Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Information > How I Found a "Spy" in My Computer

Reply
Thread Tools

How I Found a "Spy" in My Computer

 
 
Brad Petria
Guest
Posts: n/a
 
      02-18-2004
Hi,

I heard about KLs ("Key Loggers") and I wondered if by chance, there may
be one in my computer, which I could have picked up while "surfing". I went
out on the web, and I typed an odd sequence of keys which I had written for a
reference. After I disconnected (went off line), I launched a search engine
called "Finder" V3.8 http://www.simtel.net/pub/pd/59354.html

I relocated to the root directory where only the "C:\" was showing for
my location, because I wanted to search every file (including hidden)
in my hd for the keys sequence I typed. I used Finder's "Ultra Fast" search
in the "Alternate" menu. Note: It is a good idea to have a table of ascii
and key codes, which can easily be found on the net. First, I assumed that
key scan codes are logged by the KL. I entered text characters that also
represent the key scan codes for the sequence I typed. Example: If keys,
"FGKHL" were pressed, their scan codes (in decimal) are 33,34,37,35,38, which
are also the ascii codes for text characters ! " % # &. These ascii code
characters are the ones I type for the search pattern because Finder searches
for text patterns. Next, for the name of the file/s to search through, I
used, "*.*" (without quotes) for all files, and I held down the Ctrl key to
include all sub-folders when I pressed Enter.

A while later, Finder found the pattern in a hidden file in a hidden
folder within the "TEMP" folder, within "WINDOWS". The name of the hidden
file had a combination of numbers and letters. Also, the name of the hidden
folder(directory) had a similar pattern. I resumed the search incase there
is another file holding scan codes for key presses, but no more was found.
Note: If I found nothing, I would have searched again using the ascii codes
for the same key sequences.

A virus scan did not find any viruses, but when I compared the
"keyboard.drv" file, located in the system folder, to another in
another computer with the same OS, they didn't match. I replaced the
"keyboard.drv" file with the backup.

To be fair, this KL may not be the only type around. Other KLs may use
other schemes. I don't know if other KLs employ the "keyboard.drv".

Brad

PS, The ascii (characters) and key codes I have are in the owners manual
that came with a computer I bought years ago.

 
Reply With Quote
 
 
 
 
Michael-NC
Guest
Posts: n/a
 
      02-18-2004
Nice try spammer.


"Brad Petria" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
>
> I heard about KLs ("Key Loggers") and I wondered if by chance, there

may
> be one in my computer, which I could have picked up while "surfing". I

went
> out on the web, and I typed an odd sequence of keys which I had written

for a
> reference. After I disconnected (went off line), I launched a search

engine
> called "Finder" V3.8 > I relocated to the root directory where only

the "C:\" was showing for
> my location, because I wanted to search every file (including hidden)
> in my hd for the keys sequence I typed. I used Finder's "Ultra Fast"

search
> in the "Alternate" menu. Note: It is a good idea to have a table of

ascii
> and key codes, which can easily be found on the net. First, I assumed

that
> key scan codes are logged by the KL. I entered text characters that also
> represent the key scan codes for the sequence I typed. Example: If keys,
> "FGKHL" were pressed, their scan codes (in decimal) are 33,34,37,35,38,

which
> are also the ascii codes for text characters ! " % # &. These ascii

code
> characters are the ones I type for the search pattern because Finder

searches
> for text patterns. Next, for the name of the file/s to search through,

I
> used, "*.*" (without quotes) for all files, and I held down the Ctrl key

to
> include all sub-folders when I pressed Enter.
>
> A while later, Finder found the pattern in a hidden file in a hidden
> folder within the "TEMP" folder, within "WINDOWS". The name of the hidden
> file had a combination of numbers and letters. Also, the name of the

hidden
> folder(directory) had a similar pattern. I resumed the search incase

there
> is another file holding scan codes for key presses, but no more was found.
> Note: If I found nothing, I would have searched again using the ascii

codes
> for the same key sequences.
>
> A virus scan did not find any viruses, but when I compared the
> "keyboard.drv" file, located in the system folder, to another in
> another computer with the same OS, they didn't match. I replaced the
> "keyboard.drv" file with the backup.
>
> To be fair, this KL may not be the only type around. Other KLs may

use
> other schemes. I don't know if other KLs employ the "keyboard.drv".
>
> Brad
>
> PS, The ascii (characters) and key codes I have are in the owners manual
> that came with a computer I bought years ago.
>



 
Reply With Quote
 
 
 
 
Drifter
Guest
Posts: n/a
 
      02-19-2004
On Wed, 18 Feb 2004 22:56:15 GMT, "Michael-NC"
<(E-Mail Removed)> wrote:

>Nice try spammer.


Good God, will you please learn to trim out the crap instead of
repeating the whole spam message again.

It's a simple concept, I'm starting to think that people who don't get
it are just the spammers trying for more exposure.

Drifter
Drifter
"I've been here, I've been there..."
 
Reply With Quote
 
Michael-NC
Guest
Posts: n/a
 
      02-19-2004
I'm thinking you're an idiot for actually reading, then _replying_ to the
thread.

BTW, I snipped his URL out of my response.

"Drifter" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Wed, 18 Feb 2004 22:56:15 GMT, "Michael-NC"
> <(E-Mail Removed)> wrote:
>
> >Nice try spammer.

>
> Good God, will you please learn to trim out the crap instead of
> repeating the whole spam message again.
>
> It's a simple concept, I'm starting to think that people who don't get
> it are just the spammers trying for more exposure.
>
> Drifter
> Drifter
> "I've been here, I've been there..."



 
Reply With Quote
 
Matt Ferrari
Guest
Posts: n/a
 
      02-19-2004
"Drifter" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Wed, 18 Feb 2004 22:56:15 GMT, "Michael-NC"
> <(E-Mail Removed)> wrote:
>
> >Nice try spammer.

>
> Good God, will you please learn to trim out the crap instead of
> repeating the whole spam message again.
>
> It's a simple concept, I'm starting to think that people who don't get
> it are just the spammers trying for more exposure.
>
> Drifter


Youve wrongfully convicted him of a newbie mistake, there is no added
exposure or rebroadcast.....he trimmed the url as stated, and if you
actually read whats left........ the message is useless without the url that
was there.
Might want to consider an apology..

Matt


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: How include a large array? Edward A. Falk C Programming 1 04-04-2013 08:07 PM
One File Found, the other Not Found ?!?!?! mcampo84@gmail.com Java 3 08-07-2006 09:49 PM
Re: Found.0001.CHK to Found.014.CHK folders pcbutts1 Computer Support 2 07-24-2005 01:13 PM
Re: Found.0001.CHK to Found.014.CHK folders pcbutts1 Computer Support 0 07-24-2005 12:08 PM
Namespace not found in aspx but IS found in code behind William Parker ASP .Net 1 06-27-2004 06:13 AM



Advertisments