Program kgb spy kgb spy. Removing KGB spyware (KGB SPY)

Spy KGB Spy allows you to set an invisible operating mode, so that no one will even guess that a real keylogger is monitoring it. KGB Spy quietly monitors the operation of the computer: records information entered from the keyboard, data from the clipboard, monitors visited sites.

How to detect and remove KGB Spy.

How to protect your personal information using Mask S.W.B from one of the most popular keyloggers - KGB Spy.

How can a computer user who does not have knowledge in the field of information security detect a spy hidden in his system and protect himself from surveillance without removing the keylogger from the computer in order to mislead the one who is spying on you? And how to remove the spy KGB Spy if you decide to do this? Let's consider the situation using the example of a common keylogger KGB spy and programs Mask S.W.B, which creates a secure platform for the user.

After launching Mask S.W.B antispyware, click the “System processes” button.

In the system processes window, you can see all running processes, except hidden ones.

To see if you have programs on your computer that are hiding themselves, click the “Hidden Processes” button.

In the hidden processes window, scroll the slider to the very bottom. All hiding programs (rootkits) will be highlighted in red.

In the picture above we see a spy program called KGB spy. This keylogger is configured to hide its actions and monitor the user.

If you want to remove Kgb Spy, select “Open application folder” from the context menu.

In the window that opens, run the uninstallation of the program and the spy will be removed.

If you just want to hide your actions from the keylogger and thereby mislead the one who is watching you, then enter the platform by clicking the button with the name of the program, as shown in the figure above.

Inside the protection platform, those programs that hide themselves from the user (rootkits) can be seen simply in the process window.

Program Mask S.W.B creates a safe environment in which you can do everything, but user behavior becomes uncontrollable for spyware.

Spies will not be able to see your actions performed on a protected platform, which means they will also not be able to transmit information about them to their owners. Mask S.W.B protects against recording video from the monitor screen, against taking screenshots, and does not allow receiving data from the keyboard and clipboard. In addition, it hides the websites you have visited and other information about your activities.

If you find a spy that your wife or your husband (or your boss at work) assigned to you, do not rush to remove it. Think: perhaps it is better for them to think that you are not doing anything unknown to them on the computer, since the spy will be clean. In the meantime, you can on the platform Mask S.W.B do whatever you want.

In the picture below we see that the KGB spy, after performing actions in the Mask S.W.B camouflage platform, was unable to record anything.

The masking program hides the user's actions from all currently existing spies. With its help, you can detect and destroy computer spies that work at the level of system kernel drivers and are invisible to antivirus programs.

Download the anti-spyware program Mask S.W.B and check whether you are being monitored using KGB spy

Briefly about:
KGB Spy (unique “keylogger”)

The functionality of the program allows you to set the invisible operating mode of KGB Spy, so that no one will even guess that they are being monitored by a real “keylogger”. KGB Spy quietly monitors the operation of the computer: records information entered from the keyboard, data from the clipboard, and monitors visited sites. The information collected during monitoring is saved in a database to which only you have access. You can receive a letter to your e-mail with detailed information about who, when and what did on the computer. You'll just need to check your email from time to time.

Main features of KGB Spy
* Visible/invisible mode
* Intercepting keys pressed on the keyboard
* Clipboard monitoring
* Record screenshots (screenshots)
* Monitoring of visited websites
* Notifications by email about typing prohibited words
* Very convenient and intuitive interface
* Sending logs to E-mail and FTP

We will assemble an assembly with silent installation on the system, and so let's start:
1. First, download the program http://www.multiupload.com/OQGKCMM1UU (medicine inside)
2. Install KGB-Spy, select KGB Employee Monitor in the versions window

3. Setting and description:
When you first start the program, turn off logging (the red button)

Users - here you should write the account of your computer

In Monitoring, uncheck all the boxes

Keys pressed - check the boxes where necessary and click apply

Screenshots - we determine how long it takes to take a screenshot, you can have a screenshot taken when opening a new window
Screenshot type active window and full screen - capture what you need
Quality of the screenshot, we will remove it as desired (if the quality is maximum and the Internet in the victim is “not very good”, the logs will be delayed)

We skip program activity and the clipboard

Visited Websites - select the type of interception, you can take a screenshot of the site

Invisibility -
Hot keys - set any combination
Magic word - Empty

Check the box "Run in hidden mode"
Check the box "Hide everywhere"

Password optional (password so that no one can change the settings)

Sending - Sending is available by mile and FTP, I think there is no need to explain how to set it up, everything is clear here, after setting it up, click “Test” so that there is no doubt

Alarm signal - no need)

Filters - skip (adjust as desired)

Update - uncheck "Check for updates automatically"

4. Assembling the assembly:
Go to the folder where KGB Spy was installed (you need to open hidden folders)

copy everything to a separate folder, delete what is unnecessary (delete the highlighted one in the screenshot)

We copy the MPKView.exe file to a separate folder, for example on the desktop, after which we should have 8 files left in the folder. Now we go for the key, it is in C:\Documents and Settings\All Users\Application Data\MPK\ here it is, MPK folder copy it to our folder with all the files.
The MPKView.exe file can then be uploaded to the victim in System32 if you have access to look at the logs on your computer, if you don’t have access you can delete it nafik

We archive it like this:

Now we have an SFX archive "conf.exe", now we see everything in the folder and again in the SFX archive with the following settings:

It seems that everything is finished with the assembly)

Disadvantages of a spy:
Doesn't bypass uac
I noticed that some have Avast, then key interception does not work, only a list of processes comes up
In programs where anti-key interception is installed, it also does not bypass

It seems that’s it) don’t judge strictly my first article) there are probably a lot of grammatical errors)

Several screenshots with logs in the mail

The article is provided for informational purposes only.
Use of this article entails liability in accordance with current legislation.

USER AND INFORMATION SYSTEM OPERATOR

When determining the presence or absence of authorization for actions with information in an information system, it is important to clearly understand the difference between the concepts of “user” (program or computer) and “operator of the information system.” The concept of “user” is a commonly used one, used in many areas of human activity (there are the concepts of “property user”, “wildlife user”, “subsoil user”, “work user”, “communication services user”, “computer user”, etc.) , and the concept of “information system operator” is a special legal one, defined in law and not requiring interpretation.

Let's try to understand the user first. Ushakov’s explanatory dictionary of the Russian language says that a user is “a person who has some property in use, in operation,” that is, on the one hand, a user can be understood as a person using a computer. At the same time, in accordance with Art. 1280 of the Civil Code, user - “a person who lawfully owns a copy of a computer program or a copy of a database.” Thus, the word “user” can also be used to define the owner of a copy of a program or database. Which of these two concepts applies to our case? Since unlawful access to information and the creation of malicious programs should be considered only in the context of relations with information (and not relations with objects of intellectual property), the conclusion is clear - in our case it is necessary to be guided by the interpretation of Ushakov’s dictionary. Therefore, in the context of Chapter 28 of the Criminal Code, a user is any person who uses a computer.

Now let's return to the information system operator. According to the definition given in Article 2 of the Federal Law “On Information...”, “an information system operator is a citizen or legal entity engaged in operating an information system, including processing information contained in its databases.” If you limit yourself to only this definition, you can draw the wrong conclusion. that “user” and “information system operator” are one and the same. However, in Part 2 of Art. 13 of the same law states: “unless otherwise established by federal laws, the operator of an information system is the owner of the technical means used for processing information contained in databases, who lawfully uses such databases, or the person with whom this owner has entered into an agreement on the operation of the information system " That is, we are not talking about any user, but either about the owner of computer equipment, or about the person whom the owner hired to manage this equipment. Thus, both, for example, a family member of the owner of a home computer, and a company employee working on corporate equipment, being a computer user, is not an information system operator. Therefore, we cannot say that it is necessary to obtain permission from such a user to access information - he simply does not have the rights to give such permission. But the owner of a home computer or the director of a company that owns computer equipment has such rights, which is clearly stated in the law. Accordingly, if access to information is authorized by the operator of the information system, whether the average user wants or does not want this access to be carried out, no one cares - the operator of the information system exercises his legal right.

The main conclusion from the difference described above is this. It is impossible to consider access to information without the user’s sanction, but with the sanction of the information system operator (which at the technical level is implemented using the administrator’s password), as unlawful, and the program that implements such access is not malicious.

If an ordinary user stores his own information in the information system of an employer (or a relative or acquaintance), then he, as its owner, formally has the right to allow or deny access to it. However, as follows from law and practice, the permission or prohibition of “technical access” to information stored in an information system is controlled by its operator, and the owner of the information has no right to interfere in the management of the information system.

The result is the following. If an ordinary user, as the owner of his own information, has an agreement with an information system operator and this agreement stipulates that the user has the right to store his own information in someone else’s information system, and the information system operator undertakes to take measures to protect it from unauthorized actions, then in the end After all, permission to access information in an information system is still given by its operator (by prior agreement with the owner of the information). If there is no such agreement, then by his actions of entering information into someone else’s information system, the user actually provides access to it to the operator of the information system, which makes the latter its legal owner. From which it again follows that the mode of “technical access” to the information system will be determined by its operator.

How to protect your personal information using COVERT program from one of the most popular keyloggers - KGB Spy program.

How can a computer user who does not have knowledge in the field of information security detect a spy hidden in his system and protect himself from surveillance without removing the keylogger from the computer in order to mislead the one who is spying on you? And how to remove Kgb Spy if you decide to do so? Let's consider the situation using the example of the common keylogger KGB spy and the COVERT program, which creates a secure platform for the user.

After launching the COVERT program, click the "System Processes" button.

In the system processes window, you can see all running processes, except hidden ones.

To see if you have programs on your computer that are hiding themselves, click the “Hidden Processes” button.

In the hidden processes window, scroll the slider to the very bottom. All hiding programs (rootkits) will be highlighted in red.

In the picture above we see a spy program called KGB spy. This keylogger is configured to hide its actions and monitor the user.

If you want to remove Kgb Spy, select “Open application folder” from the context menu.

In the window that opens, run the uninstallation of the program and the spy will be removed.

If you just want to hide your actions from the keylogger and thereby mislead the one who is watching you, then enter the platform by clicking the button with the name of the program, as shown in the figure above.

Inside the protection platform, those programs that hide themselves from the user (rootkits) can be seen simply in the process window.

The COVERT program creates a safe environment in which you can do everything, but the user's behavior becomes uncontrollable for spyware.

Spies will not be able to see your actions performed on a protected platform, which means they will also not be able to transmit information about them to their owners. COVERT protects against recording video from the monitor screen, against taking screenshots, and does not allow receiving data from the keyboard and clipboard. In addition, it hides the websites you have visited and other information about your activities.

If you find a spy that your wife or your husband (or your boss at work) assigned to you, do not rush to remove it. Think: perhaps it is better for them to think that you are not doing anything unknown to them on the computer, since the spy will be clean. In the meantime, you can do whatever you want in the COVERT platform.

In the picture below we see that the KGB spy, after performing actions in the COVERT cloaking platform, was unable to record anything. The masking program hides the user's actions from all currently existing spies. With its help, you can detect and destroy computer spies that work at the level of system kernel drivers and are invisible to antivirus programs.

Threat name

Executable file name:

Threat type:

Affected OS:

kgbspy-393.exe

Spyware/Trojan

Win32 (Windows XP, Windows Vista, Windows Seven, Windows 8)

KGB Spy infection method

KGB Spy copies its file(s) to your hard drive. Typical file name kgbspy-393.exe. Then it creates a startup key in the registry with a name and value kgbspy-393.exe. You can also find it in the process list with the name kgbspy-393.exe or .

If you have any additional questions regarding KGB Spy, please fill out and we will contact you shortly.

Download the removal utility

Download this program and remove KGB Spy and kgbspy-393.exe (download will start automatically):

* SpyHunter was developed by the American company EnigmaSoftware and is capable of removing KGB Spy automatically. The program was tested on Windows XP, Windows Vista, Windows 7 and Windows 8.

Functions

The program is able to protect files and settings from malicious code.

The program can fix browser problems and protects browser settings.

Removal is guaranteed - if SpyHunter fails, free support is provided.

24/7 anti-virus support is included in the package.

Download the KGB Spy removal utility from the Russian company Security Stronghold

If you are not sure which files to delete, use our program KGB Spy removal tool.. The KGB Spy removal utility will find and completely remove all problems associated with the KGB Spy virus. Fast, easy-to-use KGB Spy Removal Tool will protect your computer from the KGB Spy threat that harms your computer and violates your privacy. KGB Spy Removal Tool scans your hard drives and registry and removes any manifestation of KGB Spy. Regular antivirus software is powerless against malicious programs such as KGB Spy. Download this simplified removal tool specially designed to solve problems with KGB Spy and kgbspy-393.exe (download will start automatically):

Functions

Removes all files created by KGB Spy.

Removes all registry entries created by KGB Spy.

The program can fix browser problems.

Immunizes the system.

Removal is guaranteed - if the Utility fails, free support is provided.

24/7 antivirus support via GoToAssist is included in the package.

Our support team is ready to solve your problem with KGB Spy and remove KGB Spy right now!

Leave a detailed description of your problem with KGB Spy in the section. Our support team will contact you and provide you with a step-by-step solution to your KGB Spy problem. Please describe your problem as accurately as possible. This will help us provide you with the most effective KGB Spy removal method.

How to remove KGB Spy manually

This problem can be resolved manually by deleting registry keys and files associated with KGB Spy, removing it from the startup list and de-registering all associated DLL files. In addition, missing DLL files must be restored from the OS distribution if they were damaged.

To get rid of it, you need:

1. Terminate the following processes and delete the corresponding files:

Warning: you need to delete only files whose checksums are in the list of malicious ones. There may be files with the same names on your system. We recommend using this to solve the problem safely.

2. Delete the following folders:

3. Delete the following registry keys and/or values:

Warning: If registry key values ​​are specified, you should delete only the specified values ​​and leave the keys themselves intact. We recommend using this to solve the problem safely.

4. Reset browser settings

Sometimes it can affect your browser settings, such as changing your search and home page. We recommend that you use the free "Reset Browsers" feature in "Tools" in the program to reset all browsers at once. Please note that before this you need to delete all files, folders and registry keys belonging to KGB Spy. To reset browser settings manually, use these instructions:

For Internet Explorer

If you are using Windows XP, click Start, And Open. Enter the following in the field Open without quotes and press Enter: "inetcpl.cpl".

If you are using Windows 7 or Windows Vista, click Start. Enter the following in the field Search without quotes and press Enter: "inetcpl.cpl".

Select a tab Additionally

Under Resetting Internet Explorer browser settings, click Reset. And press Reset again in the window that opens.

Select checkbox Remove personal settings to delete history, restore search and home page.

After Internet Explorer has completed the reset, click Close in the dialog box.

Warning: Reset browser settings V Tools

For Google Chrome

Locate your Google Chrome installation folder at: C:\Users\"username"\AppData\Local\Google\Chrome\Application\User Data.

In folder User Data, find the file Default and rename it to DefaultBackup.

Launch Google Chrome and a new file will be created Default.

Google Chrome settings reset

Warning: In case this doesn't work, use the free option. Reset browser settings V Tools in the Spyhunter Remediation Tool program.

For Mozilla Firefox

Open Firefox

From the menu, select Help > Problem Solving Information.

Click the button Reset Firefox.

After Firefox finishes, it will show a window and create a folder on your desktop. Click Complete.

Warning: This way you will lose your passwords! We recommend using the free option Reset browser settings V Tools in the Spyhunter Remediation Tool program.