In last few
month around end of march and starting of April, a researcher team have came
with the result that most of the Samsung R525 and a Samsung R540 laptops were
sold that time was infected by a spy programme StartLogger. This utility is
completely hidden in your system. After that Samsung accepted the mistake and
after that no laptop were found with such infected tool installed in it.
StartLogger Work for recording each and every of your keystroke and may send to
some remote location, that may contain your E-mail ID/password, Credit card
detail and many more confidential details. StartLogger may be on any of the pre
owned, second hand PCs. It will be best if you are aware of the method to
detect and remove that programme from your system. Let’s see it one by one
How to detect StartLogger on any system
Since
startlogger don’t have any special directory that you can search and delete the
application (Infection) so easily. The easiest way to check for such installed
application is to check the registry of the Windows.
Simply Run
Registry Editor by Entering Regedit in Run ([Win]+R) and hitting Enter.
If you find
the following entry in your registry editor, than your system have been already
infected with this.
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\winsl
|
Or simply
press Ctrl +F after opening the Registry Editor and Search for Winsl if you can find this, you need to
remove this entry from the registry editor.
But first
create the backup of your Registry before editing them, its best to avoid any
effect on system if any mistake has made during the Editing.
Remember! Key
loggers are specially designed to work with hidden mode
Before
proceeding you have to apply some more keystroke. Open start menu, Type Hidden
and press Enter, Select and save the option Show
hidden files and folder.
Now in the
Sub roots of the primary directory, try to find the following files.
iv.ini
|
WinSL.dat
|
WinSL.exe
|
WinSLH.dll
|
ImgView.exe
|
SL-Test.txt
|
unins000.dat
|
unins000.exe
|
StarLogger.url
|
WinSLManager.exe
|
StarLogger.url
|
Uninstall
StarLogger.lnk
|
StarLogger.lnk
|
StarLogger
on the Web.lnk
|
WinSLManager.exe
|
WinSLH.dll
|
WinSL
|
You can also
check the Task manager ( [Ctrl]+[Shift]+[Esc] ) for the process WinSLManager.exe
How to remove startLogger
from system
Keep your antivirus
up-to date
This will
help a lot in solving the problem; almost all the antivirus can detect the such
infection inside the computer and can remove it completely.
Delete the process in
Task manager
As earlier
told, if the process WinSLManager.exe is running in your task manager process
list, you can delete the process/end the process and process tree, if you are
unable to do this. Reboot your computer and start it Safe Mode, then again open
the Task manager and proceed to delete the process and this time you can do it
easily.
Also you can
remove it from start-up programmes like this
Open Run->
Type MSconfig and Hit Enter, in start
up Tab disable the WinSLManager.exe if found and save the setting followed by
rebooting in Normal Mode.
Unregister the
Dynamic Library Link Files (DLLs)
- This process is little Geeky
- Open the CMD with administrative privilege and Navigate to the folder using CD command where file WinSLH.dll resides.
- Now type
- Regsvr32 /u WinSLH.dll
- And Hit Enter
- You will see the message that File has been unregistered.
Delete the registry
Entry
After
this, Navigate to the location in the registry editor mentioned earlier and
delete the registry entry and save it by Tapping [F5] key.
And
finally delete all the files you find in the SL directory or similar.
And you are done.
After
this keep on updating your antivirous and scan the computer frequently. Hope
this information will help you to be safe, want to share your views, comment
below or Post on our Facebook Page
No comments :
Post a Comment