A security researcher revealed that he had purchased two new laptops from Samsung, and discovered both of them to be infected with the StarLogger (download) keystroke-recording program. While there’s very little that can be done about keystrokes already recorded, checking your own laptop for such software is actually quite simple–if you’re familiar with mucking about in your system directories and Registry.
Because it’s a keylogger, most often used for spying on employees and children, StarLogger cannot be accessed from your Start menu.
The easiest way to find StarLogger is to look for its Registry key, which is used to load it when Windows is started. To see if this has occurred, open a command prompt and type “Run Regedit”. Then go to the Menu bar, select Edit and then Find. You want to search for “winsl”, without the quotes. If it’s installed, you should see a Registry key that looks like this:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\winsl
You can also look for the following files on your hard drive, although keyloggers are designed to hide themselves. Open Windows Explorer, and then hit the Alt key to bring up the Menu bar. Go to Tools, Folder Options, and View. Under Advanced Settings, you’ll see an option for Hidden Files and Folders. Make sure that Show is checked.
If you have StarLogger, its files will be located in your Windows root directory, in a subdirectory labeled “SL”. A list of files you can expect to see is below:
- iv.ini
- WinSL.dat
- WinSL.exe
- WinSLH.dll
- ImgView.exe
- SL-Test.txt
- unins000.dat
- unins000.exe
- StarLogger.url
- WinSLManager.exe
- StarLogger.url
- Uninstall StarLogger.lnk
- StarLogger.lnk
- StarLogger on the Web.lnk
- WinSLManager.exe
- WinSLH.dll
- WinSL
You can also check your Task Manager for WinSLManager.exe.
if you think you may have keyloggger contact us today for a quick removal
