Keylogger Killer

Last Updated on Tuesday, 22 December 2009 05:37 Monday, 21 December 2009 07:22

Unwanted - Applications

The installer of an application named "Keylogger Killer"  has appeared in a Threatexpert analysis report  You can see the original report at threatexpert.com

The application is related to a website called tooto.com/keyloggerkiller. This is a WOT security advisory page, and this is the WHOIS info of the website.

I have no idea about the usefulness or the harmfulness of this application. In case you have downloaded this application willingly and using it to your satisfaction, well and good. In case, you have installed it and want to remove it for some reason, the following information will be useful. 

The application installer may further download more files from the internet. A good firewall can make your computer much safer by detecting such harmful activities and blocking them. Some good freeware recommendations would be ZoneAlarm Free Firewall, and Comodo Internet Security Free Edition (you can choose to install just the firewall from their security suite)

Boot in safe mode

Sometimes you will not be able to delete a file even if you find it, in that case you should boot in safe mode and then try to delete it/ them.

• How to boot in safe in windows XP

• How to boot in safe mode in windows Vista

View Hidden Files

Before you could delete "Keylogger Killer" and its associated files you need to search for them, and before doing that you need to enable to view hidden files and folders 

•  How to Enable to View Hidden Files and Folders in Windows XP
  •         How to Enable to View Hidden Files and Folders in Windows Vista

 Remove Processes from Task Manager 

Press Ctrl Alt Del keys to open the Task Manager, then select Processes tab, in the list look for the names keyloggerkiller.exe, select the process and press the End Process button. It will ask for your confirmation, press Yes to end the process.

In order to differentiate between the genuine and the virus generated process of the same name you can use Windows Defender to see the path of a currently running program/ process and its publisher. You may find such processes listed under Unknown Publisher in windows defender.

How to use Windows Defender in windows XP

How to use Windows Defender in windows Vista

Or you can use Sysinternal's Process Explorer for easy detection and removal of virus processes.

• How to use Sysinternal's Process Explorer 

Removing entry from windows startup

The system configuration can be started in xp and in vista by typing msconfig in the run box/ start menu search box. In xp by clicking on Start > run . The windows startup is reversible, therefore you can check / uncheck any entry from windows startup any number of times.

After the system configuration window is open, Click on the Startup tab, that will list all the programs that are scheduled to start with windows. Expand the middle column using your mouse pointer so that you can see the full path of the program. Locate and uncheck  "Keylogger Killer" (look for any other suspicious names listed below)  Press Apply , Press Close/Ok , Select  "restart" at the next prompt.

Deleting files

After restarting the computer, use the windows search utility to search for  "Keylogger Killer" and also search for any other suspicious names listed below. This search should find all its folders on the hard disk, delete the folders from the hard disk. Boot in safe mode or in the dos prompt if needed.

These are the files created by this installer.

%DesktopDir%\Keylogger Killer.lnk
C:\Documents and Settings\[UserName]\Start Menu\Programs\Keylogger Killer\Keylogger Killer.lnk
C:\Documents and Settings\[UserName]\Start Menu\Programs\Keylogger Killer\uninst.lnk
C:\Program Files\Keylogger Killer\KeyloggerKiller.exe
C:\Program Files\Keylogger Killer\license.txt
C:\Program Files\Keylogger Killer\uninst.exe

and these foldersC:\Documents and Settings\[UserName]\Start Menu\Programs\Keylogger Killer
C:\Program Files\Keylogger Killer

Registry Keys: Most of the registry keys can be removed automatically after deleting the files and folders of this application and then running Registry menu  of CCleanerThe following Registry Keys were created:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Keylogger Killer
• HKEY_LOCAL_MACHINE\SOFTWARE\Tooto Technologies
• HKEY_LOCAL_MACHINE\SOFTWARE\Tooto Technologies\Keylogger Killer
• HKEY_CURRENT_USER\Software\Tooto Technologies
• HKEY_CURRENT_USER\Software\Tooto Technologies\Keylogger Killer

• The newly created Registry Values are:
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Keylogger Killer]
    • DisplayName = "Keylogger Killer (remove only)"
    • UninstallString = ""%ProgramFiles%\Keylogger Killer\uninst.exe""
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Tooto Technologies\Keylogger Killer]
    • (Default) = "%ProgramFiles%\Keylogger Killer"
  • [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    • Secaid Key = 0x0000B394
  • [HKEY_CURRENT_USER\Software\Tooto Technologies\Keylogger Killer]
    • (Default) = "%ProgramFiles%\Keylogger Killer"

Most of the registry keys can be automatically removed, if you first delete it files/ folders and then run the Registry menu of CCleaner program.

Using CCleaner

 Although you can easily get rid of the files in the temp folder as well as obsolete registry entries simply by running a freeware like the CCleaner, and you will be much safer if you set CCleaner to run automatically each time the computer starts. more about CCleaner on this link

Free tools to repair disabled registry, task manager problems

Whereas you can repair any the restrictions created by the virus, such as disabled registry tools/ disabled Task Manager etc using these free tools

Tools for Windows XP

Tools for Windows Vista

 

Use the system file checker

If you want to make sure that the windows system files are not altered, and in case if they are altered then to repair them.

•  How to run System File checker utility in windows XP
  •          How to run System File checker utility in windows Vista

 

 Reprinted with permission from Threatexpert.com