF-0000-0000-C000-000000000046}\6.0
    HKEY_CURRENT_USER\Software\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0
    HKEY_CURRENT_USER\Software\Classes\TypeLib\{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}\2.0
    HKEY_CURRENT_USER\Software\Classes\TypeLib\{86CF1D34-0C5F-11D2-A9FC-0000F8754DA1}\2.0
    HKEY_CURRENT_USER\Software\Classes\TypeLib\{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}\6.0
    HKEY_CURRENT_USER\Software\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2
    HKEY_CURRENT_USER\Software\VB and VBA Program Settings\ComputerKeylogger.com
    HKEY_CURRENT_USER_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}
    HKEY_CURRENT_USER_Classes\CLSID\{00020420-0000-0000-C000-000000000046}
    HKEY_CURRENT_USER_Classes\CLSID\{00020421-0000-0000-C000-000000000046}
    HKEY_CURRENT_USER_Classes\CLSID\{00020422-0000-0000-C000-000000000046}
    HKEY_CURRENT_USER_Classes\CLSID\{00020423-0000-0000-C000-000000000046}
    HKEY_CURRENT_USER_Classes\CLSID\{00020424-0000-0000-C000-000000000046}
    HKEY_CURRENT_USER_Classes\CLSID\{00020425-0000-0000-C000-000000000046}
    HKEY_CURRENT_USER_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}
    HKEY_CURRENT_USER_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}
    HKEY_CURRENT_USER_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}
    HKEY_CURRENT_USER_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER_Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}
    HKEY_CURRENT_USER_Classes\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}
    HKEY_CURRENT_USER_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}
    HKEY_CURRENT_USER_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}
    HKEY_CURRENT_USER_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}
    HKEY_CURRENT_USER_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}
    HKEY_CURRENT_USER_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}
    HKEY_CURRENT_USER_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}
    HKEY_CURRENT_USER_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
    HKEY_CURRENT_USER_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}
    HKEY_CURRENT_USER_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}
    HKEY_CURRENT_USER_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}
    HKEY_CURRENT_USER_Classes\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}
    HKEY_CURRENT_USER_Classes\Interface\{1EFB6594-857C-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{1EFB6595-857C-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{1EFB6597-857C-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{1EFB6599-857C-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{20DD1B9B-87C4-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER_Classes\Interface\{20DD1B9D-87C4-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER_Classes\Interface\{232E4565-87C3-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER_Classes\Interface\{232E4569-87C3-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER_Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}
    HKEY_CURRENT_USER_Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}
    HKEY_CURRENT_USER_Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}
    HKEY_CURRENT_USER_Classes\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}
    HKEY_CURRENT_USER_Classes\Interface\{2C247F21-8591-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{2C247F22-8591-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{2C247F24-8591-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{2C247F26-8591-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{35053A20-8589-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{35053A21-8589-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{603C7E7E-87C2-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER_Classes\Interface\{603C7E7F-87C2-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER_Classes\Interface\{66833FE4-8583-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{66833FE5-8583-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{66833FE7-8583-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{66833FE9-8583-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{66833FEB-8583-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{66833FED-8583-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{8E3867A1-8586-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{8E3867A2-8586-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{8E3867A4-8586-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{8E3867AA-8586-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{B09DE713-87C1-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER_Classes\Interface\{B09DE714-87C1-11D1-8BE3-0000F8754DA1}
    HKEY_CURRENT_USER_Classes\Interface\{BDD1F049-858B-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{BDD1F04A-858B-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{BDD1F04C-858B-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{BDD1F04E-858B-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{BDD1F050-858B-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{BDD1F051-858B-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{BDD1F053-858B-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{BDD1F055-858B-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{C74190B4-8589-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{C74190B5-8589-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{C74190B7-8589-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{C74190B8-8589-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{C8A3DC00-8593-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{DD9DA660-8594-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{DD9DA662-8594-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{DD9DA664-8594-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{DD9DA665-8594-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{F08DF952-8592-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{F08DF953-8592-11D1-B16A-00C0F0283628}
    HKEY_CURRENT_USER_Classes\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}
    HKEY_CURRENT_USER_Classes\Interface\{FE387538-44A3-11D1-B5B7-0000C09000C4}
    HKEY_CURRENT_USER_Classes\Interface\{FE387539-44A3-11D1-B5B7-0000C09000C4}
    HKEY_CURRENT_USER_Classes\Component Categories
    HKEY_CURRENT_USER_Classes\MSComCtl2.Animation
    HKEY_CURRENT_USER_Classes\MSComCtl2.Animation.2
    HKEY_CURRENT_USER_Classes\MSComCtl2.DTPicker
    HKEY_CURRENT_USER_Classes\MSComCtl2.DTPicker.2
    HKEY_CURRENT_USER_Classes\MSComCtl2.FlatScrollBar
    HKEY_CURRENT_USER_Classes\MSComCtl2.FlatScrollBar.2
    HKEY_CURRENT_USER_Classes\MSComCtl2.MonthView
    HKEY_CURRENT_USER_Classes\MSComCtl2.MonthView.2
    HKEY_CURRENT_USER_Classes\MSComCtl2.UpDown
    HKEY_CURRENT_USER_Classes\MSComCtl2.UpDown.2
    HKEY_CURRENT_USER_Classes\MSComctlLib.ImageComboCtl
    HKEY_CURRENT_USER_Classes\MSComctlLib.ImageComboCtl.2
    HKEY_CURRENT_USER_Classes\MSComctlLib.ImageListCtrl
    HKEY_CURRENT_USER_Classes\MSComctlLib.ImageListCtrl.2
    HKEY_CURRENT_USER_Classes\MSComctlLib.ListViewCtrl
    HKEY_CURRENT_USER_Classes\MSComctlLib.ListViewCtrl.2
    HKEY_CURRENT_USER_Classes\MSComctlLib.ProgCtrl
    HKEY_CURRENT_USER_Classes\MSComctlLib.ProgCtrl.2
    HKEY_CURRENT_USER_Classes\MSComctlLib.SBarCtrl
    HKEY_CURRENT_USER_Classes\MSComctlLib.SBarCtrl.2
    HKEY_CURRENT_USER_Classes\MSComctlLib.Slider
    HKEY_CURRENT_USER_Classes\MSComctlLib.Slider.2
    HKEY_CURRENT_USER_Classes\MSComctlLib.TabStrip
    HKEY_CURRENT_USER_Classes\MSComctlLib.TabStrip.2
    HKEY_CURRENT_USER_Classes\MSComctlLib.Toolbar
    HKEY_CURRENT_USER_Classes\MSComctlLib.Toolbar.2
    HKEY_CURRENT_USER_Classes\MSComctlLib.TreeCtrl
    HKEY_CURRENT_USER_Classes\MSComctlLib.TreeCtrl.2
    HKEY_CURRENT_USER_Classes\MSComDlg.CommonDialog
    HKEY_CURRENT_USER_Classes\MSComDlg.CommonDialog.1
    HKEY_CURRENT_USER_Classes\MSWinsock.Winsock
    HKEY_CURRENT_USER_Classes\MSWinsock.Winsock.1
    HKEY_CURRENT_USER_Classes\OldFont
    HKEY_CURRENT_USER_Classes\StdFont
    HKEY_CURRENT_USER_Classes\StdPicture
    HKEY_CURRENT_USER_Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0
    HKEY_CURRENT_USER_Classes\TypeLib\{000204EF-0000-0000-C000-000000000046}\6.0
    HKEY_CURRENT_USER_Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0
    HKEY_CURRENT_USER_Classes\TypeLib\{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}\2.0
    HKEY_CURRENT_USER_Classes\TypeLib\{86CF1D34-0C5F-11D2-A9FC-0000F8754DA1}\2.0
    HKEY_CURRENT_USER_Classes\TypeLib\{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}\6.0
    HKEY_CURRENT_USER_Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2

  3. Adds the value:

    "MSRegScan" = "%ProgramFiles%\ETNKL\ETNKL"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that it runs every time Windows starts.

  4. Logs key strokes, catures screenshots, and monitors Internet activity.


Updated: February 13, 2007 11:45:56 AM
Type: Spyware
Version: 1.3
Publisher: ETN
Risk Impact: High
File Names: etnkeylog.msi ETNKL.exe
Systems Affected: Windows


The following instructions pertain to all Symantec antivirus products that support security risk detection.

  1. Uninstall the security risk.
  2. Run a full system scan.
  3. Delete the related files and folders.
  4. Delete the value that was added to the registry.

1. To uninstall the security risk
This security risk includes an uninstallation applet. In order to uninstall this security risk, complete the following instructions:
  1. Click Start > Settings > Control Panel or Start > Control Panel (this varies with the operating system).

  2. In the Control Panel window, double-click Add/Remove Programs.

    Windows Me only: If you do not see the Add/Remove Programs icon, click ...view all Control Panel options.

  3. Click ETNKL.

    Note:
    You may need to use the scroll bar to view the whole list.

  4. Click Add/Remove, Change/Remove, or Remove (this varies with the operating system). Follow the prompts.

    Note: After running the Add/Remove programs applet, all the files may have been removed. You will want to run a full system scan to ensure that this is the case. However, it is possible that no files will be detected after using Add/Remove programs.

2. To run the scan
  1. Start your Symantec antivirus program, and then run a full system scan.

    Note: If you ran the Add/Remove programs applet as described in the previous section, all the files may have been removed, and thus none of them will be detected.
  2. If any files are detected as Spyware.SpyOutside and depending on which software version you are using, you may see one or more of the following options:

    Note: This applies only to versions of Norton AntiVirus that support Security Risk detection. If you are running a version of Symantec AntiVirus Corporate Edition that supports Security Risk detection, and Security Risk detection has been enabled, you will only see a message box that gives the results of the scan. If you have questions in this situation, contact your network administrator.
    • Exclude (Not recommended): If you click this button, it will set the threat so that it is no longer detectable. That is, the antivirus program will keep the security risk on your computer and will no longer detect it to remove from your computer.

    • Ignore or Skip: This option tells the scanner to ignore the threat for this scan only. It will be detected again the next time that you run a scan.

    • Cancel: This option is new to Norton Antivirus 2005. It is used when Norton Antivirus 2005 has determined that it cannot delete a security risk. This Cancel option tells the scanner to ignore the threat for this scan only, and thus, the threat will be detected again the next time that you run a scan.

      To actually delete the security risk:
      • Click its file name (under the Filename column).
      • In the Item Information box that displays, write down the full path and file name.
      • Then use Windows Explorer to locate and delete the file.
      • If Windows reports that it cannot delete the file, this indicates that the file is in use. In this situation, complete the rest of the instructions on this page, restart the computer in Safe mode, and then delete the file using Windows Explorer.

    • Delete: This option will attempt to delete the detected files. In some cases, the scanner will not be able to do this.
      • If you see a message, "Delete Failed" (or similar message), manually delete the file.
      • Click the file name of the threat that is under the Filename column.
      • In the Item Information box that displays, write down the full path and file name.
      • Then use Windows Explorer to locate and delete the file.

        If Windows reports that it cannot delete the file, this indicates that the file is in use. In this situation, complete the rest of the instructions on this page, restart the computer in Safe mode, and then delete the file using Windows Explorer.

3. To delete the related files and folders
  1. Navigate to %ProgramFiles%.
  2. Delete the folder "ETNKL" and all the files contained within that folder.


4. To delete the value from the registry
Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry ," for instructions.
  1. Click Start > Run.
  2. Type regedit

    Then click OK.

  3. Navigate to the key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

  4. In the right pane, delete the value:

    "MSRegScan" = "%ProgramFiles%\ETNKL\ETNKL"

  5. Exit the Registry Editor.