Subscribe
The Trojan intercepts information entered via the keyboard, determines the language it has been entered in, tracks window operations and then writes this information to the following file:
%System%\kslog.txt- Delete the Trojan process.
- Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
- Delete the files created by the Trojan:
%System%\systemks.exe
%System%\systemks.dll
%System%\kslog.txt
- Delete the following registry key value:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"systemks" = "systemks.exe" - Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
This Trojan logs the user’s keystrokes. It is a Windows PE EXE file. It is written in Visual C . The file is 14,336 bytes in size.
InstallationOnce launched, the Trojan copies itself to the Windows system directory as "systemks.exe":
%System%\systemks.exeIt then registers itself in the system registry:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]"systemks" = "systemks.exe"
This ensures that the Trojan will be launched each time Windows is booted on the victim machine.
The Trojan also creates a file called "systemks.dll" in the Windows system registry:
%System%\systemks.dll (9 728 bytes)This file intercepts information entered via the keyboard and writes it to a log file.
The Trojan will also track its repeated launch by search for a window with the heading “systemks”.
Payload
Hot Articles