ActMon Computer Monitoring

ActMon Computer Monitoring is a PC and Internet monitoring program.Features: Works in stealth mode, logs keystrokes, captures screenshots, records both sides of chat conversations, records all URLs of visited websites, records IM and chat conversations, e-mails, and receives activity reports directly through e-mail.0

General information:

Malware Name:	ActMon Computer Monitoring
Malware Type:	Key Logger
Company Name:	ActMon.com
Company URL:	http://actmon.com/
Threat Level:	High Risk
Operating System:	WIN XP
Installation Type:	Installed through EXE
Operation:	Time of After Installation

Company Description:

ActMon.com provides us the software that log keystrokes, user names, passwords, path names, access times, windows titles and send the log file by email, all invisible to the user. ActMon CM is protected against manipulation: It runs invisibly and maintenance free. The log file is encrypted and the setup und un-installation is password protected.

Spyware Description:

Characteristics/Symptoms:

-> Monitor and capture data from computers -> Run in stealth mode -> Intercepts keystrokes from the keyboard and records them in a log -> Starts with the operating system0

Additional information might be found here:

	Search at Google for ActMon Computer Monitoring
	Search at Bing for ActMon Computer Monitoring
	Search at Yahoo for ActMon Computer Monitoring

Processes Running:

File information Created after Installation:

File Location	Size (Bytes)	Type
C:\WINDOWS\system32\drivers\wskrnlc.sys	5632	System file
C:\WINDOWS\system32\rbwinx1.dll	unknown	Application Extension
C:\WINDOWS\system32\wskrnle.dll	99840	Application Extension

Folder information Created after Installation:

Folder Location

Registry information Created after Installation:

Main Registry Key	Sub Registry Key	Key Value Name
HKEY_LOCAL_MACHINE	\SOFTWARE\wskrnl\Shared	1005100
HKEY_LOCAL_MACHINE	\SOFTWARE\wskrnl\Shared	1005200
HKEY_LOCAL_MACHINE	\SOFTWARE\wskrnl\Shared	1005300