A graduate of the Master of Science in Information Assurance (MSIA) program at Norwich University, discovered an application called "StarLogger" keystroke-recording program had been installed on his brand new Samsung laptop. He discovered the software was located in the C:\Windows\SL\ folder, and after some investigation, Hassan found it was recording every keystroke, including emails, documents, usernames and passwords.
Note that the researcher only reported StarLogger on two models, a Samsung R525 and a Samsung R540.
The easiest way to find StarLogger is to look for its Registry key:
You can also look for the following files on your hard drive. If you've StarLogger, its files will be located in your Windows root directory, in a subdirectory labeled "SL". A list of files you can expect to see is below:
- Uninstall StarLogger.lnk
- StarLogger on the Web.lnk
You can also check your Task Manager for WinSLManager.exe.
To remove it, first, update your antivirus program, give a full system run, chances are it'll detect & remove it.
- Stop the StarLogger process by going to the Processes tab in the Task Manager, right-clicking WinSLManager.exe, and clicking on End Process. If that doesn't work, you'll have to end the process by booting into Safe Mode, tracking down the precise location of WinSLManager.exe, and deleting it there.
- Next, unregister StarLogger DLL file. Open a command prompt and navigate to the folder containing WinSLH.dll. Then type "regsvr32 /u WinSLH.dll" without the quotes, and you should see a pop-up window telling you that the file has been successfully unregistered.
- Now, go back to Registry and locate Registry key for StarLogger, as was done above. Right-click on it and select Delete.
- Last, manually delete all the files that you discovered in the SL directory, and remove the directory itself.