This is not the most advanced keylogger in terms of its functionality, but it combines several features which makes it very popular and dangerous for users. The main “advantage” of this spyware is the secrecy on your computer. Spytector stores all passwords that user used in the browsers and messengers – Internet Explorer, Google Chrome, Opera, FireFox, Safari, Outlook, GoogleTalk, Windows Live Messenger and other applications. This keylogger can fully intercept chats in popular messengers – MSN Messenger, Yahoo Messenger, ICQ, AIM. Spytector Keylogger encrypts and sends by e-mail or to FTP server all intercepted data.
Our tests showed that it is not displayed in the standard Windows Task Manager, its folders and startup entries are hidden, and it autoruns using Win.ini file. Its functionality is not very good, and the interception of the keyboard input is not organized in the best way. However, this spyware allows to set the name, choose icon, and to use data of legitimate process. It misleads affected users and helps to hide Spytector on the computer.
To detect Spytector keylogger you should open the system’s process monitor of COVERT and check the list of all running processes. The spy module is hidden in the standard task manager, but it can be detected in the COVERT monitors. As it was mentioned before, this spyware hides itself using the names of legitimate processes. During our test, the keylogger module used the name “notepad.exe”, which also worked at that moment in the system.
The only difference by which this process can be identified as suspicious its path. Spytector constantly places its module for tracking in the folder C:\Users\%UserName%\AppData\Local\Microsoft\Windows no matter what name it uses at that moment. A legitimate process located at C:\ Windows\System32\notepad.exe. It is important to know that the name of the keylogger modules will never be repeated, and every time to detect tracking you have to check all processes carefully. Of course, this is troublesome and not everyone is ready to do this procedure with a huge list of system processes.
To remove the Spytector keylogger from your system, right-click on the detected spyware module and select the item “Open application folder” in the context menu. Stop its process through the context menu and delete files of the tracking module in the folder.
As you can see, detecting of spyware can be time consuming process, in spite of the fact that it is visible in the COVERT monitors. Spyware uses various tricks to spy on the user secretly. If you don’t want to spend a lot of time for searching, but you still want to prevent the leakage of confidential information, you should work inside of the COVERT platform. To enter the secure platform, click on the button with the program logo and the sign: “Login to the secure platform”. All your actions in any applications will be invisible to spyware.
Spytector keylogger could not get any data about user’s activity in the protected environment, as well as all other spyware products that were tested in our laboratory. Below is a screenshot of the Spytector logs.
In conclusion, as usual, we have checked the keylogger on virscan.org. Only 9 of 49 antiviruses believe that this spyware is a threat to the user. Do you also think that a carefully disguised keylogger that encrypts intercepted data and sends it to an external email or FTP server is not dangerous for you? Please check the list of 40 antiviruses that consider this spyware to be absolutely harmless. It is possible that one of these antiviruses is installed on your computer.
We rate this spyware program as RLM: 3 / 4 / 0.
Download COVERT Pro and check FREE of charge your computer for spyware and rootkits, which were not detected by an antivirus.