In last few month around end of march and starting of April, a researcher team have came with the result that most of the Samsung R525 and a Samsung R540 laptops were sold that time was infected by a spy programme StartLogger. This utility is completely hidden in your system. After that Samsung accepted the mistake and after that no laptop were found with such infected tool installed in it.
StartLogger Work for recording each and every of your keystroke and may send to some remote location, that may contain your E-mail ID/password, Credit card detail and many more confidential details. StartLogger may be on any of the pre owned, second hand PCs. It will be best if you are aware of the method to detect and remove that programme from your system. Let’s see it one by one
How to detect StartLogger on any system
Since startlogger don’t have any special directory that you can search and delete the application (Infection) so easily. The easiest way to check for such installed application is to check the registry of the Windows.
Simply Run Registry Editor by Entering Regedit in Run ([Win]+R) and hitting Enter.
If you find the following entry in your registry editor, than your system have been already infected with this.
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrunwinsl
|
Or simply press Ctrl +F after opening the Registry Editor and Search for Winsl if you can find this, you need to remove this entry from the registry editor.
But first create the backup of your Registry before editing them, its best to avoid any effect on system if any mistake has made during the Editing.
Remember! Key loggers are specially designed to work with hidden mode
Before proceeding you have to apply some more keystroke. Open start menu, Type Hidden and press Enter, Select and save the option Show hidden files and folder.
Now in the Sub roots of the primary directory, try to find the following files.
iv.ini
|
WinSL.dat
|
WinSL.exe
|
WinSLH.dll
|
ImgView.exe
|
SL-Test.txt
|
unins000.dat
|
unins000.exe
|
StarLogger.url
|
WinSLManager.exe
|
StarLogger.url
|
Uninstall StarLogger.lnk
|
StarLogger.lnk
|
StarLogger on the Web.lnk
|
WinSLManager.exe
|
WinSLH.dll
|
WinSL
|
You can also check the Task manager ( [Ctrl]+[Shift]+[Esc] ) for the process WinSLManager.exe
How to remove startLogger from system
Keep your antivirus up-to date
This will help a lot in solving the problem; almost all the antivirus can detect the such infection inside the computer and can remove it completely.
Delete the process in Task manager
As earlier told, if the process WinSLManager.exe is running in your task manager process list, you can delete the process/end the process and process tree, if you are unable to do this. Reboot your computer and start it Safe Mode, then again open the Task manager and proceed to delete the process and this time you can do it easily.
Also you can remove it from start-up programmes like this
Open Run-> Type MSconfig and Hit Enter, in start up Tab disable the WinSLManager.exe if found and save the setting followed by rebooting in Normal Mode.
Unregister the Dynamic Library Link Files (DLLs)
- This process is little Geeky
- Open the CMD with administrative privilege and Navigate to the folder using CDcommand where file WinSLH.dllresides.
- Now type
- Regsvr32 /u WinSLH.dll
- And Hit Enter
- You will see the message that File has been unregistered.
Delete the registry Entry
After this, Navigate to the location in the registry editor mentioned earlier and delete the registry entry and save it by Tapping [F5] key.
And finally delete all the files you find in the SL directory or similar.
And you are done.
After this keep on updating your antivirous and scan the computer frequently. Hope this information will help you to be safe, want to share your views, comment below or Post on our Facebook Page
http://Inteligentcomp.com