Description:
StarLogger is commercial monitoring software that records keystrokes and captures screenshots. Captured data is sent via email to designated recipients. On March 30, 2011, it was reported that Samsung installed the StarLogger keylogger on laptops sold through retail stores.
StarLogger drops the following files to the Windows folder:
%windir%\SL\iv.ini
%windir%\SL\WinSL.dat
%windir%\SL\WinSL.exe
%windir%\SL\WinSLH.dll
%windir%\SL\ImgView.exe
%windir%\SL\SL-Test.txt
%windir%\SL\unins000.dat
%windir%\SL\unins000.exe
%windir%\SL\StarLogger.url
%windir%\SL\WinSLManager.exe
Modifies the HKLM Run key in order to load when Windows is started:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\winsl