How I Uncovered a "Spy"
I heard about KLs ("Key Loggers") and I wondered if by chance, there may
be one in my computer, which I could have picked up while "surfing". I went
out on the web, and I typed an odd sequence of keys which I had written for a
reference. After I disconnected (went off line), I launched a search engine
called "Finder" V3.8 http://www.simtel.net/pub/pd/59354.html
I relocated to the root directory where only the "C:\" was showing for
my location, because I wanted to search every file (including hidden)
in my hd for the keys sequence I typed. I used Finder's "Ultra Fast" search
in the "Alternate" menu. Note: It is a good idea to have a table of ascii
and key codes, which can easily be found on the net. First, I assumed that
key scan codes are logged by the KL. I entered text characters that also
represent the key scan codes for the sequence I typed. Example: If keys,
"FGKHL" were pressed, their scan codes (in decimal) are 33,34,37,35,38, which
are also the ascii codes for text characters ! " % # &. These ascii code
characters are the ones I type for the search pattern because Finder searches
for text patterns. Next, for the name of the file/s to search through, I
used, "*.*" (without quotes) for all files, and I held down the Ctrl key to
include all sub-folders when I pressed Enter.
A while later, Finder found the pattern in a hidden file in a hidden
folder within the "TEMP" folder, within "WINDOWS". The name of the hidden
file had a combination of numbers and letters. Also, the name of the hidden
folder(directory) had a similar pattern. I resumed the search incase there
is another file holding scan codes for key presses, but no more was found.
Note: If I found nothing, I would have searched again using the ascii codes
for the same key sequences.
A virus scan did not find any viruses, but when I compared the
"keyboard.drv" file, located in the system folder, to another in
another computer with the same OS, they didn't match. I replaced the
"keyboard.drv" file with the backup.
To be fair, this KL may not be the only type around. Other KLs may use
other schemes. I don't know if other KLs employ the "keyboard.drv".
PS, The ascii (characters) and key codes I have are in the owners manual
that came with a computer I bought years ago.
|All times are GMT. The time now is 07:52 PM.|
Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.