How I Uncovered a "Spy"

Discussion in 'Computer Security' started by Brad Petria, Feb 18, 2004.

  1. Brad Petria

    Brad Petria Guest

    Hi,

    I heard about KLs ("Key Loggers") and I wondered if by chance, there may
    be one in my computer, which I could have picked up while "surfing". I went
    out on the web, and I typed an odd sequence of keys which I had written for a
    reference. After I disconnected (went off line), I launched a search engine
    called "Finder" V3.8 http://www.simtel.net/pub/pd/59354.html

    I relocated to the root directory where only the "C:\" was showing for
    my location, because I wanted to search every file (including hidden)
    in my hd for the keys sequence I typed. I used Finder's "Ultra Fast" search
    in the "Alternate" menu. Note: It is a good idea to have a table of ascii
    and key codes, which can easily be found on the net. First, I assumed that
    key scan codes are logged by the KL. I entered text characters that also
    represent the key scan codes for the sequence I typed. Example: If keys,
    "FGKHL" were pressed, their scan codes (in decimal) are 33,34,37,35,38, which
    are also the ascii codes for text characters ! " % # &. These ascii code
    characters are the ones I type for the search pattern because Finder searches
    for text patterns. Next, for the name of the file/s to search through, I
    used, "*.*" (without quotes) for all files, and I held down the Ctrl key to
    include all sub-folders when I pressed Enter.

    A while later, Finder found the pattern in a hidden file in a hidden
    folder within the "TEMP" folder, within "WINDOWS". The name of the hidden
    file had a combination of numbers and letters. Also, the name of the hidden
    folder(directory) had a similar pattern. I resumed the search incase there
    is another file holding scan codes for key presses, but no more was found.
    Note: If I found nothing, I would have searched again using the ascii codes
    for the same key sequences.

    A virus scan did not find any viruses, but when I compared the
    "keyboard.drv" file, located in the system folder, to another in
    another computer with the same OS, they didn't match. I replaced the
    "keyboard.drv" file with the backup.

    To be fair, this KL may not be the only type around. Other KLs may use
    other schemes. I don't know if other KLs employ the "keyboard.drv".

    Brad

    PS, The ascii (characters) and key codes I have are in the owners manual
    that came with a computer I bought years ago.
     
    Brad Petria, Feb 18, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Brian

    do I have a new uncovered virus??

    Brian, Jan 2, 2005, in forum: Computer Support
    Replies:
    2
    Views:
    497
    mhicaoidh
    Jan 3, 2005
  2. AeoN

    MS OFFICE ENCRYPTION FLAW UNCOVERED

    AeoN, Jan 22, 2005, in forum: Computer Support
    Replies:
    0
    Views:
    386
  3. Mike
    Replies:
    11
    Views:
    2,693
    Toolman Tim
    Feb 19, 2005
  4. Jasmine
    Replies:
    1
    Views:
    442
    Jasmin
    Sep 24, 2004
  5. Don Wiss

    PriceRitePhoto.com's location uncovered!

    Don Wiss, Jul 4, 2005, in forum: Digital Photography
    Replies:
    7
    Views:
    570
Loading...

Share This Page