Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.



13 February 2007
Risk Impact:
File Names:
Systems Affected:


Spyware.Keylogger records keystrokes and may send this information to a predefined email address.


The files are detected as Spyware.Keylogger.


Spyware.Keylogger can be installed as part of another program, or by an installer that has a user interface.

Antivirus Protection Dates

  • Initial Rapid Release version 02 October 2014 revision 022
  • Latest Rapid Release version 09 July 2019 revision 016
  • Initial Daily Certified version 01 April 2004
  • Latest Daily Certified version 09 July 2019 revision 020
  • Initial Weekly Certified release date 02 April 2004
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

The installation path of Spyware.Keylogger may also be configurable. The spyware may be configured to run in stealth mode by hiding its user interface and system tray icon.

When Spyware.Keylogger is executed, it records keystrokes and may take screenshots. It may also send recorded information to a predefined email address.

Note: If this spyware program was installed as part of another program, removing the spyware component may cause the program that installed it to not work as intended. The uninstaller generally identifies the programs that will not work after uninstallation.
  1. Update the definitions.
  2. Run a full system scan and delete all the files detected as Spyware.Keylogger.
  3. Delete the values that were added to the registry.
For specific details on each of these steps, read the following instructions.

1. To update the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.

2. To scan for and delete the files
  1. Start your Symantec antivirus program, and then run a full system scan.
  2. If any files are detected as Spyware.Keylogger, write down the path and file names, and then click Delete.

  • If your Symantec antivirus product reports that it cannot delete a detected file, write down the path and file name. Then use Windows Explorer to locate and delete the file.
  • If you ran the Add/Remove programs applet as described in the previous section, all the files may have been removed, and thus, none of them will be detected.

3. To delete the values from the registry

WARNING: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry ," for instructions.

Note: This is done to make sure that all the keys are removed. They may not be there if the uninstaller removed them.

  1. Click Start, and then click Run. (The Run dialog box appears.)
  2. Type regedit

    Then click OK. (The Registry Editor opens.)

  3. Navigate to the keys:


  4. In the right pane, delete any value that contains the name of the file that was detected as Spyware.ActiveKeylog.

  5. Exit the Registry Editor.