How to Detect eBlaster

Written by m.l. browne
  • Share
  • Tweet
  • Share
  • Pin
  • Email
How to Detect eBlaster
Detecting eBlaster (ambulance concept - technologies health care image by Stasys Eidiejus from

The eBlaster program uses keylogging and stealth e-mailing as its primary methods for logging everything you type, including your personal information and periodic screenshots of websites you visit. The keylogging functionality allows eBlaster to record e-mails, Internet chats, website browsing, instant messaging and any other typing you do on your computer. The keystrokes and screenshots are collected in log files and sent via e-mail protocols from your computer through a tunnelled Internet interface to a hacker's computer. The hacker can then easily retrieve and use any personal information you typed while eBlaster was active on your computer. While remote installation through an e-mail attachment is possible, eBlaster is usually installed manually on targeted computers, and is designed to operate undetected by most commercial antivirus programs.

Skill level:
Moderately Challenging


  1. 1

    Inspect peculiar file names on your hard drive that have the hidden attribute checked. To see the hidden files in a folder, open Windows Explorer. Go to the boot drive's Windows folder, click "Tools," select "Folder Options" and move to the "View" tab. Select "Show Hidden Files and Folders" and uncheck "Hide Protected Operating System Files." Click "OK" to close the window and search the contents of the folder.

  2. 2

    Search your Windows folder and subfolders on a periodic basis for a file named "URLMKPL.DLL" that has a 486kb file size. This is one of the most important files eBlaster uses in its execution.

    How to Detect eBlaster
    Inspect Your Files (search and magnifier buttons. (with clipping path) image by Andrey Zyk from
  3. 3

    Disconnect your network connection for an hour while typing in an open program (for example, a document, game, spreadsheet, calendar or e-mail) if you suspect eBlaster is on your computer. eBlaster's main function is to send outbound e-mail about your computer usage through the Internet. The delayed send gives you the opportunity to search your computer for newly created files in system and user account folders.

    How to Detect eBlaster
    Disconnect the Internet (ethernet image by MATTHIEU FABISIAK from

Tips and warnings

  • Since eBlaster keylogging uses some of the same technologies as rootkit viruses, you may be able to successfully detect the presence of the keylogger with tools such as Microsoft's Rootkit Revealer, Sophos' Anti-Rootkit or McAfee's Rootkit Detective (see Resources).
  • If you believe eBlaster is installed on your computer, you should not remain connected to the network. Take the necessary steps to determine that your computer is free of eBlaster and then run a full antispyware scan before reconnecting to the network.

Don't Miss

  • All types
  • Articles
  • Slideshows
  • Videos
  • Most relevant
  • Most popular
  • Most recent

No articles available

No slideshows available

No videos available

By using the site, you consent to the use of cookies. For more information, please see our Cookie policy.