Captain Mnemo : What is Captain Mnemo Spyware?

Captain Mnemo is software which monitors your activities on PC and rated with a danger index of 7 out of 10 which makes it moderately dangerous, capable of logging activity and difficult to remove!

Such programs are meant to monitor user activity. They don’t always ask the user for his consent before installation. Since this software is sold commercially, many anti-virus programs are unable to even detect their presence. The most common form of such software is the key logger which logs keyboard activity and stores it in a file to send back to the operator. Often even screenshots or videos are sent back… This software runs in invisible mode and records all usernames and passwords entered on the computer!

Properties of this spyware include: autostarting or staying like a resident, logging applications ran on the PC, logging instant messenger chats and the like, logging voice over internet protocol, logging email sent to different PCs, logging keystrokes from the keyboard and stealth tactics.

Removal can be done by killing processes like winlogon.exe, winsystems.exe

Delete registry values:
HKEY_CURRENT_USER\Software\Captain Mnemo Pro
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\keyfile
HKEY_LOCAL_MACHINE\SOFTWARE\ReFog Software\HPRG
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlugPlay\DependOnGroup=00
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlugPlay\DependOnService=winsystem
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSystem
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PlugPlay\DependOnGroup=00
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PlugPlay\DependOnService=winsystem
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Captain Mnemo Pro
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\winsystem

Delete files:
winlogon.exe, winsystems.exe, pl.dll, wscpmset.dll, wscpmwcl.dll

Delete directories:
C:\Program Files\Captain Mnemo Pro
C:\Documents and Settings\[Current User]\Start Menu\Programs\Captain Mnemo Pro

Exact file location can be among these-
winsystems.exe, pl.dll, wscpmset.dll, wscpmwcl.dll – C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32
other files – C:\Program Files\Captain Mnemo Pro

Other programs, which can also remove this piece of spyware are Windows Defender, SUPERAntiSpyware and CounterSpy. The manual removal process for this particular spyware is rather long and probably often not preferred by people for the same!