«

Hi,

I heard about KLs ("Key Loggers") and I wondered if by chance, there may
be one in my computer, which I could have picked up while "surfing". I went
out on the web, and I typed an odd sequence of keys which I had written for a
reference. After I disconnected (went off line), I launched a search engine
called "Finder" V3.8 http://www.simtel.net/pub/pd/59354.html

I relocated to the root directory where only the "C:\" was showing for
my location, because I wanted to search every file (including hidden)
in my hd for the keys sequence I typed. I used Finder's "Ultra Fast" search
in the "Alternate" menu. Note: It is a good idea to have a table of ascii
and key codes, which can easily be found on the net. First, I assumed that
key scan codes are logged by the KL. I entered text characters that also
represent the key scan codes for the sequence I typed. Example: If keys,
"FGKHL" were pressed, their scan codes (in decimal) are 33,34,37,35,38, which
are also the ascii codes for text characters ! " % # &. These ascii code
characters are the ones I type for the search pattern because Finder searches
for text patterns. Next, for the name of the file/s to search through, I
used, "*.*" (without quotes) for all files, and I held down the Ctrl key to
include all sub-folders when I pressed Enter.

A while later, Finder found the pattern in a hidden file in a hidden
folder within the "TEMP" folder, within "WINDOWS". The name of the hidden
file had a combination of numbers and letters. Also, the name of the hidden
folder(directory) had a similar pattern. I resumed the search incase there
is another file holding scan codes for key presses, but no more was found.
Note: If I found nothing, I would have searched again using the ascii codes
for the same key sequences.

A virus scan did not find any viruses, but when I compared the
"keyboard.drv" file, located in the system folder, to another in
another computer with the same OS, they didn't match. I replaced the
"keyboard.drv" file with the backup.

To be fair, this KL may not be the only type around. Other KLs may use
other schemes. I don't know if other KLs employ the "keyboard.drv".

Brad

PS, The ascii (characters) and key codes I have are in the owners manual
that came with a computer I bought years ago.

Nice try spammer.


"Brad Petria" <> wrote in message
news:...
> Hi,
>
> I heard about KLs ("Key Loggers") and I wondered if by chance, there
may
> be one in my computer, which I could have picked up while "surfing". I
went
> out on the web, and I typed an odd sequence of keys which I had written
for a
> reference. After I disconnected (went off line), I launched a search
engine
> called "Finder" V3.8 > I relocated to the root directory where only
the "C:\" was showing for
> my location, because I wanted to search every file (including hidden)
> in my hd for the keys sequence I typed. I used Finder's "Ultra Fast"
search
> in the "Alternate" menu. Note: It is a good idea to have a table of
ascii
> and key codes, which can easily be found on the net. First, I assumed
that
> key scan codes are logged by the KL. I entered text characters that also
> represent the key scan codes for the sequence I typed. Example: If keys,
> "FGKHL" were pressed, their scan codes (in decimal) are 33,34,37,35,38,
which
> are also the ascii codes for text characters ! " % # &. These ascii
code
> characters are the ones I type for the search pattern because Finder
searches
> for text patterns. Next, for the name of the file/s to search through,
I
> used, "*.*" (without quotes) for all files, and I held down the Ctrl key
to
> include all sub-folders when I pressed Enter.
>
> A while later, Finder found the pattern in a hidden file in a hidden
> folder within the "TEMP" folder, within "WINDOWS". The name of the hidden
> file had a combination of numbers and letters. Also, the name of the
hidden
> folder(directory) had a similar pattern. I resumed the search incase
there
> is another file holding scan codes for key presses, but no more was found.
> Note: If I found nothing, I would have searched again using the ascii
codes
> for the same key sequences.
>
> A virus scan did not find any viruses, but when I compared the
> "keyboard.drv" file, located in the system folder, to another in
> another computer with the same OS, they didn't match. I replaced the
> "keyboard.drv" file with the backup.
>
> To be fair, this KL may not be the only type around. Other KLs may
use
> other schemes. I don't know if other KLs employ the "keyboard.drv".
>
> Brad
>
> PS, The ascii (characters) and key codes I have are in the owners manual
> that came with a computer I bought years ago.
>

On Wed, 18 Feb 2004 22:56:15 GMT, "Michael-NC"
<> wrote:

>Nice try spammer.

Good God, will you please learn to trim out the crap instead of
repeating the whole spam message again.

It's a simple concept, I'm starting to think that people who don't get
it are just the spammers trying for more exposure.

Drifter
Drifter
"I've been here, I've been there..."

I'm thinking you're an idiot for actually reading, then _replying_ to the
thread.

BTW, I snipped his URL out of my response.

"Drifter" <> wrote in message
news:...
> On Wed, 18 Feb 2004 22:56:15 GMT, "Michael-NC"
> <> wrote:
>
> >Nice try spammer.
>
> Good God, will you please learn to trim out the crap instead of
> repeating the whole spam message again.
>
> It's a simple concept, I'm starting to think that people who don't get
> it are just the spammers trying for more exposure.
>
> Drifter
> Drifter
> "I've been here, I've been there..."

"Drifter" <> wrote in message
news:...
> On Wed, 18 Feb 2004 22:56:15 GMT, "Michael-NC"
> <> wrote:
>
> >Nice try spammer.
>
> Good God, will you please learn to trim out the crap instead of
> repeating the whole spam message again.
>
> It's a simple concept, I'm starting to think that people who don't get
> it are just the spammers trying for more exposure.
>
> Drifter

Youve wrongfully convicted him of a newbie mistake, there is no added
exposure or rebroadcast.....he trimmed the url as stated, and if you
actually read whats left........ the message is useless without the url that
was there.
Might want to consider an apology..

Matt