Ghost Keylogger manual

Ghost Keylogger by Sureshot - Users manual

If you can't find the requested information, please consult the FAQ. It may have the required information.

Table of contents
-----------------
1. Introduction
2. About the registered and demo version
3. Install
4. Uninstall
5. Running Ghost Keylogger
6. Viewing the logs
7. Logging to file and mail
8. Detailed settings description
9. Deploying the keylogger
10. General
11. Related
12. Final words
13. FAQ - Frequently Asked Questions

1. Introduction
---------------
Would you like to know what people are doing on your computer?

Ghost Keylogger is an invisible easy-to-use surveillance tool that records every keystroke to an encrypted log file. The log file can be sent secretly with email to a specified receiver. Ghost Keylogger also monitors the Internet activity by logging the addresses of visited homepages. It monitors time and title of the active application; even text in edit boxes and message boxes is captured.

It's Windows 95/98/ME/NT/2000/XP compatible.

2. About the registered and demo version
----------------------------------------
The registered version can operate in invisible mode. That is, it will not show in the task bar, start menu or in the add/remove programs menu. It is completely invisible in the Task Manager (CTRL+ALT+DEL) on all operating systems. It is even invisible in the NT/2000/XP process list!

3. Install
----------
Ghost Keylogger is simple to use and install, just double click on the keylogger file and then press "Setup". Now follow the instructions. Hint: If you want to hide Ghost Keylogger from users, install the keylogger in a directory that is hard to find.

4. Uninstall
------------
Locate the folder where Ghost Keylogger is installed. The default is under C:\Program Files\Sync Manager\. In this folder, double click the file syncconfig.exe to start the configuration application. Under the "System" tab you will find the "Uninstall" button. Click on the button and follow the instructions.

5. Running Ghost Keylogger
--------------------------
The Ghost Keylogger is simple to run. Here is a step-by-step procedure to get it up and running:
1. Find the folder where Ghost Keylogger is installed. Default is C:\Program Files\Sync Manager\
2. Double click on the file syncconfig.exe to start the config application.
3. Enter a password. If it's the first time you start the keylogger choose a password for the config application.
4. Configure the keylogger (you can skip this step to use default settings).
5. Press the "Ok" button or the "Start the keylogger" button under the System tab. The keylogger is now up and running. Test the keylogger by typing something in Wordpad and playing around in Windows for a bit. After a while the log file will be created. If you didn't make any changes to the configuration the created log file is called logfile.cip. The next chapter describes how to view the log file.

6. Viewing the logs
-------------------
Log files are encrypted, therefore they can't be opened directly in programs such as Wordpad and Notepad. To view a log file follow this step-by-step procedure:
1. Double click on the file syncconfig.exe.
2. Enter your password.
3. Click on the View log files tab.
4. Press the Add button and browse the files you would like to view. If you haven't changed any settings, logfile.cip is the default log file.
5. Choose a viewer (default is your Internet browser).
6. Press the View button. Note that you can select multiple files under the "Add" button. This is good when you have used email logging and have a bunch of files you want to decrypted and view. Just select the wanted files and press View. The files will be decrypted and merged before they are sent on to the viewer.

7. Logging to file and mail
---------------------------
Ghost Keylogger allows logging to two different targets.

File
File logging will create an encrypted log file to which the logged data are saved. This log file is encrypted and can only be viewed with the configuration application (syncconfig.exe).

Mail
Mail logging can be done in two ways, either as encrypted attachments or as plain text messages. If you use encrypted messages, you'll have to save the received logs and then view them with the configuration application (syncconfig.exe). Note that you can view multiple files at a time.

Emails are sent on a timely basis specified by the user in hours and minutes. This time is both offline and online time. E.g. the keylogger is set to send an email every fourth hour. The keylogger is started at 12.00 AM, but the machine is not connected to Internet. The monitored user connects to Internet at 15.00 AM and stays online until 17.00 AM. At 16.00 AM the first log mail is sent.

In order to send emails, you need to give Ghost Keylogger information of which mail server to use. Ghost Keylogger comes with a number of predefined mail servers (Default Mails) but you may also enter your own, do this by choosing "User Defined" under the mail tab. You specify the mail server in the POP and SMTP fields. So, for example, if you have an email account which you want to use to send the Ghost Keylogger logs with, please enter its SMTP and POP servers in the proper fields. Enter your email address in the "From" field and your username (often the left-hand-side of you email address) and password. In the "To" field you enter where you want to receive the emails. Note that the "To" email address can be different or the same as the "From" email address. Also note that all mail services don't allow that users connect to them from email clients (e.g. Outlook Express, Ghost Keylogger etc) but require that you use their web interface. If that is the case, you can't use that email account to send emails with, but of course you can receive logs to it. An example of a mail service that doesn't allow outside connections is Hotmail.com. You can setup a "dummy" account for Ghost Keylogger to be used to send the email logs, there are several free mail services you can use, please see the FAQ for more details.

To summarize the email setup:
1. Get an account to be used to send emails ("From", "SMTP", "POP", "Password", "Username field")
2. Enter where you want to have logs sent. ("To" field)

8. Detailed settings description
--------------------------------

1. System Tab
2. File Tab
3. Mail Tab
4. Filter Tab
5. View log files Tab

System tab

Invisible
Select this and the keylogger will run invisibly.
This option is not available in the demo version.

New login password
Press here to change your password for the configuration application (syncconfig.exe).
Use a password that you can remember and is hard for others to figure out. Changing the password will make old log files unreadable, therefore it's recommended that you save all logs that you want to keep. To do this, go to the View log files tab and use the Save to file option.

Start the keylogger
Press here to start the keylogger with the current configuration.
This is good for testing your configuration. However if you would like to keep the settings you will have to exit the config application by pressing the "Ok" button.

Stop the keylogger
Press here to stop the keylogger.

Uninstall
Press here to uninstall the keylogger from your system.

Advanced Settings - Start automatically when the computer is restarted
Select this and the keylogger starts automatically when Windows is restarted.

Advanced Settings - Make it visible when these keys are pressed
Select this to enable the keylogger hotkey. This option is very useful if you want to be able to easily bring up the keylogger dialog, which can take you to the config application. Disable this if you are afraid that users will press the hotkey combination by mistake and thereby reveal the keylogger (the probability is very slight).

Advanced Settings - CTRL + ALT + SHIFT +
Enter the hotkey you would like to unhide the keylogger with.

Advanced Settings - Report with a log file
Select this to make the keylogger report errors to a debug file.
E.g. if the email logging by some reason fails, this will be reported to the log file. The name of the debug file is "debug_log.txt" and will be created in the same directory as the "syncagent.exe" file. The default directory for "syncagent.exe" is "C:\Program Files\sync manager\agent\". This option is very useful if you are experiencing problems with Ghost Keylogger and want to find out exactly what they are.

Advanced Settings - Report with message boxes
Select this to make the keylogger report errors to a message boxes.
Only use this if you want to allow message boxes to appear during the execution of the keylogger. For example if the keylogger cannot open the required DLL file
a message box will appear and report this. So this is only good in debugging purpose and should not be checked if you want the keylogger to run invisibly

Advanced Settings - Deploy button
Used to deploy the keylogger. See Chapter 9 in manual for more details

File tab

Log to a file
Select this if you want to log keystrokes to a file.
You can use both file and mail logging at the same time.

Log filename
Enter the name of the file that keystrokes will be saved to.

Clear the log file
Press this button to clear the existing log file.
All data in the log file will be deleted. Use this if you think the log file is growing to large.

Advanced Settings - Max file size
The maximum file size where 0 = unlimited.

Advanced Settings - Clear the file when it is full
The log file will be cleared when it reaches the specified size.
If the max file size isn't unlimited, the log file will be cleared when its size has reached to the specified maximum file size. Logging will then continue from the beginning of the file.

Advanced Settings - Shutdown the keylogger when the file is full
The keylogger will shutdown when the log file reaches the specified size.

Advanced Settings - File buffer size
Specifies how often the log data is written to the file.
Increase this if you want the flushing to the file to take place less often. Ghost Keylogger captures keystrokes and other data to the primary memory. The access times to the primary memory is fast and the user will not notice anything. Unfortunately the primary memory is cleared every time the computer restarts, therefore Ghost Keylogger needs to write the captured data from the primary memory to the hard drive. Writing the data from the primary memory to the hard drive is also very fast, the only thing the user might see is that the hard drive light may flicker once. The file buffer size parameter tells Ghost Keylogger how often the data will be written to disk.

Mail tab

Log with email
Select this if you want to log keystrokes to an email recipient.

Send emails after every
Specify how often you want to receive the email log.
E.g. if you set the time to 24 Hours and 0 minutes you will get an email every day.

Encrypt the log mails
Select this if you want the logged emails to be encrypted.
If you decide to encrypt the emails they will arrive as attachments.

Mail service
Choose a mail service to use. You can use your own by selecting User Defined. To make the emailing easier we have already configured mail services; you can choose one from the combo box. The only thing you will have to do is to fill out the To field.

From
The senders email address. E.g. myemail@yahoo.net

To
This is the destination email address. E.g. yourname@hotmail.com

SMTP
The SMTP server address. E.g. smtp.mail.yahoo.com

SMTP - Port
The port that SMTP uses, usually 25.

Use POP Authentication
Select this if the mail service requires POP authentication.

POP
This is the POP server address. E.g. pop.mail.yahoo.com

POP - Port
The port the POP server uses, usually 110.

Username
The username for your mail account. (For POP authentication)

Password
The password for your mail account. (For POP authentication)

Test
Test if the settings are correct by sending an email.
When you have configured your mail service, you can now test it, just click the "Test" button. After a while (can in some cases take a couple of minutes) a message box will appear to indicate if the mail configuration was correct. If the test mail was successfully sent, you can check your mailbox in a couple of minutes for the incoming test mail.

Advanced Settings - Wait for a connection
If the keylogger fails to send the email then wait and try again later.
If the emailing fails by some reason, e.g. the computer on which the Keylogger is running is not currently connected to the Internet, you can use this option to let the keylogger continue the logging and wait to send the emails until the computer gets an internet connection.

Advanced Settings - Shutdown the keylogger
If the keylogger fails to send the email then shutdown it down.

Advanced Settings - Buffer size
If the captured data reaches this size, the log file will be sent.
If you want to make sure that emails are sent before they grow to large then use this parameter. Enter the number of maximum characters (bytes) the log file can contain. Ghost Keylogger ensure that emails are sent before they grow bigger than the given size. If you enter 0, there is no limit.

Filter tab

Do not capture application titles
Select this if you don't want to capture application titles.
When you switch between applications their titles are captured together with the system time.

Do not capture edit boxes
Select this if you don't want the content of edit boxes to be logged.
An example of an edit box is the address bar in Internet Explorer where you can type in an address.

Do not capture static text
Select this if you don't want to log static text.
Static text appear in message boxes. E.g. if you exit a word processor without having saved the document a message box will appear and ask you "Do you want to save before you exit?" The text, in the message box is called static text.

Do not capture keystrokes without any ascii representation
Select this to only capture keys that have an ASCII representation.
Keys that have an ASCII representation are keys such as a,B,c,3,4,6, etc. Keys without ASCII representations are among other SHIFT, CTRL, CAPSLOCK, LEFT ARROW and so on.

Filter custom keys
Enter the key you would like to filter away, and then press the Add button.
If you for example would like to filter away the ESCAPE button, press ESC in the edit box and then press add. You can add as many own keys to filter as you want.

Add button
When you have entered a key in the edit box to the left, press this button.

Remove button
Press this button to remove the select key in the list.

View log files tab

Add button
Press this button to browse the files you want to view.
Note that you can select multiple files.

Remove button
Press this button to remove the selected files in the list.
You can remove files from the list, they will not be deleted from you hard drive, only removed from the list.

View with Wordpad
This will open the log files in Wordpad.

View with Internet browser
This will open the log files in your default Internet browser.

Save to file
This will let you save the log file to disk.

View button
Press this button to view the log files.

9. Deploying the keylogger
--------------------------
Deploying the keylogger is useful if you want to install it to more then one computer. When it has been deployed, only the necessary files for logging will be installed, i.e. the manual, config application and such files will not be installed.

Deploying is also good if you want to make the keylogger more invisible. You can use a cover name for the deployment files. Three files are necessary to copy to the target machine, syncagent.exe, syncagent.cfg and syncagent.dll. E.g. if you choose the cover name msvcasp the deployed files will be named msvcasp.exe msvcasp.cfg and msvcasp.dll.

Deploy
This is how you deploy the keylogger to another machine.

1. Install the keylogger on your machine.
2. Enter the syncconfig.exe application and edit the settings you want for the keylogger that you are going to deploy.
3. Under the System Tab click on the "Advanced Settings" and the on the button named "Deploy".
4. Choose a cover name and a deployment directory.
5. If you use file logging, enter the log file name. E.g. "logfile.cip" will be created in the deployment directory (current working directory), while for example "c:\windows\logfile.cip" will be created under the windows directory. Remember that if you specify a specific directory, it must exist on the target machine, otherwise no log file will be created.
6 . Press Ok.
7 . If you deployed the files to a floppy disk, use that disk to copy the files to the computers you would like to deploy it to. You can copy them to any directory. Note that you must copy the files to the target computers hard drive.
8 . On the target machine, double click on the file yourcovername.exe to start the keylogger.

Uninstalling a deployed keylogger
There are two different approaches to uninstall a deployed keylogger. The first requires that you can use the Ghost Keylogger hotkey to make Ghost Keylogger visible. When the Ghost Keylogger hotkey is disabled another more advanced approach has to be used which involves command prompt (dos) knowledge.

Uninstall using hotkey
1. On the target machine, press the hotkey combination, the default is CTRL+ALT+SHIFT+G.
2. Click on the "Uninstall" button and follow the instructions.

Uninstall using a command prompt
1. On the target machine open a command prompt and go to the directory where the deployed instance is installed (yourdeployname.exe, yourdeployname.dll, yourdeployname.cfg). If you can't remember where you put it, search for yourdeployname.exe in Explorer.
2. Type yourdeployname.exe -uninstall
3. Now delete the files (yourdeployname.exe, yourdeployname.dll, yourdeployname.cfg).

10. General
-----------
Firewall's
Sometimes firewall's stop some or all outgoing connections. If this is the case, you might not be able to send log data by mail directly to an external address. The work-around is to use the mail server that resides inside the firewall to send mail to the external address. Contact your system administrator for information about the local mail server.

Files
syncconfig.exe - the configuration application
manual.html - this file
faq.html - Frequently Asked Questions
agent\syncagent.exe - the Ghost Keylogger application
agent\syncagent.dll - syncagent.exe uses this file to capture keystrokes
agent\syncagent.cfg - the configuration file

11. Related
-----------
Surf Spy - Monitor the Internet activity with Surf Spy.
Farsighter - Farsighter monitors a remote computer invisibly by streaming real-time video to a viewer on your computer.
Stop-the-Pop-Up - Stop-the-Pop is an aggressive pop-up blocker preventing all annoying pop-up windows from appearing as you surf the web.
Cool screensaver - Simulate the blue screen of death.
Password Recovery Pro - Recover lost passwords.
Software for Links - Link to us and get free software.
Sureshot Reseller Program - Join Sureshot Software reseller program.

12. Final words
---------------
If you have questions about the software, would like to make a comment or just like to say hi, send us an email! Take care.

-----------
by Sureshot