Registry Location for Keylogger 007

D

David Halpern

HKCR\clsid\{48E59293-9880-11CF-9754-00AA00C00908}

HKCR\Interface\{48E59291-9880-11CF-9754-00AA00C00908}

HKCR\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}


I even tried Regedit and it will not delete Keylogger 007.

I am not sure where I even picked it up.

Thanks in advance in all.

David Halpern
(e-mail address removed)
 
W

Wesley Vogel

I don't know where ypu've got your information.

These are valid registry keys >>>

HKEY_CLASSES_ROOT\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}
(Default)
REG_SZ
Internet Control General Property Page Object

HKEY_CLASSES_ROOT\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer3
2
(Default)
REG_SZ
C:\WINDOWS\system32\MSINET.OCX

HKEY_CLASSES_ROOT\Interface\{48E59291-9880-11CF-9754-00AA00C00908}
(Default)
REG_SZ
IInet

HKEY_CLASSES_ROOT\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStub
Clsid
(Default)
REG_SZ
{00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStub
Clsid32
(Default)
REG_SZ
{00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib
(Default)
REG_SZ
{48E59290-9880-11CF-9754-00AA00C00908}

Version
REG_SZ
1.0

HKEY_CLASSES_ROOT\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}
(Default)
REG_SZ
(value not set)

HKEY_CLASSES_ROOT\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0
(Default)
REG_SZ
Microsoft Internet Transfer Control 6.0 (SP4)

HKEY_CLASSES_ROOT\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0
(Default)
REG_SZ
(value not set)

HKEY_CLASSES_ROOT\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0\win32
(Default)
REG_SZ
C:\WINDOWS\system32\MSINET.OCX

HKEY_CLASSES_ROOT\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\FLAGS
(Default)
REG_SZ
2

HKEY_CLASSES_ROOT\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\HELPDIR
(Default)
REG_SZ
nothing here

C:\WINDOWS\system32\MSINET.OCX
MSINET.OCX = Microsoft Internet Transfer Control DLL
 
D

David Halpern

Wesley Vogel said:
I don't know where ypu've got your information.

These are valid registry keys >>>

HKEY_CLASSES_ROOT\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}
(Default)
REG_SZ
Internet Control General Property Page Object

HKEY_CLASSES_ROOT\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer3
2
(Default)
REG_SZ
C:\WINDOWS\system32\MSINET.OCX

HKEY_CLASSES_ROOT\Interface\{48E59291-9880-11CF-9754-00AA00C00908}
(Default)
REG_SZ
IInet

HKEY_CLASSES_ROOT\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStub
Clsid
(Default)
REG_SZ
{00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStub
Clsid32
(Default)
REG_SZ
{00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib
(Default)
REG_SZ
{48E59290-9880-11CF-9754-00AA00C00908}

Version
REG_SZ
1.0

HKEY_CLASSES_ROOT\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}
(Default)
REG_SZ
(value not set)

HKEY_CLASSES_ROOT\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0
(Default)
REG_SZ
Microsoft Internet Transfer Control 6.0 (SP4)

HKEY_CLASSES_ROOT\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0
(Default)
REG_SZ
(value not set)

HKEY_CLASSES_ROOT\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0\win32
(Default)
REG_SZ
C:\WINDOWS\system32\MSINET.OCX

HKEY_CLASSES_ROOT\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\FLAGS
(Default)
REG_SZ
2

HKEY_CLASSES_ROOT\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\HELPDIR
(Default)
REG_SZ
nothing here

C:\WINDOWS\system32\MSINET.OCX
MSINET.OCX = Microsoft Internet Transfer Control DLL


--
Hope this helps. Let us know.
Wes

In
Click to expand...


Well thank you so much Wesley.
Ah I got my listing of Registry keys from my Spyware Doctor
scanning logs.

How would I integrate the ID's you have posted for me to
determineif they can be utilized?


Thank you so much again,

David Halpern
 
W

Wesley Vogel

David,

I personally believe that Spyware Doctor is giving you false positives.

Symantec calls Keylogger 007, Spyware.007Spy
Keylogger 007 seems to actually be this program >>>
007 Spy Software
http://www.e-spy-software.com/

Ssmgr.exe *is* 007.

If you have Keylogger 007, you will have the following files on your
machine:
Startup Name: WinService32 Process Name: ssmgr.exe
XPButton.OCX

In the registry you will have:

HKEY_CLASSES_ROOT\CLSID\{F3c047AF-74B1-4c61-9756-92F8D9F11A56}

HKEY_CLASSES_ROOT\JasonButton.XPButton

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"WinService32"="%ProgramFiles%\Sysmnt\ssmgr.exe"

You will have the following files and folders:
%ProgramFiles%\Sysmnt\Ssmgr.exe (detected as Spyware.007Spy).
%ProgramFiles%\Sysmnt\Help.chm (The spyware help file).
%ProgramFiles%\Sysmnt\Uninst00.dat (Uninstall information).
%ProgramFiles%\Sysmnt\Unins000.exe (The uninstaller).
%ProgramFiles%\Sysmnt\License.txt (The end user license).
%DocumentsandSettings%\All Users\Application Data\Ssdata (The data storage
folder for screenshots).
%Windir%\XPButton.OCX (A library for "Office XP style" buttons).

From... Spyware.007Spy
http://securityresponse.symantec.com/avcenter/venc/data/spyware.007spy.html

Get a second or third opinion.

Download, install, run, update and run again; one or all. They are all
good, FREE utilities. Make sure you update every program, even if you
just downloaded it. You must have the latest updates. Without updates,
you have a gun without ammo. You also need to use more than one
anti scumware program. One program will *not* catch everything.

2) SpywareBlaster
[[SpywareBlaster doesn't scan and clean for spyware - it prevents it from
ever being installed.
The most important step you can take is to secure your system. And
SpywareBlaster is the most powerful protection program available.]]
http://www.javacoolsoftware.com/spywareblaster.html

3) Spybot S & D (More for the advanced user)
http://www.safer-networking.org/index.php?lang=en&page=download

4) HijackThis
http://www.spywareinfo.com/~merijn/downloads.html

4a) HijackThis (direct download)
http://aumha.org/downloads/hijackthis.zip

5) Bazooka Adware and Spyware Scanner v1.13
http://www.kephyr.com/spywarescanner/index.html?source=appvisit

6) ToolbarCop
http://www.mvps.org/sramesh2k/toolbarcop.htm

7) Ad-aware SE Personal
http://www.lavasoft.de/support/download/
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Superantispyware found unknown trojan 4
Heads-up: Lavasoft ad-aware false positives 3
Removing Keylogger 007 1
Continued spyware problems 5
Items not removed by Microsoft AntiSpyware. 1
Spywarte Found even after Microsoft AntiSpyware Said it was Clean 1
Problem updating windows media player 9 5
Registry Cleaner 11

Top