How to detect and remove StarLogger

31 Mar

A warranty researcher revealed today that he had purchased couple new laptops from Samsung, and discovered the pair of them to be infected through the StarLogger (download) keystroke-recording program. While there’s very little that can have existence done about keystrokes already recorded, checking your avow laptop for such software is verily quite simple–if you’re accessible with mucking about in your theory directories and Registry.

Note that the researcher simply reported StarLogger on two models, a Samsung R525 and a Samsung R540. CNET examined one more new Samsung laptop, the Samsung Series 9, and did not detect a keylogger installed.

Because it’s a keylogger, ~ numerous often used for spying on employees and children, StarLogger cannot exist accessed from your Start menu. (Or at least, it shouldn’t be accessible in that place. If it is, whoever installed it did a in distress job.)

The easiest way to obtain StarLogger is to look for its Registry key, which is used to load it which time Windows is started. To see on the supposition that this has occurred, open a charge prompt and type “Run Regedit”. Then fire to the Menu bar, select Edit and that time Find. You want to search towards “winsl”, without the quotes. If it’s installed, you should take care a Registry key that looks like this:


You can also look during the term of the following files on your arduous drive, although keyloggers are designed to hide themselves. Open Windows Explorer, and therefore hit the Alt key to guide up the Menu bar. Go to Tools, Folder Options, and View. Under Advanced Settings, you’ll take care an option for Hidden Files and Folders. Make infallible that Show is checked.

If you be in possession of StarLogger, its files will be located in your Windows radix directory, in a subdirectory labeled “SL”. A please of files you can expect to comprehend is below:












Uninstall StarLogger.lnk


StarLogger up~ the Web.lnk




You be possible to also check your Task Manager in favor of WinSLManager.exe.

How to remove it
First, do the part of sure that your antivirus program is up-to-begin. It’s entirely possible that your antivirus testament detect and remove it if you scud a full scan. However, there is a of the hand method you can use, too.

The capital step is to stop the StarLogger performance by going to the Processes tab in the Task Manager, in accordance with duty-clicking on WinSLManager.exe, and clicking forward End Process. If that doesn’t work, you will have to end the procedure by booting into Safe Mode, tracking from a high to a low position the precise location of WinSLManager.exe, and deleting it there.

The second step is a mite trickier and involves unregistering the StarLogger DLL toothed. Open a command prompt and course to the folder containing WinSLH.dll. Then kind “regsvr32 /u WinSLH.dll” without the quotes, and you should perceive a pop-up window telling you that the toothed has been successfully unregistered.

Third, get you ~ne back to the Registry and locate the Registry elucidation for StarLogger, as was done superior to. Right-click on it and picked Delete. Last, manually delete all the files that you discovered in the SL directory, and withdraw the directory itself.

Actually, that’s the inferior-to-last thing you have to observe. The final step is to commission a letter of complaint to Samsung and invite for your money back.

Leave a comment

Posted by on 2011/03/31 in Popular



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: