Ghost Keylogger by Sureshot

Ghost Keylogger by Sureshot - FAQ

If you can't find the requested information, please consult the manual. It may have the required information.

Frequently Asked Questions
--------------------------

General
1. What is Ghost Keylogger?
2. What is the purpose of the program?
3. On what platforms does Ghost Keylogger run?
4. How invisible is the keylogger?
5. Is Ghost Keylogger password protected?
6. I lost my password. What should I do?
7. How is Ghost Keylogger uninstalled?
8. What can I do to make the keylogger as hard to spot as possible?
9. I get the error message "Could not find the DLL WS2_32.dll". What should I do?
10. I'm not sure what isn't working, is there a way I can find out?
11. I think I've found a bug, what should I do?
12. Somebody installed Ghost Keylogger on my computer without my knowledge, how do I uninstall it?
13. When I view my log files they are all scrambled, why?
14. Why do I get a message about missing syncagent.dll?

Email
20. I have an AOL account - can Ghost Keylogger email the log files?
21. Where can I get an email account?
22. How can set up a mail account for the keylogger?
23. I would like to use the same email account as I use in my email client? How can I do that?
24. When I press the Test button to test my mail settings, it won't work. What should I do?
25. How invisible are the emails that Ghost Keylogger sends?
26. I use a modem, how invisible will Ghost Keylogger send emails?
27. How can I use my hotmail account to send emails?

Logging
40. Will the keylogger log the Windows username and password when logging in on a Windows 95/98/ME machine?
41. Will the keylogger record the Windows username and password when a user logs in on a Windows NT/2000/XP machine?
42. Does Ghost Keylogger record the URL's that a user visits?
43. Will the keylogger log ICQ sessions?
44. Does Ghost Keylogger record chat room conversations?
45. How can I monitor other computers in a network?
46. I would like to empty the log file. How can I do that?
47. I would like to monitor a multi-user machine. Is that possible?
48. Ghost Keylogger doesn't record any keystrokes, what should I do?

1. What is Ghost Keylogger?
---------------------------
Ghost Keylogger is an invisible surveillance tool that records every keystroke (including passwords) to an encrypted log file. The log file can be sent with email to a specified receiver. The Keylogger also monitors the internet activity by logging all URL's the user visits. It monitors the time and title of the active application; even text in edit boxes and static text is captured.

2. What is the purpose of the program?
--------------------------------------
The purpose of the program is to provide you with an activity log of what is going on your computer.

3. On what platforms does Ghost Keylogger run?
----------------------------------------------
Ghost Keylogger is running on Windows 95/98/ME/NT/2000/XP.

4. How invisible is the keylogger?
----------------------------------
It is hard to find Ghost Keylogger. You can't find the keylogger in the add/remove programs menu, start menu or the task bar. It is completely invisible in the Task Manager on all operating systems. It is even invisible in the NT/2000/XP process list!

5. Is Ghost Keylogger password protected?
-----------------------------------------
Yes, the Config application is password protected. Among other things the Config application is used to view log files. So the user has to know the password of the application in order to view the logs.

6. I lost my password. What should I do?
----------------------------------------
You have to uninstall and install the software.

7. How is Ghost Keylogger uninstalled?
----------------------------------------
Locate the folder where Ghost Keylogger is installed. The default is under C:\Program Files\Sync Manager\. In this folder, double click the file syncconfig.exe to start the configuration application. Under the "System" tab you will find the "Uninstall" button. Click on the button and follow the instructions.

8. What can I do to make the keylogger as hard to spot as possible?
-------------------------------------------------------------------
After installation you can easily deploy the keylogger. This will allow you to copy only the needed files to a target machine. You can choose a cover name for these files. For more information about deploying the keylogger see the manual.

Also, we recommend that you choose a meaningless directory to install/deploy the keylogger to, perhaps under the windows folder. E.g. "C:\Windows\System32\npdp". It is most unlikely that users look into such folder. Making the keylogger files hidden will make it harder to find as well.

9. I get the error message "Could not find the DLL WS2_32.dll". What should I do?
---------------------------------------------------------------------------------
If you get the error message "Could not find the DLL WS2_32.dll", please download and install Microsoft's Winsock 2 update for Windows 95 at http://www.microsoft.com/Windows95/downloads/contents/WUAdminTools/S_WUNetworkingTools/W95Sockets2/Default.asp

10. I'm not sure what isn't working, is there a way I can find out?
-------------------------------------------------------------------
If you are not sure what is causing the error, Ghost Keylogger can help you to find out exactly what is going on. To do this, start the configuration application (config.exe) and press the "Advanced Settings" button under the "System Tab". In this dialog you can find two options called "Report with message box" and "Report with log file". If an error occurs and the first option is used, Ghost Keylogger will output error messages in message boxes. Observe that this will reveal Ghost Keylogger and should only be used for debugging purpose. Reporting to log file creates a file called "debug_log.txt" with all error messages. Open this file and the error message might give you an idea of what is going on.

11. I think I've found a bug, what should I do?
-----------------------------------------------
As far as we know, we don't have any undetected bugs in our code :)
If you've found a bug, please get in touch with us. Please include this in your bug report:
1. The version of the software. Look in the "About" tab in the Config application.
2. Information about your platform, that is, the Windows version.
3. And most important, detailed description of what goes wrong.
4. If Ghost Keylogger reports an error, please include the error message in your email.

12. Somebody installed Ghost Keylogger on my computer without my knowledge, how do I uninstall it?
--------------------------------------------------------------------------------------------------
Installing Ghost Keylogger on somebody else's computer could be illegal. Check with your local authorities.

Before you can uninstall the keylogger, you have to find it on your computer. One of the following procedures will find it.

Removing an installed keylogger
See question 7. If you can't uninstall it this way, Ghost Keylogger has probably been deployed on your computer. To remove a deployed keylogger see the instructions below.

Removing a deployed keylogger
A deployed keylogger is much harder to find (see manual for details) and you will have to trace it through the registry.

1. Press "Start" button->Run
2. Type "regedit" and press enter
3. Windows 95/98/ME: Navigate to the following key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
3. Windows NT/2000/XP: Navigate to the following key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
4. You can find a Name called "Synchronization Agent" this will point to a .exe file. This is the Ghost Keylogger file.
5. Write down the full path of the .exe file pointed out by the "Synchronization Agent" key.

Now you know where Ghost Keylogger is installed, the next step is to uninstall it. You can do this in two different ways.

This first way requires that you restart the computer.
1. Delete the key in the registry. (Select it and press the delete key).
2. Reboot the computer.
3. Use explorer to find the Ghost Keylogger file pointed by the registry entry.
4. A deployed keylogger comes in three files. An .exe file, a .dll file, and a .cfg file. All files are named as the .exe file pointed out in the registry. E.g. if the file pointed out by the registry was named hidden.exe, there will exist two files called hidden.dll and hidden.cfg as well. Remove these three files. You have now uninstalled Ghost Keylogger from your system.

The second way requires that you have a little knowledge of the command prompt.
1. Press the "Start" button->Run
2. Windows 95/98/ME: type "command" and press enter.
2. Windows NT/2000/XP: type "cmd" and press enter.
3. Go to the directory pointed out from the registry.
4. The file pointed out in the registry was an .exe file. Type the name of the exe file followed by the parameters -uninstall -reportwithmessagebox. E.g. if the filename is "hidden.exe", type "hidden -uninstall -reportwithmessagebox" and press enter. A message box should report success.
5. A deployed keylogger comes in three files. An .exe file, a .dll file, and a .cfg file. All files are named as the .exe file pointed out in the registry. E.g. if the file pointed out by the registry was named hidden.exe, there will exist two files called hidden.dll and hidden.cfg as well. Remove these three files. You have now uninstalled Ghost Keylogger from your system.

13. When I view my log files they are all scrambled, why?
--------------------------------------------------------
First of all, make sure that you are viewing the files from the configuration application. The log files are encrypted and if you try to view them directly in Wordpad or Notepad it will not make any sense. See the manual for more details. If you view them from the "View log files" tab in the configuration application and they still looks scrambled the reason might be that you recently changed you login password. The log files are encrypted with your login password, hence, if you change you login password, you won't be able to decrypt the log files. The solution is to change back to your old login password and try to view them again.

14. Why do I get a message about missing syncagent.dll?
--------------------------------------------------------

The reason it is not there is probably because your anti-virus or anti-spyware has removed it. Some security software has the Ghost Keylogger listed as spyware (since it could be used for spying) and here's what you need to do to work around this:

The security program have probably put syncagent.dll in a quarantine. Go to the quarantine in your security software and restore syncagent.dll.

In most of the security programs there is a "whitelist" or "exceptionlist". In these list you can add programs that will not be detected by the security software. Simply add syncagent.dll to the appropriate list and your security software will ignore the keylogger.

20. I have an AOL account - can Ghost Keylogger email the log files?
--------------------------------------------------------------------
If you have an AOL account you can use one of the pre configured accounts or get a free email account. See the next question.

21. Where can I get an email account?
-------------------------------------
There are lots of places where you can get an email account. We recommend www.gmx.com. They are reliable. Yahoo is also good, but is not free. Here are a few:

GMX
GMX is a big email provider and they are very reliable. The only drawback is that the site is in German and they only accept sign up addresses that are located in Germany, Austria or Switzerland. But if you setup a GMX account, its worth the effort. You can use this free online translation service http://babelfish.altavista.com/ if you are uncertain of how to register. Once you have register you must make sure that you set your new account up properly. Here is the procedure:

1. Create a GMX FreeMail account.
2. Make sure you have logged in on your new account.
3. Click on "Optionen"
4. Click on "Sicherheit"
5. Select "SMTP after POP ohne IP-Check"
6. Click on "Ubernehman"

http://www.gmx.com (in German)
POP3: pop.gmx.net
SMTP: mail.gmx.net
Your username is your full email address, e.g. yourname@gmx.com, not only yourname

HotPOP
http://www.hotpop.com
POP3: pop.hotpop.com
SMTP: mail.hotpop.com

Softhome
Remember it will take about 30 minutes before you account gets enabled.
http://www.softhome.net
POP3: pop.softhome.net
SMTP: smtp.softhome.net

Yahoo
http://www.mail.yahoo.com (not free anymore)

22. How can I set up a mail account for the keylogger?
------------------------------------------------------
1. Please go to http://www.gmx.com, http://www.hotpop.com or http://www.softhome.net. If you don't have an account already, please sign up.

2. Open the keylogger config application. Choose the "Mail" tab. Check "Log with email". Under "Preconfigured mail services", choose "User Defined".

3. In the "From" field, enter your email address, e.g. "yourusername@gmx.net". In the "To" field, enter the email address of where you'd like to send the logs. You may send it to your new address, "mykeylogs@yahoo.com", if you like.

4. In the SMTP field, enter "mail.gmx.net".

5. Now, check the "Use POP authentication". In the "POP" field, enter "pop.gmx.net".

6. In the "Username" field, enter "yourusername@gmx.net". In the "Password" field, enter your password.

7. Push the "Test" button to make sure that the settings work. If the keylogger says the mail was sent successfully a mail should arrive in a couple of minutes.

23. I would like to use the same email account as I use in my email client? How can I do that?
----------------------------------------------------------------------------------------------
You can use the same email account for the keylogger as you are using in your email client. In order to send mail you have to configure the keylogger under the "Mail" tab. You can get the necessary setting from you email client.
If you are using Outlook Express, do like this:

1. In the Ghost Keylogger configuration application under the mail tab, select "User Defined" mail service.

2. Open Outlook Express.

3. In the Outlook Express menu click Tools->Accounts.

3. Double click on one of the accounts to view its settings.

4. In the General tab you can see the exact email address. Copy and paste this into the "From" field under the keyloggers mail tab.

5. In the Servers tab you can see your SMTP and POP server. Click "Use POP authentication" in the keylogger. Copy the SMTP server name from Outlook to the SMTP field in the keylogger. Do the same with the POP server name.

6. Also under the Servers tab, copy the "Account name" field to the keyloggers "Username" field.

7. Fill in the password of your mail account in the "Password" field in the keylogger.

8. In the "Advanced" tab in Outlook Express, if the SMTP and POP port is not 25 and 110 you have to do these changes in the keylogger as well.

24. When I press the Test button to test my mail settings, it won't work. What should I do?
-------------------------------------------------------------------------------------------
If you can't get the mail working, please check the following:
- Try all of the preconfigured mail accounts. (Default Mails)
- If you're using a user defined account. Have you entered the correct settings in the mail tab? The error message you get when pressing the Test button might give you a clue what is wrong.
- Are you behind a firewall that does not allow SMTP connections? Please consult you system administrator.

25. How invisible are the emails that Ghost Keylogger sends?
------------------------------------------------------------
The emails that Ghost Keylogger sends uses a direct connection to the mail server you've chosen. That is, it does not use your email client (Outlook, Outlook Express etc) to send the emails. No trails are left of the sent email.

26. I use a modem, how invisible will the keylogger send emails?
----------------------------------------------------------------
Using a modem is no problem. The keylogger will silently check if you are connected to the Internet. It will not start dialing. Thus, emails are only sent when the modem is already connected to the Internet.

27. How can I use my hotmail account to send emails?
----------------------------------------------------
Hotmail doesn't allow users access to their SMTP and POP servers without using their web mail. So you can't use your Hotmail account to send Ghost Keylogger emails. Please use another mail service to set up an account. See question 21. Of course you can have Ghost Keylogger emails sent to your hotmail account. Just enter your hotmail address in the "To" field under the mail tab.

40. Will the keylogger log the Windows username and password when logging in on a Windows 95/98/ME machine?
-----------------------------------------------------------------------------------------------------------
Yes, Ghost Keylogger will log the username and password when logging in on a Windows 95/98/ME machine.

41. Will the keylogger log the Windows username and password when logging in on a Windows NT/2000/XP machine?
-------------------------------------------------------------------------------------------------------------
No, Ghost Keylogger will not log username and password when logging in on a Windows NT/2000/XP machine.

42. Does Ghost Keylogger record the URL's that a user visits?
-------------------------------------------------------------
Yes, Ghost Keylogger logs the URL's of visited sites.

43. Will the keylogger record ICQ sessions?
-------------------------------------------
Yes, Ghost Keylogger records all keystrokes on the computer where it's installed. This implies that that only one side of the conversation is recorded. You will get a pretty good idea of the conversation from this information.

44. Will Ghost Keylogger record chat room conversations?
--------------------------------------------------------
Ghost Keylogger records all keystrokes on the computer where it's installed. This implies that only one side of the conversation is recorded. You will get a pretty good idea of the conversation from this information.

45. How can I monitor other computers in a network?
---------------------------------------------------
If you'd like to monitor multiple computers in a network you have to install it on each computer you'd like to monitor. Notice that you must purchase multiple licenses in order to do that. If you'd like to have the log files sent to a central location you could send them to the same email account.

46. I would like to empty the log file. How can I do that?
---------------------------------------------------------
Under the file tab in the config application, press the "Clear log file" button. It is also possible to delete the log file directly in Explorer.

47. I would like to monitor a multi-user machine. Is that possible?
-------------------------------------------------------------------
Yes! To monitor other users on a multi-user machine, just select "Start automatically when the computer is restarted" under the "System->Advanced settings" in the configuration application. Ghost keylogger will now start and monitor all users on the computer.

48. Ghost Keylogger doesn't record any keystrokes, what should I do?
--------------------------------------------------------------------
1. First of all make sure that Ghost Keylogger is running. To ensure this, start the config application and make sure that the "Start Ghost Keylogger" button is disabled and the "Stop Ghost Keylogger" button enabled. This indicates that the keylogger is running.

2. Make sure that you look into the right log file. You can find the name of the log file under the "File" tab. View that file from under the "View log file" tab.

3. Make sure that the keylogger has been running long enough to write to the log file. The default file buffer size is 1024 bytes which means that it should write to the file after a couple of minutes of normal surfing and typing.

4. Ghost Keylogger uses something called a hook chain to receive pressed keys. Other applications can attach to this chain, but it's important that they pass keys on to the next application in the chain. If an application fails to do this, it will result in Ghost Keylogger doesn't record any keystrokes, only events such as titelbars etc. The solution is to identify installed programs that may be attached to the hook chain and uninstall them. Applications that monitors keystrokes in the entire system are good candidates, and of course other keyloggers.