Ghost Keylogger by Sureshot – Users manual
This manual applies to Ghost Keylogger and Ghost Key Logger Lite. If you can’t find the requested information, please consult the FAQ. It may have the required information.
Table of contents
2. About the registered and demo version
5. Running Ghost Keylogger
6. Viewing the logs
7. Logging to file and mail
8. Detailed settings description
9. Deploying the keylogger
11. Final words
11. FAQ – Frequently Asked Questions
Would you like to know what people are doing on your computer?
Ghost Keylogger is an invisible easy-to-use surveillance tool that records every keystroke to an encrypted log file. The log file can be sent secretly with email to a specified receiver.
Ghost Keylogger also monitors the Internet activity by logging the addresses of visited homepages. It monitors time and title of the active application; even text in editboxes and message boxes is captured.
It’s Windows 95/98/ME/NT/2000/XP compatible.
The registered version can operate in invisible mode. That is, it will not show in the task bar, start menu or in the add/remove programs menu. On Windows 95/98/ME it will not even show in the process list (CTRL+ALT+DEL list).
Ghost Keylogger is simple to use and install, just double click on the keylogger file and then press Unzip. Now follow the instructions.
Hint: If you want to hide Ghost Keylogger from users, install the keylogger in a directory that is hard to find.
Locate the folder where Ghost Keylogger is installed. The default is under C:\Program Files\Sync Manager\. In this folder, double click on the file uninstall.bat. When it has finished simply delete the whole Ghost Keylogger directory. If you can’t remember to what folder you installed the keylogger you can search for the file syncconfig.exe. See the FAQ for more uninstall information.
The Ghost Keylogger is simple to run. Here is a step-by-step procedure to get it up and running:
1. Find the folder where Ghost Keylogger is installed. Default is C:\Program Files\Sync Manager\
2. Double click on the file syncconfig.exe to start the config application.
3. Enter a password. If it’s the first time you start the keylogger choose a password for the config application.
4. Configure the keylogger (you can skip this step to use default settings).
5. Press the “Ok” button or the “Start the keylogger” button under the System tab.
The keylogger is now up and running. Test the keylogger by typing something in Wordpad and playing around in Windows for a bit. After a while the log file will be created. If you didn’t make any changes to the configuration the created log file is called logfile.cip. The next chapther describes how to view the log file.
Log files are encrypted, therefore they can’t be opened directly in programs such as Wordpad and Notepad.
To view a log file follow this step-by-step procedure:
1. Double click on the file syncconfig.exe.
2. Enter your password.
3. Click on the View log files tab.
4. Press the Add button and browse the files you would like to view. If you haven’t changed any settings, logfile.cip is the default log file.
5. Choose a viewer (default is your Internet browser).
6. Press the View button.
Note that you can select multiple files under the “Add” button. This is good when you have used email logging and have a bunch of files you want to decrypted and view. Just select the wanted files and press View. The files will be decrypted and merged before they are sent on to the viewer.
Ghost Keylogger allows logging to two different targets.
File logging will create an encrypted log file to which the logged data are saved. This log file is encrypted and can only be viewed with the configuration application (syncconfig.exe).
Mail logging can be done in two ways, either as encrypted attachments or as plain text messages. If you use encrypted messages, you’ll have to save the recieved logs and then view them with the configuration application (syncconfig.exe). Note that you can view multiple files at a time.
Emails are sent on a timely basis specified by the user in hours and minutes. This time is both offline and online time. E.g. the keylogger is set to send an email every fourth hour. The keylogger is started at 12.00 AM, but the machine is not connected to Internet. The monitored user connects to Internet at 15.00 AM and stays online until 17.00 AM. At 16.00 AM the first log mail is sent.
In order to send emails, you need to give Ghost Keylogger information of which mail server to use. Ghost Keylogger comes with a number of predefined mail servers (default Mail 1-4) but you may also enter your own, do this by choosing “User Defined” under the mail tab. You specify the mail server in the POP and SMTP fields. So, for example, if you have an email account which you want to use to send the Ghost Keylogger logs with, please enter its SMTP and POP servers in the proper fields. Enter your email address in the “From” field and your username (often the left-hand-side of you email address) and password. In the “To” field you enter where you want to receive the emails. Note that the “To” email address can be different or the same as the “From” email address. Also note that all mail services don’t allow that users connect to them from email clients (eg. Outlook Express, Ghost Keylogger etc) but require that you use their web interface. If that is the case, you can’t use that email account to send emails with, but of course you can receive logs to it. An example of a mail service that doesn’t allow outside connections is Hotmail.com. You can setup a “dummy” account for Ghost Keylogger to be used to send the email logs, there are several free mail services you can use, please see the FAQ for more details.
To summarise the email setup:
1. Get an account to be used to send emails (“From”, “SMTP”, “POP”, “Password”, “Username field”)
2. Enter where you want to have logs sent. (“To” field)
Select this and the keylogger will run invisibly.
This option is not available in the demo version.
New login password
Press here to change your password for the configuration application (syncconfig.exe).
Use a password that you can remember and is hard for others to figure out. Changing the password will make old log files unreadable, therefore it’s recommended that you save all logs that you want to keep. Todo this, go to the View log files tab and use the Save to file option.
Start the keylogger
Press here to start the keylogger with the current configuration.
This is good for testing your configuration. However if you would like to keep the settings you will have to exit the config application by pressing the “Ok” button.
Stop the keylogger
Press here to stop the keylogger.
Advanced Settings – Start automatically when the computer is restarted
Select this and the keylogger starts automatically when Windows is restarted.
Advanced Settings – Create an error debug file
Select this to make the keylogger report errors to a debug file.
E.g. if the email logging by some reason fails, this will be reported to the logfile. The name of the debug file is “debug_log.txt” and will be created in the same directory as the “syncagent.exe” file. The default directory for “syncagent.exe” is “C:\Program Files\sync manager\agent\”. This option is very useful if you are experiencing problems with Ghost Keylogger and want to find out exactly what they are.
Advanced Settings – Show error message boxes
Select this to make the keylogger report errors to a message boxes.
Only use this if you want to allow message boxes to appear during the execution of the keylogger. For example if the keylogger cannot open the required DLL file
a message box will appear and report this. So this is only good in debugging purpose and should not be checked if you want the keylogger to run invisibly
Advanced Settings – Deploy button
Used to deploy the keylogger. See Chapter 9 in manual for more details
Log to a file
Select this if you want to log keystrokes to a file.
You can use both file and mail logging at the same time.
Enter the name of the file that keystrokes will be saved to.
Clear the logfile
Press this button to clear the existing log file.
All data in the log file will be deleted. Use this if you think the log file is growing to large.
Advanced Settings – Max file size
The maximum file size where 0 = unlimited.
Advanced Settings – Clear the file when it is full
The log file will be cleared when it reaches the specified size.
If the max file size isn’t unlimited, the log file will be cleared when its size has reached to the specified maximum file size. Logging will then continue from the beginning of the file.
Advanced Settings – Shutdown the keylogger when the file is full
The keylogger will shutdown when the log file reaches the specified size.
Advanced Settings – File buffer size
Specifies how often the log data is written to the file.
Increase this if you want the flushing to the file to take place less often. Ghost Keylogger captures keystrokes and other data to the primary memory. The access times to the primary memory is fast and the user will not notice anything. Unfortunately the primary memory is cleared every time the computer restarts, therefore Ghost Keylogger needs to write the captured data from the primary memory to the hard drive. Writing the data from the primary memory to the hard drive is also very fast, the only thing the user might see is that the hard drive light may flicker once. The file buffer size parameter tells Ghost Keylogger how often the data will be written to disk.
Log with email
Select this if you want to log keystrokes to an email recipient.
Send emails after every
Specify how often you want to receive the email log.
E.g. if you set the time to 24 Hours and 0 minutes you will get an email every day.
Encrypt the log mails
Select this if you want the logged emails to be encrypted.
If you decide to encrypt the emails they will arrive as attachments.
Choose a mail service to use. You can use your own by selecting User Defined. To make the emailing easier we have already configured mail services; you can choose one from the combo box. The only thing you will have to do is to fill out the To field.
The senders email address. E.g. [email protected]
This is the destination email address. E.g. [email protected]
The SMTP server address. E.g. smtp.mail.yahoo.com
SMTP – Port
The port that SMTP uses, usually 25.
Use POP Authentication
Select this if the mail service requires POP authentication.
This is the POP server address. E.g. pop.mail.yahoo.com
POP – Port
The port the POP server uses, usually 110.
The username for your mail account. (For POP authentication)
The password for your mail account. (For POP authentication)
Test if the settings are correct by sending an email.
When you have configured your mail service, you can now test it, just click the “Test” button. After a while (can in some cases take a couple of minutes) a message box will appear to indicate if the mail configuration was correct. If the test mail was successfully sent, you can check your mailbox in a couple of minutes for the incoming test mail.
Advanced Settings – Wait for a connection
If the keylogger fails to send the email then wait and try again later.
If the emailing fails by some reason, e.g. the computer on which the Keylogger is running is not currently connected to the Internet, you can use this option to let the keylogger continue the logging and wait to send the emails until the computer gets an internet connection.
Advanced Settings – Shutdown the keylogger
If the keylogger fails to send the email then shutdown it down.
Advanced Settings – Buffer size
If the captured data reaches this size, the log file will be sent.
If you want to make sure that emails are sent before they grow to large then use this parameter. Enter the number of maximum characters (bytes) the log file can contain. Ghost Keylogger ensure that emails are sent before they grow bigger than the given size. If you enter 0, there is no limit.
Do not capture application titles
Select this if you don’t want to capture application titles.
When you switch between applications their titles are captured togheter with the system time.
Do not capture edit boxes
Select this if you don’t want the content of edit boxes to be logged.
An example of an edit box is the address bar in Internet Explorer where you can type in an address.
Do not capture static text
Select this if you don’t want to log static text.
Static text appear in message boxes. E.g. if you exit a word processor without having saved the document a message box will appear and ask you “Do you want to save before you exit?” The text, in the message box is called static text.
Do not capture keystrokes without any ascii representation
Select this to only capture keys that have an ASCII representation.
Keys that have an ASCII representation are keys such as a,B,c,3,4,6, etc. Keys without ASCII representations are among other SHIFT, CTRL, CAPSLOCK, LEFT ARROW and so on.
Filter custom keys
Enter the key you would like to filter away, and then press the Add button.
If you for example would like to filter away the ESCAPE button, press ESC in the edit box and then press add. You can add as many own keys to filter as you want.
When you have entered a key in the edit box to the left, press this button.
Press this button to remove the select key in the list.
View log files tab
Press this button to browse the files you want to view.
Note that you can select multiple files.
Press this button to remove the selected files in the list.
You can remove files from the list, they will not be deleted from you hard drive, only removed from the list.
View with Wordpad
This will open the logfiles in Wordpad.
View with Internet browser
This will open the logfiles in your default Internet browser.
Save to file
This will let you save the log file to disk.
Press this button to view the log files.
Deploying the keylogger is useful if you want to install it to more then one computer. When it has been deployed, only the necessary files for logging will be installed, i.e. the manual, config application and such files will not be installed.
Deploying is also good if you want to make the keylogger more invisible. You can use a cover name for the deployment files. Three files are necessary to copy to the target machine, syncagent.exe, syncagent.cfg and syncagent.dll. E.g. if you choose the cover name msvcasp the deployed files will be named msvcasp.exe msvcasp.cfg and msvcasp.dll.
This is how you deploy the keylogger to another machine.
1. Install the keylogger on your machine.
2. Enter the syncconfig.exe application and edit the settings you want for the keylogger that you are going to deploy.
3. Under the System Tab click on the “Advanced Settings” and the on the button named “Deploy”.
4. Choose a cover name and a deployment directory.
5. Press Ok.
6. If you deployed the files to a floppy disk, use that disk to copy the files to the computers you would like to deploy it to. You can copy them to any directory. Note that you must copy the files to the target computers hard drive.
7. On the target machine, double click on the file yourcovername.exe to start the keylogger.
If you use file logging remember to make sure that the log file path exists on the target machine.
Uninstalling a deployed keylogger
1. On the target machine, open a command prompt and goto the directory where the deployed instance is installed (yourdeployname.exe, yourdeployname.dll, yourdeployname.cfg). If you can’t remember where you put it, search for yourdeployname.exe in Explorer.
2. Type yourdeployname.exe -uninstall
3. Now delete the files (yourdeployname.exe, yourdeployname.dll, yourdeployname.cfg).
Sometimes firewalls stop some or all outgoing connections. If this is the case, you might not be able to send log data by mail directly to an external address. The work-around is to use the mail server that resides inside the firewall to send mail to the external address. Contact your system administrator for information about the local mail server.
syncconfig.exe – the configuration application
manual.html – this file
faq.html – Frequently Asked Questions
uninstall.bat – uninstalls the keylogger
agent\syncagent.exe – the Ghost Keylogger application
agent\syncagent.dll – syncagent.exe uses this file to capture keystrokes
agent\syncagent.cfg – the configuration file
If you have questions about the software, would like to make a comment or just like to say hi, send us an email! Take care.