Spyware.AbsoluteKey

Spyware.AbsoluteKey

Updated:
13 February 2007
Version:
1.5.243
Publisher:
LastBit Software
Risk Impact:
High
File Names:
Setup.exe
Systems Affected:
Windows

Behavior


Spyware.AbsoluteKey is a program that logs keystrokes on your computer.

Symptoms


The files are detected as Spyware.AbsoluteKey.

Behavior


Spyware.AbsoluteKey must be manually installed.

Antivirus Protection Dates

  • Initial Rapid Release version 02 October 2014 revision 022
  • Latest Rapid Release version 10 March 2017 revision 022
  • Initial Daily Certified version 22 June 2004
  • Latest Daily Certified version 11 March 2017 revision 001
  • Initial Weekly Certified release date 23 June 2004
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

When Spyware.AbsoluteKey runs, it performs the following actions:
  1. Displays an End User License Agreement (EULA).

  2. Prompts for the installation folder. The default installation folder is %ProgramFiles%\AKL.

    Note:
    %ProgramFiles% is a variable that refers to the path to the program files folder. By default, this is C:\Program Files.

  3. Creates the following files:
    • %ProgramFiles%\AKL\AKL.exe
    • %ProgramFiles%\AKL\uninstall.exe
    • %ProgramFiles%\AKL\akl.dll
    • %ProgramFiles%\AKL\readme.txt
    • C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Key Logger\Absolute Key Logger.lnk
    • C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Key Logger\Uninstall.lnk
    • C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Key Logger\Read me!.lnk
    • %ProgramFiles%\AKL\unsetup.exe
    • %ProgramFiles%\AKL\unsetup.dat
    • C:\Documents and Settings\Administrator\Cookies\administrator@lastbit[1].txt
    • %ProgramFiles%\AKL\keylog.txt
    • %ProgramFiles%\AKL\curlog.htm

  4. Adds the subkey:

    AKL.exe

    to the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths

    and then adds these values to that subkey:

    "(Default)"="C:\Program Files\AKL\AKL.exe"

    "Path"="C:\Program Files\AKL\"

  5. Adds the subkey:

    Vitas

    to the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE

  6. Adds the subkey:

    Absolute Key Logger

    to the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Vitas

  7. Adds the subkey:

    v1.5.243

    to the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Vitas\Absolute Key Logger

    and then adds this value to that subkey:

    "(Default)"="C:\Program Files\AKL\"

  8. Adds the subkey:

    last

    to the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Vitas\Absolute Key Logger

    and then adds this value to that subkey:

    "(Default)"="v1.5.243"

  9. Adds the subkey:

    Absolute Key Logger

    to the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

    and then adds these values to that subkey:

    "DisplayName"="Absolute Key Logger"

    "UninstallString"="C:\Program Files\AKL\unsetup.exe /u"

  10. Adds the subkey:

    Vitas

    to the registry key:

    HKEY_CURRENT_USER\SOFTWARE

  11. Adds the subkey:

    main

    to the registry key:

    HKEY_CURRENT_USER\SOFTWARE\Vitas

    and then adds this value to that subkey:

    "firstTime"="1"

  12. Adds the subkey:

    AKL

    to the registry key:

    HKEY_CURRENT_USER\SOFTWARE\Vitas

    and then adds this value to that subkey:

    "dt" = 0x40D0E125

  13. Adds the value:

    "run" = 0x1

    to the registry key:

    HKEY_CURRENT_USER\SOFTWARE\Vitas\AKL\dt

  14. Adds the subkey:

    t17

    to the registry key:

    HKEY_CURRENT_USER\SOFTWARE

    and then adds this value to the subkey:

    "akl" = 0xAA3CDCB9



The following instructions pertain to all Symantec antivirus products that support Security Risk detection.
  1. Update the definitions.
  2. Uninstall Spyware.AbsoluteKey.
  3. Run a full system scan and delete all the files detected as Spyware.AbsoluteKey.
  4. Delete the values that were added to the registry.
For specific details on each of these steps, read the following instructions.

1. To update the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.

2. To uninstall the Spyware
  1. Click Start > Programs > Absolute Key Logger > Uninstall.
  2. Follow the prompts.
3. To scan for and delete the files
  1. Start your Symantec antivirus program, and then run a full system scan.
  2. If any files are detected as Spyware.AbsoluteKey, click Delete.


    Notes:
  • If your Symantec antivirus product reports that it cannot delete a detected file, write down the path and file name. Then use Windows Explorer to locate and delete the file.
  • If you uninstalled the Spyware as described in the previous section, all the files may have been removed, and thus none of them will be detected.



4. To delete the values from the registry

WARNING: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry ," for instructions.

Note: This is done to make sure that all the keys are removed. They may not be there if the uninstaller removed them.
  1. Click Start > Run.
  2. Type regedit, and then click OK.
  3. Delete the following keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AKL.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Vitas
    HKEY_CURRENT_USER\SOFTWARE\Vitas
    HKEY_CURRENT_USER\SOFTWARE\t17
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Absolute Key Logger

  4. Exit the Registry Editor.