1. Symantec/
  2. Security Response/
  3. Spyware.FreeKeyLog

Spyware.FreeKeyLog

Updated:
March 5, 2008 1:30:53 PM
Type:
Spyware
Name:
Free Key Logger
Version:
2.0.0.0
Publisher:
Virtuoza
Risk Impact:
Medium
Systems Affected:
Windows
When the program is executed it creates the following folder:
%System%\RecoveryInfo

It then creates the following files:
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Key Logger.lnk
  • %UserProfile%\Desktop\Free Key Logger.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Free Key Logger\Free Key Logger on the Web.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Free Key Logger\Free Key Logger.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Free Key Logger\OverSpy on the Web.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Free Key Logger\Uninstall Free Key Logger.lnk
  • %ProgramFiles%\Free Key Logger\Config.xml
  • %ProgramFiles%\Free Key Logger\config.~xml
  • %ProgramFiles%\Free Key Logger\Free Key Logger.url
  • %ProgramFiles%\Free Key Logger\FreeKeyLogger.exe
  • %ProgramFiles%\Free Key Logger\Hook.dll
  • %ProgramFiles%\Free Key Logger\OverSpy.url
  • %ProgramFiles%\Free Key Logger\unins000.dat
  • %ProgramFiles%\Free Key Logger\unins000.exe
  • %ProgramFiles%\Free Key Logger\UninsHs.dat
  • %ProgramFiles%\Free Key Logger\UninsHs.exe
  • %System%\ntqsi32.dll


Next, it creates the following registry entries:
  • HKEY_CURRENT_USER\Software\Virtuoza\Free Key Logger\"Path" = "C:\Program Files\Free Key Logger"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Key Logger_is1\"Inno Setup: Setup Version" = "5.1.5"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Key Logger_is1\"Inno Setup: App Path" = "C:\Program Files\Free Key Logger"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Key Logger_is1\"InstallLocation" = "C:\Program Files\Free Key Logger\"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Key Logger_is1\"Inno Setup: Icon Group" = "Free Key Logger"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Key Logger_is1\"Inno Setup: User" = "Administrator"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Key Logger_is1\"Inno Setup: Selected Tasks" = "desktopicon,quicklaunchicon"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Key Logger_is1\"Inno Setup: Deselected Tasks" = " "
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Key Logger_is1\"DisplayName" = "Free Key Logger 2.0"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Key Logger_is1\"UninstallString" = "C:\Program Files\Free Key Logger\UninsHs.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Key Logger_is1\"QuietUninstallString" = ""C:\Program Files\Free Key Logger\unins000.exe" /SILENT"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Key Logger_is1\"Publisher" = "Virtuoza"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Key Logger_is1\"URLInfoAbout" = "http://www.virtuoza.com"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Key Logger_is1\"HelpLink" = "http://www.overspy.com/support/"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Key Logger_is1\"URLUpdateInfo" = "http://www.overspy.com/free-key-logger/"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Key Logger_is1\"NoModify" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Key Logger_is1\"NoRepair" = "1"

The program creates the following registry entry so that it runs every time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Free Key Logger" = "C:\Program Files\Free Key Logger\freekeylogger.exe"

It also modifies entries under the following registry subkey so that it disables Windows Task Manager:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

The program records keystrokes from the computer.

It may run silently in the backround in order to avoid detection.
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube