If you’ve purchased or bought new Samsung R series laptop you should know that they are coming pre-installed with commercial keylogger software StarLogger (Samsung confirms this as false positive read the update below the post). Updated antivirus in your Computer you’re using may able to detect and remove StarLogger here is how to find presence of StarLogger in your Samsung laptop and remove it.
Keyloggers records everything you type, captures screenshots, logs what you fill in forms and sends them to hacker. We’ve covered Ultimate Guide to Protect from Keyloggers and free software that offers protection against keyloggers like StarLogger.
Finding and Removing Starlogger
1. By default StarLogger will be found in this directory C:\Windows\SL directory and its executable will be running (path C:\Windows\SL\WinSL.exe). You can observe WinSLManager.exe process running in the task manager .
2. If updated antivirus can’t comes to rescue you need to manually remove StarLogger and it’s not that much hard either. First of all you need to stop active processes of StarLogger running in the background. Open Task Manager, find WinSLManager.exe and End that process.
3. Unregister the StarLogger DLL file by executing following command from command prompt
regsvr32/u WinSLH.dll
4. Open registry Editor by typing “Regedit” in Run command box and search for “ winsl” without quotes. You need to delete registry key shown for StarLogger as below
HEY_LOCAL_MACHINES\software\microsoft\windows\currentversion\run\winsl
5. Lastly manually delete files found under C:\Windows\SL directory. You can use Unlocker to delete files if you face any problems in removing files. [Via]
Update : Samsung denied they are shipping their laptops with any spyware or keylogger sofware installed, instead they say Vipre scanner detected Live application directory “Slovene” as a StatLogger in security Researcher’s Samsung laptops of models R525 and R540 .
Read http://www.samsungtomorrow.com/1071
Update : We apologize to Samsung this post/we no way intended to spoil their brand’s reputation.
Have you found StarLogger in your Samsung Computer? do let us know in comments.
No, you spoke too soon. It’s a false positive issue:
“Samsung and the security company F-Secure did further research and found that the VIPRE antivirus software mistakenly associated a Windows root directory folder called “SL” with StarLogger.
In a statement on its website , Samsung said the SL folder is a Microsoft Live Application folder for multi-language support. The “SL” stands for the Slovenian language, and other folders are installed depending on language, such as “KO” for Korean and “EN” for English.
“Our findings indicate that the person mentioned in the article used a security program called VIPRE that mistook a folder created by Microsoft’s Live Application for a key logging software, during a virus scan,” Samsung said.”
http://www.pcworld.com/article/223859/samsung_cleared_of_laptop_keylogger_accusation.html
I mentioned what u/ Samsung said in the post as update and changed the post title too, whole web gone buzz about that we’ve covered it and given the sources appropriate credit. Yep, its a false positive, happy to know that :)
This is a false positive. Samsung did NOT install keyloggers on their laptops.
http://t.negativefoo.org/post/4234651196/samsung-keylogger
A jear ago i bought a samsung notebook (now i got an acer)
In c:\windows there are some folders like En-us, DE-de for example in a retail windows.
In samsung notebooks there is a HIDDEN folder named “SL” with no data in it…but if you make all (AND I MEAN ALL) data like hiberfil.sys or pagefile.sys visible, there are some files in it. Tadaaa- you found your keylogger :D
But: if you make a system reset with the samsung-windows dvd, there is no SL folder…mysterious…seems like a curious dealer!!!
My spyware program found it also. Great article! I was freakn out thinking it was a foreign government plot to rule the world :-)
I have comcast Constant Guard. It found the exact same file. on my New samsung
My new Samsung also detected it using Spyware Doctor however no other spyware programme has picked it up. Is it actually dangerous? I don’t want to pay Spyware Doctor to remove it but also don’t want to damage my laptop my messing around in the registry. Confused…