Keystoke Logging Software and Removal Instructions

[The Tech]

Interesting to discover.

Keystoke Logging Software and Removal Instructions
--------------------------------------------------------------------------------

The United States Secret Service has been investigating several nationwide computer intrusions/hacking incidents and has requested its field offices to contact system administrators at colleges and universities in their districts to address the issue. These incidents have involved the surreptitious insertion of software programs specializing in "key logging".

To date, all known incidents have been restricted to college and university computer systems. The motives of the perpetrators and the number of computer systems compromised remains unknown. In efforts to avert the potential compromise of computer users' privacy, the Secret Service has recommended a nationwide "alert" to all colleges and universities.

Key logger software is a program, which causes every keystroke made on the computer to be recorded. The program can remain completely undetected and is initiated when the computer is turned on. The key logger records everything outgoing to include emails, documents, login names, passwords, and credit card numbers etc.

IMPORTANT: If any of these keylogging utilities are found on your PC, please do not delete them, but contact CIS's Information Technology Issues Management team at ITIM@tamu.edu. Thank you for your cooperation in this matter.



--------------------------------------------------------------------------------


StarrCommander Pro or STARRCMD.EXE
This is a key logger that records all the key strokes to a file allowing you to view them, just by typing the victims IP address in the Internet Explorer (or some other Internet browser).
Files to detect:
Default path: C:\winnt\system32\KREC32
Files to remove: ehks.zip 200 KB, and ev0luti0n HTTP key logger V2.0



--------------------------------------------------------------------------------

loggerv0.9.1.zip 1469 KB
This is a simple key logger that runs invisibly on the target computer. All keys logged are kept in a file called "dat.cab". This file can be opened in any text application and is stored in the same directory as the key logger. When the key logger is first run it should automatically edit the target machine's registry to start on boot-up. The executable can be renamed to anything.
Files to detect:
Default path: C:\windows
Files to remove: all files revealed by typing the following command from a DOS window - "C:\windows\logger.exe /show"


--------------------------------------------------------------------------------

DK2Full.zip 900 KB
Diablo Keys 2.2 - Win32 key logger has a new version... Diablo Keys is a windows keystroke logger that will log all activity in the system, including keys, windows, time and date. DK will send the logs to a predefined email address or ftp account... The New version grabs window text boxes and cached passwords, is more stable, faster and easier to use. It is now compatible with windows NT/2000 and ME. DK is not a Trojan but a monitoring tool like PCAcme, although it is completely free. This requires physical access to the computer.

Files to detect:
Default path: Varies
Files to remove: DK2Full.zip


--------------------------------------------------------------------------------

SKLOGV1.12 (by stAlllOnized) 13 KB
This is a key logger that can log all keystrokes, is case-sensitive and supports all standard keys. It has been written in vb, uses the GetAsyncKeyState API call and doesn't need any other dll or ocx file (only the standard vb6 dlls). It restarts when you start windows (modifies the registry) and can be started/stopped anytime by using key combinations.
Files to detect:
Default path: c:/windows/system
Files to remove: windowskj.log


--------------------------------------------------------------------------------

Phantom2.zip 36 KB
Phantom2 is the successor to Phantom, a keystroke record and playback program for MS-DOS. Works as a TSR (Terminate and Stay Resident) program that resides in memory.
Files to detect:
Default path: Varies
Files to remove: Phantom2.exe, Phantom.exe


--------------------------------------------------------------------------------

KeyLog25.zip 56 KB
KEYLOG!.EXE is a Windows 3.x/95 version 2.5 of a freeware utility that records keystrokes. It is the successor of the original KeyLog. There are newer and better features in this program. To quit the program, all you need to do is press CTRL-ALT-DEL and end the program called -KiDViD-. -KiDViD- is KeyLog's name in disguise.
Files to detect:
Default paths: C:\windows\temp and C:\windows\system
Files to remove:

KeyLog!.exe in C:\Windows\Temp
KeyLog!.txt in C:\Windows\Temp,
KeyLog!.reg in C:\Windows\Temp, and
Qpro200.dll in C:\Windows\System

--------------------------------------------------------------------------------

Ghost Keylogger 2.0
Ghost Keylogger is an invisible easy-to-use surveillance tool that records every keystroke to an optionally encrypted log file. The log file can be sent via e-mail to a specified receiver.
Files to detect:
Default path: C:\program files\sync manager
Files to remove: synconfig.exe and logfile.cip


--------------------------------------------------------------------------------
TAMU System administrators and/or IT specialists are strongly encouraged to conduct an internal query of their respective computer networks using the technical file names provided above to determine if any identified key logger software has been installed. Students should understand that this list is not necessarily all-inclusive. This culprit or culprits may be using other files not listed above, consequently students should take note of any computer anomalies.

[The Tech]

Here's a trial keylogger.. you might find some use for it.

I don't know if there are any free ones out there.

Search for keyloggers on google.com