Ghost Keylogger by Sureshot - Users manual
If you can't find the requested information, please consult the FAQ. It may have the required information.
Table of contents
2. About the registered and demo version
5. Running Ghost Keylogger
6. Viewing the logs
7. Logging to file and mail
8. Detailed settings description
9. Deploying the keylogger
12. Final words
13. FAQ - Frequently Asked Questions
Would you like to know what people are doing on your computer?
Ghost Keylogger is an invisible easy-to-use surveillance tool that records every keystroke to an encrypted log file. The log file can be sent secretly with email to a specified receiver. Ghost Keylogger also monitors the Internet activity by logging the addresses of visited homepages. It monitors time and title of the active application; even text in edit boxes and message boxes is captured.
It's Windows 95/98/ME/NT/2000/XP compatible.
2. About the
registered and demo version
The registered version can operate in invisible mode. That is, it will not show in the task bar, start menu or in the add/remove programs menu. It is completely invisible in the Task Manager (CTRL+ALT+DEL) on all operating systems. It is even invisible in the NT/2000/XP process list!
Ghost Keylogger is simple to use and install, just double click on the keylogger file and then press "Setup". Now follow the instructions. Hint: If you want to hide Ghost Keylogger from users, install the keylogger in a directory that is hard to find.
Locate the folder where Ghost Keylogger is installed. The default is under C:\Program Files\Sync Manager\. In this folder, double click the file syncconfig.exe to start the configuration application. Under the "System" tab you will find the "Uninstall" button. Click on the button and follow the instructions.
5. Running Ghost
The Ghost Keylogger is simple to run. Here is a step-by-step procedure to get it up and running:
1. Find the folder where Ghost Keylogger is installed. Default is C:\Program Files\Sync Manager\
2. Double click on the file syncconfig.exe to start the config application.
3. Enter a password. If it's the first time you start the keylogger choose a password for the config application.
4. Configure the keylogger (you can skip this step to use default settings).
5. Press the "Ok" button or the "Start the keylogger" button under the System tab. The keylogger is now up and running. Test the keylogger by typing something in Wordpad and playing around in Windows for a bit. After a while the log file will be created. If you didn't make any changes to the configuration the created log file is called logfile.cip. The next chapter describes how to view the log file.
6. Viewing the
Log files are encrypted, therefore they can't be opened directly in programs such as Wordpad and Notepad. To view a log file follow this step-by-step procedure:
1. Double click on the file syncconfig.exe.
2. Enter your password.
3. Click on the View log files tab.
4. Press the Add button and browse the files you would like to view. If you haven't changed any settings, logfile.cip is the default log file.
5. Choose a viewer (default is your Internet browser).
6. Press the View button. Note that you can select multiple files under the "Add" button. This is good when you have used email logging and have a bunch of files you want to decrypted and view. Just select the wanted files and press View. The files will be decrypted and merged before they are sent on to the viewer.
7. Logging to file
Ghost Keylogger allows logging to two different targets.
File logging will create an encrypted log file to which the logged data are saved. This log file is encrypted and can only be viewed with the configuration application (syncconfig.exe).
Mail logging can be done in two ways, either as encrypted attachments or as plain text messages. If you use encrypted messages, you'll have to save the received logs and then view them with the configuration application (syncconfig.exe). Note that you can view multiple files at a time.
Emails are sent on a timely basis specified by the user in hours and minutes. This time is both offline and online time. E.g. the keylogger is set to send an email every fourth hour. The keylogger is started at 12.00 AM, but the machine is not connected to Internet. The monitored user connects to Internet at 15.00 AM and stays online until 17.00 AM. At 16.00 AM the first log mail is sent.
In order to send emails, you need to give Ghost Keylogger information of which mail server to use. Ghost Keylogger comes with a number of predefined mail servers (Default Mails) but you may also enter your own, do this by choosing "User Defined" under the mail tab. You specify the mail server in the POP and SMTP fields. So, for example, if you have an email account which you want to use to send the Ghost Keylogger logs with, please enter its SMTP and POP servers in the proper fields. Enter your email address in the "From" field and your username (often the left-hand-side of you email address) and password. In the "To" field you enter where you want to receive the emails. Note that the "To" email address can be different or the same as the "From" email address. Also note that all mail services don't allow that users connect to them from email clients (e.g. Outlook Express, Ghost Keylogger etc) but require that you use their web interface. If that is the case, you can't use that email account to send emails with, but of course you can receive logs to it. An example of a mail service that doesn't allow outside connections is Hotmail.com. You can setup a "dummy" account for Ghost Keylogger to be used to send the email logs, there are several free mail services you can use, please see the FAQ for more details.
To summarize the email setup:
1. Get an account to be used to send emails ("From", "SMTP", "POP", "Password", "Username field")
2. Enter where you want to have logs sent. ("To" field)
8. Detailed settings
2. File Tab
3. Mail Tab
4. Filter Tab
5. View log files Tab
Select this and the keylogger will run invisibly.
This option is not available in the demo version.
New login password
Press here to change your password for the configuration application (syncconfig.exe).
Use a password that you can remember and is hard for others to figure out. Changing the password will make old log files unreadable, therefore it's recommended that you save all logs that you want to keep. To do this, go to the View log files tab and use the Save to file option.
Start the keylogger
Press here to start the keylogger with the current configuration.
This is good for testing your configuration. However if you would like to keep the settings you will have to exit the config application by pressing the "Ok" button.
Stop the keylogger
Press here to stop the keylogger.
Press here to uninstall the keylogger from your system.
Advanced Settings - Start automatically when the computer is restarted
Select this and the keylogger starts automatically when Windows is restarted.
Advanced Settings - Make
it visible when these keys are pressed
Select this to enable the keylogger hotkey. This option is very useful if you want to be able to easily bring up the keylogger dialog, which can take you to the config application. Disable this if you are afraid that users will press the hotkey combination by mistake and thereby reveal the keylogger (the probability is very slight).
Advanced Settings - CTRL
+ ALT + SHIFT +
Enter the hotkey you would like to unhide the keylogger with.
Advanced Settings - Report
with a log file
Select this to make the keylogger report errors to a debug file.
E.g. if the email logging by some reason fails, this will be reported to the log file. The name of the debug file is "debug_log.txt" and will be created in the same directory as the "syncagent.exe" file. The default directory for "syncagent.exe" is "C:\Program Files\sync manager\agent\". This option is very useful if you are experiencing problems with Ghost Keylogger and want to find out exactly what they are.
Advanced Settings - Report
with message boxes
Select this to make the keylogger report errors to a message boxes.
Only use this if you want to allow message boxes to appear during the execution of the keylogger. For example if the keylogger cannot open the required DLL file
a message box will appear and report this. So this is only good in debugging purpose and should not be checked if you want the keylogger to run invisibly
Advanced Settings - Deploy
Used to deploy the keylogger. See Chapter 9 in manual for more details
Log to a file
Select this if you want to log keystrokes to a file.
You can use both file and mail logging at the same time.
Enter the name of the file that keystrokes will be saved to.
Clear the log file
Press this button to clear the existing log file.
All data in the log file will be deleted. Use this if you think the log file is growing to large.
Advanced Settings - Max
The maximum file size where 0 = unlimited.
Advanced Settings - Clear
the file when it is full
The log file will be cleared when it reaches the specified size.
If the max file size isn't unlimited, the log file will be cleared when its size has reached to the specified maximum file size. Logging will then continue from the beginning of the file.
Advanced Settings - Shutdown
the keylogger when the file is full
The keylogger will shutdown when the log file reaches the specified size.
Advanced Settings - File
Specifies how often the log data is written to the file.
Increase this if you want the flushing to the file to take place less often. Ghost Keylogger captures keystrokes and other data to the primary memory. The access times to the primary memory is fast and the user will not notice anything. Unfortunately the primary memory is cleared every time the computer restarts, therefore Ghost Keylogger needs to write the captured data from the primary memory to the hard drive. Writing the data from the primary memory to the hard drive is also very fast, the only thing the user might see is that the hard drive light may flicker once. The file buffer size parameter tells Ghost Keylogger how often the data will be written to disk.
Log with email
Select this if you want to log keystrokes to an email recipient.
Send emails after every
Specify how often you want to receive the email log.
E.g. if you set the time to 24 Hours and 0 minutes you will get an email every day.
Encrypt the log mails
Select this if you want the logged emails to be encrypted.
If you decide to encrypt the emails they will arrive as attachments.
Choose a mail service to use. You can use your own by selecting User Defined. To make the emailing easier we have already configured mail services; you can choose one from the combo box. The only thing you will have to do is to fill out the To field.
The senders email address. E.g. firstname.lastname@example.org
This is the destination email address. E.g. email@example.com
The SMTP server address. E.g. smtp.mail.yahoo.com
SMTP - Port
The port that SMTP uses, usually 25.
Use POP Authentication
Select this if the mail service requires POP authentication.
This is the POP server address. E.g. pop.mail.yahoo.com
POP - Port
The port the POP server uses, usually 110.
The username for your mail account. (For POP authentication)
The password for your mail account. (For POP authentication)
Test if the settings are correct by sending an email.
When you have configured your mail service, you can now test it, just click the "Test" button. After a while (can in some cases take a couple of minutes) a message box will appear to indicate if the mail configuration was correct. If the test mail was successfully sent, you can check your mailbox in a couple of minutes for the incoming test mail.
Advanced Settings - Wait
for a connection
If the keylogger fails to send the email then wait and try again later.
If the emailing fails by some reason, e.g. the computer on which the Keylogger is running is not currently connected to the Internet, you can use this option to let the keylogger continue the logging and wait to send the emails until the computer gets an internet connection.
Advanced Settings - Shutdown
If the keylogger fails to send the email then shutdown it down.
Advanced Settings - Buffer
If the captured data reaches this size, the log file will be sent.
If you want to make sure that emails are sent before they grow to large then use this parameter. Enter the number of maximum characters (bytes) the log file can contain. Ghost Keylogger ensure that emails are sent before they grow bigger than the given size. If you enter 0, there is no limit.
Do not capture application
Select this if you don't want to capture application titles.
When you switch between applications their titles are captured together with the system time.
Do not capture edit boxes
Select this if you don't want the content of edit boxes to be logged.
An example of an edit box is the address bar in Internet Explorer where you can type in an address.
Do not capture static
Select this if you don't want to log static text.
Static text appear in message boxes. E.g. if you exit a word processor without having saved the document a message box will appear and ask you "Do you want to save before you exit?" The text, in the message box is called static text.
Do not capture keystrokes
without any ascii representation
Select this to only capture keys that have an ASCII representation.
Keys that have an ASCII representation are keys such as a,B,c,3,4,6, etc. Keys without ASCII representations are among other SHIFT, CTRL, CAPSLOCK, LEFT ARROW and so on.
Filter custom keys
Enter the key you would like to filter away, and then press the Add button.
If you for example would like to filter away the ESCAPE button, press ESC in the edit box and then press add. You can add as many own keys to filter as you want.
When you have entered a key in the edit box to the left, press this button.
Press this button to remove the select key in the list.
View log files tab
Press this button to browse the files you want to view.
Note that you can select multiple files.
Press this button to remove the selected files in the list.
You can remove files from the list, they will not be deleted from you hard drive, only removed from the list.
View with Wordpad
This will open the log files in Wordpad.
View with Internet browser
This will open the log files in your default Internet browser.
Save to file
This will let you save the log file to disk.
Press this button to view the log files.
9. Deploying the keylogger
Deploying the keylogger is useful if you want to install it to more then one computer. When it has been deployed, only the necessary files for logging will be installed, i.e. the manual, config application and such files will not be installed.
Deploying is also good if you want to make the keylogger more invisible. You can use a cover name for the deployment files. Three files are necessary to copy to the target machine, syncagent.exe, syncagent.cfg and syncagent.dll. E.g. if you choose the cover name msvcasp the deployed files will be named msvcasp.exe msvcasp.cfg and msvcasp.dll.
This is how you deploy the keylogger to another machine.
1. Install the keylogger on
2. Enter the syncconfig.exe application and edit the settings you want for the keylogger that you are going to deploy.
3. Under the System Tab click on the "Advanced Settings" and the on the button named "Deploy".
4. Choose a cover name and a deployment directory.
5. If you use file logging, enter the log file name. E.g. "logfile.cip" will be created in the deployment directory (current working directory), while for example "c:\windows\logfile.cip" will be created under the windows directory. Remember that if you specify a specific directory, it must exist on the target machine, otherwise no log file will be created.
6 . Press Ok.
7 . If you deployed the files to a floppy disk, use that disk to copy the files to the computers you would like to deploy it to. You can copy them to any directory. Note that you must copy the files to the target computers hard drive.
8 . On the target machine, double click on the file yourcovername.exe to start the keylogger.
Uninstalling a deployed
There are two different approaches to uninstall a deployed keylogger. The first requires that you can use the Ghost Keylogger hotkey to make Ghost Keylogger visible. When the Ghost Keylogger hotkey is disabled another more advanced approach has to be used which involves command prompt (dos) knowledge.
Uninstall using hotkey
1. On the target machine, press the hotkey combination, the default is CTRL+ALT+SHIFT+G.
2. Click on the "Uninstall" button and follow the instructions.
Uninstall using a command
1. On the target machine open a command prompt and go to the directory where the deployed instance is installed (yourdeployname.exe, yourdeployname.dll, yourdeployname.cfg). If you can't remember where you put it, search for yourdeployname.exe in Explorer.
2. Type yourdeployname.exe -uninstall
3. Now delete the files (yourdeployname.exe, yourdeployname.dll, yourdeployname.cfg).
Sometimes firewall's stop some or all outgoing connections. If this is the case, you might not be able to send log data by mail directly to an external address. The work-around is to use the mail server that resides inside the firewall to send mail to the external address. Contact your system administrator for information about the local mail server.
syncconfig.exe - the configuration application
manual.html - this file
faq.html - Frequently Asked Questions
agent\syncagent.exe - the Ghost Keylogger application
agent\syncagent.dll - syncagent.exe uses this file to capture keystrokes
agent\syncagent.cfg - the configuration file
Surf Spy - Monitor the Internet activity with Surf Spy.
Farsighter - Farsighter monitors a remote computer invisibly by streaming real-time video to a viewer on your computer.
Stop-the-Pop-Up - Stop-the-Pop is an aggressive pop-up blocker preventing all annoying pop-up windows from appearing as you surf the web.
Cool screensaver - Simulate the blue screen of death.
Password Recovery Pro - Recover lost passwords.
Software for Links - Link to us and get free software.
Sureshot Reseller Program - Join Sureshot Software reseller program.
12. Final words
If you have questions about the software, would like to make a comment or just like to say hi, send us an email! Take care.