How to Uninstall REFOG Keylogger Without Knowing Master Password

We’ve had a few requests from users in the forum recently asking how to uninstall or remove the REFOG Keylogger from their computer. REFOG Keylogger logs all key presses on your PC and saves any text pasted from the clipboard. It even does periodic screen captures to give an illustrated usage history of the PC. REFOG can also decode chat conversations in many instant messengers, track Web sites and resources visited and log all applications launched. In short, it monitors everything you do on your computer. REFOG isn’t the only tool that can do this and there are many keyloggers that can do a similar or even better job at logging your actions.

Uninstalling a keylogger on your computer is not really that easy because it naturally doesn’t want to be found. It’s totally hidden from task manager and if you try to uninstall it using the official uninstaller, you need to enter the Master Password otherwise it won’t proceed. Most antivirus or antispyware software is able to detect keyloggers but there are times when these security tools won’t be able to fully remove it and ends up making the PC unstable.

Well, the good news is we’ve analyzed how REFOG Keylogger saves the master password and we’ll show you how easy it is to remove it so you can uninstall this keylogger. It even works for other products by REFOG such as Personal Monitor and Employee Monitor. If you have this or any other keylogger on your computer and you didn’t install it, one way to help defeat them in future is by using keystroke encryption software which masks your real keystrokes so the keylogger can’t see what you’re typing.

Section A: Checking if REFOG Keylogger is installed on your computer

On earlier versions of REFOG Keylogger, detecting its presence on your computer was easy by typing runrefog at the Run window or pressing the hotkey Ctrl+Shift+K because it was hard coded into the program. However the current version allows you to change the launch command and hotkeys to prevent easy detection. By default REFOG products are installed in:

C:\Windows\System32\MPK\ – For 32-bit Windows (x86)
C:\Windows\SysWOW64\MPK\ – For 64-bit Windows (x64)

You cannot solely rely on checking this folder though because it can be changed to something else during installation. What we found to be most accurate way to determine if REFOG Keylogger is installed on your computer, is by checking the existence of the program’s logs and settings folder which doesn’t change.

First, bring up the Run window by simultaneously pressing WIN+R key.

For Windows XP users type the following and press enter:

%allusersprofile%\Application Data\MPK

Windows XP All Users Profile Folder

For Windows Vista and Windows 7/8 users type this and press enter:

%allusersprofile%\MPK

runrefog

If you get the error message saying that Windows cannot find the folder, then you’re safe from REFOG Keylogger. However if a folder opens and list a few files such as M0000, REFOG Keylogger folder and a shortcut, then it is very likely that your computer is being monitored by someone else.

REFOG Keylogger Password

Normally Refog Keylogger will create a shortcut in the All Users profile (%allusersprofile%) directory for you to run the program but not for Refog Personal Monitor. If you can’t find the shortcut, your next option is to search for MPKView.exe on your computer using the Windows search and run it. If you’re being asked to input a password, leave the Explorer window open and continue reading section B, if not, you can jump straight to section C, both of which are on the next page.

Section B: Reset the REFOG Keylogger password

Most likely that the person who installed the REFOG Keylogger already set a password to protect the software from being modified or uninstalled. Please follow the steps below on how to remove the password.

1. Go to Control Panel, launch Folder Options and then go to the View tab. Uncheck “Hide protected operating system files” (click yes at the warning box) and choose the “Show hidden files, folders, and drives” radio button. Click OK.

refog show hidden files

2. In the MPK folder window that you opened earlier in Section A, delete the file S0000. Do note that you WON’T see the S0000 file unless you have changed the folder view settings in step 1.

reset keylogger password

3. Restart your computer. This is an important step or else the instructions found at the next section to uninstall Refog Keylogger will fail.

Section C: Uninstall REFOG Keylogger from your computer

1. Refer back to Section A on how to run the REFOG Keylogger which is either through the shortcut from the MPK folder or searching for MPKView.exe.

2. The REFOG window will now be displayed and you’ll no longer be asked for the password if you were before. Go to Tools from the menu bar and select Uninstall.

uninstall refog keylogger

Follow the on-screen instructions to fully remove REFOG Keylogger from your computer. Alternatively, it is also possible to directly launch the REFOG Keylogger uninstaller by typing this into the Run window provided if the program is installed in the default location and the password has been successfully removed.

On 32-bit Windows: %windir%\System32\MPK\unins000.exe
On 64-bit Windows: %windir%\SysWOW64\MPK\unins000.exe

How did we discovered this? It is pretty simple if you have read the article on tracking registry and file changes when installing software in Windows which can reveal all kinds of interesting things about which files and registry entries a program uses.

44 Comments - Write a Comment

  1. josh 4 years ago
    • HAL9000 4 years ago
  2. nona 6 years ago
  3. adas 10 years ago
  4. charkandy 10 years ago
  5. LeAnn Kugath 11 years ago
    • LeAnn Olson 11 years ago
  6. J 11 years ago
  7. Shahnoor 11 years ago
  8. Rizwan 11 years ago
  9. Budhi 11 years ago
  10. Prashant 12 years ago
  11. Himanshu Verma 12 years ago
  12. Crazylife12 12 years ago
  13. Nikolygx 12 years ago
  14. GV_computersolutions 12 years ago
  15. Amjad 13 years ago
  16. cr 13 years ago
  17. priyesh gupta 13 years ago
  18. Karoline 13 years ago
  19. Tiger 13 years ago
  20. erion 14 years ago
  21. spyreveal 14 years ago
  22. Aaron 14 years ago
  23. ravindi 14 years ago
  24. Jessica 14 years ago
  25. Ali 14 years ago
  26. JustMe 14 years ago
  27. martin 14 years ago
  28. anu 14 years ago
  29. SIMIC 14 years ago
  30. iTED 14 years ago
  31. mia 14 years ago
  32. ravi 15 years ago
  33. ershivank 15 years ago
  34. Merlin_Magii 15 years ago
  35. ByteCode 15 years ago
  36. Ed 15 years ago
  37. shubh 15 years ago
  38. Qduc 15 years ago
  39. Dedy Ardiansyah 15 years ago
  40. David 15 years ago
  41. Ex 15 years ago
  42. f1tzy 15 years ago

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Your comment is subject to approval. Read our Terms of Use. If you are seeking additional information on this article, please contact us directly.