Spyware.LocalKeylog

By: webmaster | Under: Spyware, Threats

6 Oct

Overall Risk Level:

Spyware.LocalKeylog is a spyware program that can steal confidential information from the computer with its keylogging capability.

Other Alias: Local Keylogger Pro 3.1

Threat Level: High

Systems Affected: Windows – All

More Info: Spyware.LocalKeylog on SSR

How to Remove Spyware.LocalKeylog:

On this page is our suggested (by precisesecurity) removal procedure and Visitor's own suggestion. We cannot control and evaluate each suggested procedure so please use it at your own risks. If no suggestion is present to remove virus, spyware, adware and malware, you may try the following:
- Scan Spyware.LocalKeylog with MalwareByte's Anti-Malware
- Remove Spyware.LocalKeylog with Standard Virus Scan

One Response for "Spyware.LocalKeylog"

precisesecurity October 6th, 2007 at 9:14 am 1
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Update the virus definitions.
3. Reboot computer in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
Navigate to and delete the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”RKLG Startup” = “C:\Program Files\Local Keylogger Pro\klg.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\”RKLG Startup” = “C:\Program Files\Local Keylogger Pro\klg.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\”RKLG Startup” = “C:\Program Files\Local Keylogger Pro\klg.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce\”RKLG Startup” = “C:\Program Files\Local Keylogger Pro\klg.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”RKLG Startup” = “C:\Program Files\Local Keylogger Pro\klg.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\”RKLG Startup” = “C:\Program Files\Local Keylogger Pro\klg.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\”Run” = “C:\PROGRA~1\LOCALK~1\klg.exe”

Restore the following registry entries to their original values, if required:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”Userinit” = “C:\WINDOWS\system32\userinit.exe,,C:\PROGRA~1\LOCALK~1\klg.exe”
HKEY_USERS\S-1-5-21-1343024091-1336601894-839522115-500\Software\Microsoft\Windows NT\CurrentVersion\Windows\”load” = “C:\PROGRA~1\LOCALK~1\klg.exe”

Navigate to and delete the following registry subkeys:
HKEY_CLASSES_ROOT\CLSID\{0AB0A59B-9E93-4CD3-A1AA-E409F28A7411}
HKEY_CLASSES_ROOT\CLSID\{2B5C4018-4FC5-457C-83F3-98EA1289C460}
HKEY_CLASSES_ROOT\CLSID\{3204926E-3C3E-4506-BDF9-C82DBE70FA9F}
HKEY_CLASSES_ROOT\CLSID\{6678A2CE-A49B-434C-8CBC-2134DB729FA0}
HKEY_CLASSES_ROOT\CLSID\{6684C012-F909-45CC-A379-E87B1E617379}
HKEY_CLASSES_ROOT\CLSID\{69F549B1-1328-4FB2-BD91-3188BAC3EDD0}
HKEY_CLASSES_ROOT\CLSID\{6C20E3C2-6972-430B-8A5F-1991AE439D8E}
HKEY_CLASSES_ROOT\CLSID\{8F4347C1-BF89-4C15-B739-51135E2ACFE6}
HKEY_CLASSES_ROOT\CLSID\{9049E204-958C-4302-A8B7-E946BDDD9A96}
HKEY_CLASSES_ROOT\CLSID\{9335F18F-4D72-4BEF-9379-610337B550FE}
HKEY_CLASSES_ROOT\CLSID\{AE9CA08C-5700-4FDA-8BE6-581B4A1DE119}
HKEY_CLASSES_ROOT\CLSID\{F6ECCE0F-0E59-44F6-8E40-7ACBE671BB0F}
HKEY_CLASSES_ROOT\CLSID\{F98FCD4D-7F9A-4D81-9DEB-31783F369368}
HKEY_CLASSES_ROOT\TypeLib\{EBD3441D-1CCE-4996-A574-3BDA2BCA26FB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Application\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Application\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Application.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Application.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.BlockExe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.BlockExe\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.BlockExe\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.BlockExe.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.BlockExe.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Clipboard
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Clipboard\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Clipboard\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Clipboard.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Clipboard.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.FTPDelivery
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.FTPDelivery\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.FTPDelivery\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.FTPDelivery.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.FTPDelivery.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.HideTaskMan
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.HideTaskMan\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.HideTaskMan\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.HideTaskMan.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.HideTaskMan.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Hotkey\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Hotkey\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Hotkey.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Hotkey.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Keystrokes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Keystrokes\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Keystrokes\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Keystrokes.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Keystrokes.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.MailDelivery
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.MailDelivery\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.MailDelivery\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.MailDelivery.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.MailDelivery.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Mouse
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Mouse\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Mouse\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Mouse.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Mouse.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Password
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Password\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Password\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Password.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Password.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.PressEnter
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.PressEnter\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.PressEnter\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.PressEnter.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.PressEnter.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.RealBlockApp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.RealBlockApp\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.RealBlockApp\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.RealBlockApp.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.RealBlockApp.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Screen
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Screen\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Screen\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Screen.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RKLDLL.Screen.1\CLSID
HKEY_LOCAL_MACHINE1\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Local Keylogger Pro
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\klg.exe
HKEY_USERS\[ALL USERS]\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Local Keylogger Pro
HKEY_USERS\[ALL USERS]\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Local Keylogger Pro

6. Exit registry editor and restart the computer.
7. In order to make sure that threat is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.

Any Response?

Custom Search

Entries (RSS)
Comments (RSS)

Spyware.LocalKeylog

How to Remove Spyware.LocalKeylog:

One Response for "Spyware.LocalKeylog"

Any Response?

Sub Categories

Recent Posts

Recent Comments

Most Commented

Top Malware Threats

Top Tools