PAL Computer Surveillance
It is a computer monitoring system with web filtering technology, constantly monitor âhumanâ activity on a PC, and email reports to the remote user. It includes elevated threats that are typically installed without adequate notice
and consent, and may make unwanted changes to system, such as reconfiguring browserâs homepage and search settings. These threats may install advertising-related add-ons, including toolbars and search bars, or insert advertising-related components
into the Winsock Layered Service Provider chain. These new add-ons and components may block or redirect preferred network connections, and can negatively impact computerâs performance and stability.0
General information:
| Malware Name: |
PAL Computer Surveillance |
| Malware Type: |
Key Logger |
| Company Name: |
PAL Solutions |
| Company URL: |
http://palsol.com/
|
| Threat Level: |
Elevated Risk |
| Operating System: |
WIN XP |
| Installation Type: |
Installed through EXE |
| Operation: |
Time of After Installation. |
Company Description:
PAL Solutions has expertise in providing E-Commerce and Software solutions to the finance, betting & gaming, healthcare and many other segments. Furthermore, the quality and cost effectiveness of its solutions allows it to provide an outsourcing
service to existing software developers. Its on-site team interacts with the customer to define requirements, create accurate estimates, review prototypes, coordinate development work and manage scope changes. It then can absorb the knowledge of the
client's requirements much faster and help in adding value to its client's business. The on-site team documents this information and communicates it to the offshore team by e-mail, text based chat, voice chat or conference calls. The on-site
team sends weekly status of the offshore work to the client so that the client is well aware of the progress.
Spyware Description:
It is a computer monitoring system with web filtering technology, constantly monitor âhumanâ activity on a PC, and email reports to the remote user. It includes elevated threats that are typically installed without adequate notice
and consent, and may make unwanted changes to system, such as reconfiguring browserâs homepage and search settings. These threats may install advertising-related add-ons, including toolbars and search bars, or insert advertising-related components
into the Winsock Layered Service Provider chain. These new add-ons and components may block or redirect preferred network connections, and can negatively impact computerâs performance and stability.0
Characteristics/Symptoms:
-> Monitor and capture data from computers -> Run in stealth mode -> Intercepts keystrokes from the keyboard and records them in a log -> Starts with the operating system0
Additional information might be found here:
Processes Running:
klpf.exe
File information Created after Installation:
| File Location |
Size (Bytes) |
Type |
| C:\WINDOWS\system32\PAL\CSS\TheHookXP.dll |
9216 |
Application Extension |
| C:\WINDOWS\system32\PAL\CSS\ZIP.EXE |
126976 |
Application |
| C:\WINDOWS\system32\PAL\CSS\run32dll.exe |
102400 |
Application |
Folder information Created after Installation:
| Folder Location |
| C:\WINDOWS\system32\PAL |
Registry information Created after Installation:
| Main Registry Key |
Sub Registry Key |
Key Value Name |
| HKEY_LOCAL_MACHINE |
SYSTEMControlSet001ServicesWindows LAN Service Manager |
ImagePath |
| HKEY_LOCAL_MACHINE |
SYSTEMCurrentControlSetServicesWindows LAN Service Manager |
ImagePath |
| HKEY_LOCAL_MACHINE |
\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
klp |
