XPKey

Description: Keylogger
Risk Level: Critical
Date of First Occurence: Thursday, May 22, 2008
Software Developer: (unknown)
Brief Info: Keyloggers invisibly monitor and record all of your computer activity. This information is then automatically emailed to an anonymous user.
Removal: This threat can be removed using "Spyware Terminator"

SCAN & REMOVE NOW »

Geographical Distribution of Threat "XPKey"

Threat Info

View All

Detected Items

  1. Detected Files: %PROGRAMFILES%\XP Advanced Keylogger\unins000.exe MD5: 7F1F1E05A30A027583FF3406F48A4690 Size:640957 %PROGRAMFILES%\XP Advanced Keylogger\ToolKeylogger.exe MD5: 20CCF956E439A94530E2CA041870EB0A Size:372736 MD5: AADA04DB5A2635B8F5BBDB251A653925 Size:372736 MD5: 4F5615966558F7032AF0F059343AE1DA Size:372736 %PROGRAMFILES%\XP Advanced Keylogger\DLLs\jmail.dll MD5: 4AF612FBFF91936FB2F780EA5CA307CF Size:323072 %PROGRAMFILES%\XP Advanced Keylogger\Crack.exe MD5: 48EF2C1589293A76F2C78FCB2986A901 Size:51231
  2. Detected Files with variable Filenames: MD5: E6CD161875224FF0B1F4BCB337EBFE32 Size: 491578 %PROGRAMFILES%\XP Advanced Keylogger\SkinMagic.dll %PROGRAMFILES%\XP Advanced Keylogger\SkinMagic.dll.ren MD5: EBD22FCB0DF601BE99C408F53018DB15 Size: 184320 %PROGRAMFILES%\XP Advanced Keylogger\DLLs\ToolKeyloggerDLL.dll %PROGRAMFILES%\XP Advanced Keylogger\DLLs\ToolKeyloggerDLL.dll.ren MD5: 4F5615966558F7032AF0F059343AE1DA Size: 372736 %PROGRAMFILES%\XP Advanced Keylogger\ToolKeylogger.exe %PROGRAMFILES%\XP Advanced Keylogger\ToolKeylogger.exe.BAK

Detecting items list:

  1. Files by Name %DESKTOP%\XP Advanced Keylogger.lnk %APPDATA%\Microsoft\Internet Explorer\Quick Launch\XP Advanced Keylogger.lnk %START_PROGRAMSALL%\XP Advanced Keylogger\Help Online.lnk %START_PROGRAMSALL%\XP Advanced Keylogger\Homepage.lnk %START_PROGRAMSALL%\XP Advanced Keylogger\Purchase.lnk %START_PROGRAMSALL%\XP Advanced Keylogger\Uninstall XP Advanced Keylogger.lnk %START_PROGRAMSALL%\XP Advanced Keylogger\XP Advanced Keylogger.lnk %ProgramFiles%\XP Advanced Keylogger\Buy.url %ProgramFiles%\XP Advanced Keylogger\DLLs\ToolKeyloggerDLL.dll %ProgramFiles%\XP Advanced Keylogger\DLLs\ToolKeyloggerDLL.Language %ProgramFiles%\XP Advanced Keylogger\Help.url %ProgramFiles%\XP Advanced Keylogger\Home.url %ProgramFiles%\XP Advanced Keylogger\SkinMagic.dll %ProgramFiles%\XP Advanced Keylogger\ToolKeylogger.exe %ProgramFiles%\XP Advanced Keylogger\ToolKeylogger.language %ProgramFiles%\XP Advanced Keylogger\ToolKeylogger.smf %ProgramFiles%\XP Advanced Keylogger\ToolKeylogger.xml %ProgramFiles%\XP Advanced Keylogger\unins000.dat %ProgramFiles%\XP Advanced Keylogger\unins000.exe
  2. Files by Directories %ProgramFiles%\XP Advanced Keylogger %START_PROGRAMSALL%\XP Advanced Keylogger
  3. Files by CLSID or Name CLSID=17B307BE-B2EC-43E8-8605-5E1F257273B1 CLSID=5388D0EE-ACE4-4C4D-8532-72F234399AEB CLSID=60FB8D96-D4E9-461B-81A1-2356040B73E5 CLSID=A9676C29-ED6E-4C33-9295-8BC13CD3947D CLSID=B44432C2-4D5C-4495-AC72-55A39917142C CLSID=B7385BC9-4857-471B-9E06-CF2807288633 CLSID=BA7A51FA-04F1-45CB-B493-36AD46950432 CLSID=C080FFDA-6D65-4F98-BA30-89A340FC2C2C CLSID=C610B319-5EF8-4302-AC99-4580932A5957 CLSID=E27D817E-A07E-481D-B449-48F83D7A18F4
  4. Registry Keys HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XP Advanced Keylogger_is1 HKLM\SOFTWARE\Classes\ToolKeyloggerDLL.Application HKLM\SOFTWARE\Classes\ToolKeyloggerDLL.Application.1 HKLM\SOFTWARE\Classes\ToolKeyloggerDLL.BlockExe HKLM\SOFTWARE\Classes\ToolKeyloggerDLL.BlockExe.1 HKLM\SOFTWARE\Classes\ToolKeyloggerDLL.Clipboard HKLM\SOFTWARE\Classes\ToolKeyloggerDLL.Clipboard.1 HKLM\SOFTWARE\Classes\ToolKeyloggerDLL.Hotkey HKLM\SOFTWARE\Classes\ToolKeyloggerDLL.Hotkey.1 HKLM\SOFTWARE\Classes\ToolKeyloggerDLL.Keyboard HKLM\SOFTWARE\Classes\ToolKeyloggerDLL.Keyboard.1 HKLM\SOFTWARE\Classes\ToolKeyloggerDLL.LogToFTP HKLM\SOFTWARE\Classes\ToolKeyloggerDLL.LogToFTP.1 HKLM\SOFTWARE\Classes\ToolKeyloggerDLL.LogToMail HKLM\SOFTWARE\Classes\ToolKeyloggerDLL.LogToMail.1 HKLM\SOFTWARE\Classes\ToolKeyloggerDLL.Password HKLM\SOFTWARE\Classes\ToolKeyloggerDLL.Password.1 HKLM\SOFTWARE\Classes\ToolKeyloggerDLL.Screen HKLM\SOFTWARE\Classes\ToolKeyloggerDLL.Screen.1 HKLM\SOFTWARE\Classes\ToolKeyloggerDLL.TaskList HKLM\SOFTWARE\Classes\ToolKeyloggerDLL.TaskList.1 HKLM\SOFTWARE\Classes\TypeLib\{4C4AB6B2-4BC3-494A-9232-5001E0793AC4}
  5. Registry Values HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ValueName=XP Advanced Keylogger

« Go to Software Database