Editors' note, 10:44 a.m. PT on March 31: Samsung has been cleared of the keylogger allegations. Read the details in CNET's follow-up story.
A security researcher revealed today that he had purchased two new laptops from Samsung, and discovered both of them to be infected with the StarLogger (download) keystroke-recording program. While there's very little that can be done about keystrokes already recorded, checking your own laptop for such software is actually quite simple--if you're familiar with mucking about in your system directories and Registry.
Note that the researcher only reported StarLogger on two models, a Samsung R525 and a Samsung R540--and that Samsung subsequently said that he was mistaken. CNET examined another new Samsung laptop, the Samsung Series 9, and did not find a keylogger installed.
Because it's a keylogger, most often used for spying on employees and children, StarLogger cannot be accessed from your Start menu. (Or at least, it shouldn't be accessible there. If it is, whoever installed it did a poor job.)
The easiest way to find StarLogger is to look for its Registry key, which is used to load it when Windows is started. To see if this has occurred, open a command prompt and type "Run Regedit". Then go to the Menu bar, select Edit and then Find. You want to search for "winsl", without the quotes. If it's installed, you should see a Registry key that looks like this:
You can also look for the following files on your hard drive, although keyloggers are designed to hide themselves. Open Windows Explorer, and then hit the Alt key to bring up the Menu bar. Go to Tools, Folder Options, and View. Under Advanced Settings, you'll see an option for Hidden Files and Folders. Make sure that Show is checked.
If you have StarLogger, its files will be located in your Windows root directory, in a subdirectory labeled "SL". A list of files you can expect to see is below: … Read more