Follow:

 

MonitoringTool:Win32/DouglasKeylogger.A


MonitoringTool:Win32/DouglasKeylogger.A is a freeware monitoring program that monitors user activity such as keystrokes typed.


What to do now

Use Microsoft Windows Defender, Microsoft Security Essentials, the Microsoft Safety Scanner, or another up-to-date scanning and removal tool to detect and remove this threat and other unwanted software from your computer. For more information on Microsoft security products, see http://www.microsoft.com/protect/products/computer/default.mspx.

Threat behavior

MonitoringTool:Win32/DouglasKeylogger.A is a freeware monitoring program that monitors user activity such as keystrokes typed.
Installation
This monitoring program may be installed without user consent by other programs. When installed, it may be present as the following:
 
<system folder>\helperkbs.dll
<system folder>\SVCHOST.EXE
<system folder>\SERVICES.EXE
<system folder>\DOUGLAS.EXE
<system folder>\deleteinfo.exe
<system folder>\ReadInfo.exe
<system folder>\info.DGL
 
Note - <system folder> refers to a variable location that is determined by the program by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32.
 
Analysis by Tim Liu

Symptoms

System changes
The following system changes may indicate the presence of this program:
  • The presence of the following files:
    <system folder>\helperkbs.dll
    <system folder>\SVCHOST.EXE
    <system folder>\SERVICES.EXE
    <system folder>\DOUGLAS.EXE
    <system folder>\deleteinfo.exe
    <system folder>\ReadInfo.exe
    <system folder>\info.DGL
  • Alert notifications from installed antivirus software may be the only symptom(s).

Prevention


Alert level: Severe
First detected by definition: 1.71.1828.0
Latest detected by definition: 1.81.638.0 and higher
First detected on: Jan 06, 2010
This entry was first published on: Jan 22, 2010
This entry was updated on: Apr 17, 2011

This threat is also detected as:
  • not-a-virus:Monitor.Win32.Keylogger (Ikarus)
  • Generic PWS.y (McAfee)
  • Spyware.DoglaKeylogger (Symantec)
  • SPYW_DOGLAKEYLOG (Trend Micro)