Spyware.LocalKeylog

6 October 2007 Spyware 0 Comment

Spyware.LocalKeylog is a program that will monitor and logs any activity on the target computer. Spyware.LocalKeylog was designed to record key strokes to capture sensitive information such as user name and passwords. It is widely available online as a commercial and legit program.

Technical Information:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Manual Removal of Spyware.LocalKeylog:

1. Temporarily Disable System Restore (Windows Me/XP/Vista/7) . [how to]
2. Update the virus definitions.
3. Restart Windows in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
6. Exit registry editor and restart Windows.

Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses.

Technical Details and Additional Information:

Other functionalities of this Trojan:
- Logs key strokes and log-in information
- Copy clipboard data
- Launched applications and save screen shots of the system

Malicious Files Added by Spyware.LocalKeylog:
%ProgramFiles%\Local Keylogger Pro\Data\Desktop_cur\Local Keylogger Pro.lnk
%ProgramFiles%\Local Keylogger Pro\Data\RegUninst.reg
%ProgramFiles%\Local Keylogger Pro\Data\Startmenu_cur\Local Keylogger Pro\Local Keylogger Pro.lnk
%ProgramFiles%\Local Keylogger Pro\Data\Startmenu_cur\Local Keylogger Pro\Uninstall.lnk
%ProgramFiles%\Local Keylogger Pro\klg.dll
%ProgramFiles%\Local Keylogger Pro\klg.exe
%ProgramFiles%\Local Keylogger Pro\klg.ini
%ProgramFiles%\Local Keylogger Pro\LogData\2007-10-04.htm
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\arrowglyph-lr.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\arrowglyph-ud.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\button-glow.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\buttons.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\checkbox-glow.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\checkbox.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\checkbox_old.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\close-glow.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\Close.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\ComboBox.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\ComboButton.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\ComboButtonGlyph.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\CopySettings.avi
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\Delete-to-bin.avi
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\DeletePermenantly.avi
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\dialog_bg.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\EmptyBin.avi
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\explorer_bg.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\FileCopy.avi
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\FileDownload.avi
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\FrameBottom.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\FrameLeft.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\FrameRight.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\FrameTop.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\Go-btn-hot.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\Go-btn-norm.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\groupbox-top.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\groupbox-top.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\Groupbox.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\gr_MenuFrame.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\gr_taskitem.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\header.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\HScrollShaft.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\HScrollThumb.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\logoffbutton-bg.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\logoffbuttons.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\max-dis.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\max-glow.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\Maximize.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\MDIButtons.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\Menu.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\menubutton.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\menuextras.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\MenuFrame.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\MenuItem.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\Menuwb4.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\min-dis.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\min-glow.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\Minimize.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\minimizedwindow-caption.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\notextcap.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\PaneItemBackground.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\Progressbar.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\radio-glow.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\radio.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\radio_old.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\Rebar.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\Restore.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\rollcap-l.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\rollcap-r.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\ScrollArrows.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\shellbar.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\shellbg.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\shellbox-bg.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\shellcontrolback.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\shellcontrolback_top.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\shellcontrolpanel-tb.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\shellmovies-tb.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\shellmovies.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\shellmoviesmall.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\shellmusic-tb.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\shellmusic.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\shellmusicsmall.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\shellpics-tb.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\shellpictures.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\shellpicturesmall.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\shellroll-hover.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\shellroll.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\shellsearch.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\shellsearchsmall.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\shellstyle.xps
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\spinner-lr.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\spinner.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\start-glow.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\StartButtonXP.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\startmenuitem.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\StartPanelBottomBar.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\StartPanelBottomBar.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\StartPanelBottomBar2.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\StartPanelMorePrograms.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\StartPanelMorePrograms.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\StartPanelMoreProgramsArrow.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\StartPanelPlacesList.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\StartPanelPlacesList.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\StartPanelPlacesListSeparator.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\StartPanelProgList.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\StartPanelProgList.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\StartPanelProgListSeparator.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\StartPanelUserPane.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\StartPanelUserPane.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\StartPanelUserPicture.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\Status.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\sysicon.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\TabPanel.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\tabs.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\TaskBar.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\TaskBarSize.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\TaskBarSizeV.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\TaskBarV.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\TaskButton-ani2.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\taskflash.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\TaskRebar.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\TaskRebarV.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\TempAVI.avi
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\textbg.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\textbg2.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\textcap.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\ToolbarExplorerLarge.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\ToolbarExplorerLargeHot.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\ToolbarExplorerSmall.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\ToolbarExplorerSmallHot.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\ToolbarInternetLarge.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\ToolbarInternetLargeHot.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\ToolbarInternetSmall.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\ToolbarInternetSmallHot.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\toolbuttons2.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\ToolFrameBottom.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\ToolFrameSides.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\ToolFrameTop.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\ToolWindowClose.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\ToolWindowCloseGlyph.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\ToolWindowMaxGlyph.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\ToolWindowMinimizeGlyph.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\ToolWindowRestGlyph.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\trackbar-down.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\trackbar-horiz.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\trackbar-htrack.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\trackbar-left.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\trackbar-right.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\trackbar-up.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\trackbar-vert.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\trackbar-vtrack.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\Tray.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\trayarrow.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\TrayV.tga
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\tree_expander.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\Tronnix (compact start menu).sss_Button.CheckBox.WB4
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\Tronnix Subskin.Animations
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\Tronnix Subskin.ToolBarIcons
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\Tronnix.ssd
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\Tronnix.uis
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\VScrollShaft.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\VScrollThumb.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\xplogoffwndback.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\xplogoffwndbuttonslight.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\xplogoffwndlogo.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\xpshutdownwndbuttonslight.bmp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\xpstuff.xp
%ProgramFiles%\Local Keylogger Pro\Skin\Tronnix\xpstuff2.xp
%ProgramFiles%\Local Keylogger Pro\uninst.exe
%System%\6DAEE2BCFEDB43a581D1CC58E9642691.ini

Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”RKLG Startup” = “C:\Program Files\Local Keylogger Pro\klg.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\RunOnce\”RKLG Startup” = “C:\Program Files\Local Keylogger Pro\klg.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\RunServices\”RKLG Startup” = “C:\Program Files\Local Keylogger Pro\klg.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\RunServicesOnce\”RKLG Startup” = “C:\Program Files\Local Keylogger Pro\klg.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\”RKLG Startup” = “C:\Program Files\Local Keylogger Pro\klg.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\RunOnce\”RKLG Startup” = “C:\Program Files\Local Keylogger Pro\klg.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\Current Version\Windows\”Run” = “C:\PROGRA~1\LOCALK~1\klg.exe”

What to do next...