Content

KeyLog-SurfSentinal

Type
Program
SubType
Keylogger
Discovery Date
03/15/2006
Minimum DAT
4719 (03/15/2006)
Updated DAT
4719 (03/15/2006)
Minimum Engine
5.1.00
Description Added
03/15/2006
Description Modified
03/17/2006 1:42 AM (PT)

Tab Navigation

Characteristics

McAfee(R) AVERT™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Summary:

This is not a virus or Trojan. It is detected as potentially unwanted program.

The application is designed to monitor and capture the system use. The information gathered includes:

  • Typed Keystrokes
  • Screenshots
  • Browser URL’s
  • Function Keys
  • IM Conversations

Upon installation, the application redirects the user to ‘www.IMSurfSentinal.com/install.htm ’ and pops up the following window:

All the KeyLogs, Screenshots, URL Logs, and IM logs are captured and saved at the following locations respectively:

  • %HOMEDIR%\Documents and Settings\All Users\Application Data\IMSurfSentinel\KeyLogs
  • %HOMEDIR%\Documents and Settings\All Users\Application Data\IMSurfSentinel\ScreenShots
  • %HOMEDIR%\Documents and Settings\All Users\Application Data\IMSurfSentinel\URLLogs
  • %HOMEDIR%\Documents and Settings\All Users\Application Data\IMSurfSentinel\IMLogs

By default screenshots are captured once in every 2 minutes and keystrokes in every 30 seconds.

The application can also block specified URLs, IM Conversations and other programs.

For example, if the user wants to block any particular website, then he/she has to specify its name in the ‘Browser URL – Blocking word List’ as shown below.


In the above example, Yahoo site is blocked. Similarly, the user can block IM Conversations and any other Programs by giving their names.

The application also gives an option to configure email settings, so that all the recorded logs can be directly sent to the specified email id.

Privacy:

No Privacy policy related to the software could be found.

EULA:

EULA is displayed at the time of installation.

Installation:

File name: 8009df55.exe
MD5Hash: bce3f77ac53bdd0febd808e10ba817c7

Following changes occur on the system after installation:

Folders added:

  • %PROGRAMFILES%\IMSurfSentinel
  • %HOMEDIR%\Documents and Settings\All Users\Application Data\IMSurfSentinel

Files added:

  • aimb.exe
  • KeyHook.dll
  • MouseHook.dll

Aliases

Aliases

  • Spyware.IMSurfSentinel - Symantec