Lsas.Blaster.Keylogger is not a fake security application in and of itself, but is a Trojan working in conjunction with a rogue anti-spyware application called System Security 2009.

System Security 2009 will list Lsas.Blaster.Keylogger as an infected file on your computer.  The irony is that it IS actually malware but System Security 2009 wouldn’t be there in the first place if it weren’t for Lsas.Blaster.Keylogger!  Once it has infiltrated, you will start receiving an onslaught of fake security alerts and system scans warning you about your heavily infected PC.  Do not be taken in by this fake program.  All of the results that are generated by these “scans” are fake and therefore can be trusted about this piece of scareware.

The hope and intent of the authors of this spyware is that you will be intimidated into purchasing the license for the software in order to “protect” your PC.  However, the critical item that needs to be removed from your PC is Lsas.Blaster.Keylogger itself.

Type: Rogue Security Application

Related file contents:

pc00308937ins, 00308937.exe, config.udb, system security 2009.lnk, system security 2009 support.lnk

Manual Removal Instructions:

Carefully consider manual removal.  It is painstaking and difficult.  If you are knowledgeable, proceed with blocking site: http://www.virusdoctor-online.com.   Then you will need to…

Delete the following processes thoroughly:

c:\Documents and Settings\All Users\Application Data\927e\unins000.exe
c:\Documents and Settings\All Users\Application Data\927e\VDoca582.exe

Then disable this DLL file:

c:\Documents and Settings\All Users\Application Data\927e\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\927e\sqlite3.dll

Followed by deleting these registry values:

%UserProfile%HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Virus Doctor”
%UserProfile%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virus Doctor_is1
%UserProfile%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “URVDoc[]”

You will now need to delete the following files:

c:\Documents and Settings\All Users\Application Data\927e
c:\Documents and Settings\All Users\Application Data\927e\unins000.dat
c:\Documents and Settings\All Users\Application Data\927e\Languages
c:\Documents and Settings\All Users\Application Data\System Data Configuration\config.cfg
c:\Documents and Settings\All Users\Application Data\System Data Configuration\DB.ini
c:\Documents and Settings\All Users\Application Data\System Data Configuration\fsvd6398.db
%UserProfile%\Application Data\Virus Doctor
%UserProfile%\Application Data\Virus Doctor\settings.ini
%UserProfile%\Application Data\Virus Doctor\uill.ini
%UserProfile%\Desktop\Virus Doctor.lnk
%UserProfile%\Start Menu\Virus Doctor.lnk
%UserProfile%\Start Menu\Programs\Virus Doctor.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Virus Doctor.lnk
c:\Documents and Settings\All Users\Application Data\927e\Languages\VDDe.lng
c:\Documents and Settings\All Users\Application Data\927e\Languages\VDFr.lng
c:\Documents and Settings\All Users\Application Data\927e\Languages\VDIt.lng
c:\Documents and Settings\All Users\Application Data\927e\System Data Configuration
c:\Documents and Settings\All Users\Application Data\927e\System Data Configuration\DBInfo.ver
c:\Documents and Settings\All Users\Application Data\927e\System Data Configuration\vd952342.bd
c:\Documents and Settings\All Users\Application Data\System Data Configuration

Remove the following folder(s):

%UserProfile%\Application Data\Virus Doctor\

Successful manual removal will have eliminated the imminent threat at hand.  It, however, does not keep you protected from recurring or developing threats.  Security of this type can only be sought with a safe and reliable anti-spyware application.  Luckily, a solution was created by the software producers at BluePenguin.  ZookaWare PC Cleaner is a cutting-edge and up-to-date anti-spyware application that offers guaranteed service to remove all spyware from your PC.