test
 

codeit_header.gif (34984 bytes)

 
 
Monitor Spy v1.9 advanced on-line help...
  Home
- contact
- policies
- programming
- downloads
- atec ware
- audio ware
- linux ware
- browser ware
- email ware
- misc ware
- native ware
- security ware
- travel ware

VERY IMPORTANT NOTICE !!! If you are a registered user, of this software, you should of been notified of a major revision/ upgrade (from v1.4 to v1.7) on 09.24.2002 as well as an upgrade 11.18.2002.. If not, please contact for your free download of version 1.7 !

This page will  be constantly updated, in an effort to provide you with information about popular (and some not so popular) key loggers. It attempts to answer questions relating to deactivation and technical details. 

The "short" reports were supplied to the public school system, by the FBI (we claim no warranty or copyright). All the more "advanced" reports were generated using our Scanster software (to determine what files and Registry entries were made during install process) and then using the Monitor Spy software to determine log files generated or written to. What a set of tools, huh?


 Everything that is written - including this page - is protected by Copywrite laws; however, the info on this page is free to distribute with a simple request to Code-it Software. This will soon be the most complete published information concerning key logger application conformation we have seen in our research.

The "scoop" on some Key logger applications...


"Your Hidden Eyes" marketed by Benntra, Corp.

spoolyhe.exe

This is a key logger, as well as a snap shoot monitor, that        requires no setup and can be activated from any location the exe file is placed.  The targeted audience, for this product, is the in-experienced user. The default access hot key is "Ctrl+Shift+E" and entry password is "password". These values can be changed via the configuration screen. The Admin user can configure the software to automatically edit the target machine's registry to start on boot-up. The executable can be renamed to anything but will always create a "spoolyhe.uzy" file that is used as a resource file for the software. 

You can easily change the hotkey and password by editing the values of the key "Benntra" in the Windows registry (just do a search then modify the key values via the "Windows Registry Editor") this way you can access the configuration/ Admin screen via the newly created 'visible hot key' and 'entry password'  then view/ delete logs as well as set configuration to not start at Windows boot.

Look for:

spoolyhe.exe and spoolyhe.uzy in any location on the system. This exe name can be changed but it will always create (at activation) the ".uzy" file that is used to contain the resources of the exe file.

a folder named "SnapShots" (within the same path of the "spoolyhe.exe") that contains the screen snapshots recorded as well as the "YourHiddenEyes.txt" which is the actual key log created. The Admin does NOT have the option to change the name of the folder nor the key log in this application.


"Mate Watcher", "Kid Watcher", "Employee Watcher" & "IsMyMateCheatingOnline"  marketed by UserFreindly Products, Inc. @ http://www.matewatchstore.com These are all identical products as the web site states in small print (a marketing scheme to present 4 different products that are basically the same with only the product name and the install folder being different).

start.exe, winxpdemo.exe, & mw6p.dll

These are all key loggers, as well as including a snap shoot monitor, that requires a setup but does not display info within the Windows Add/ Remove Software listing. The default access hot key is "Ctrl+Shift+Alt+H" for all and default entry password is "password" for 'Mate Watcher', "CatchCheater" for 'IsMyMateCheatingonline'. These values can be changed via the configuration screen. The default install path is "C:\userfriendlyproducts\" with a different folder assigned depending on what version you have installed (i.e "mw" for Mate Watcher, amd "immco" for IsMyMateCheating, "kw" for Kid Watcher, etc. The user has no choice of electing what path to install but an advanced user could easily configure to place within a different path and change the startup to this new path (as well as rename the exe file name, I would suspect). All the files, as well as the folders, have "hidden" attributes so you must have Explorer configured to "show all files" to view. 

You can easily disable this software by following this process >>> "Start", "Settings", "Task Bar and Start Menu", "Advanced" tab, "Advanced", "Programs" icon, click "Startup" icon, highlight the "mw", "immco", "kw" or any suspected name (you can right click and view properties to determine if these startup items are located within the "userfriendlyproducts" folder) icon in the right view pane then elect to delete this entry, reboot the system. This software does not make use of the Windows registry, that we can determine, but merely puts a startup entry into the Startup folder. 

Look for:

"winxpdemo.exe" , "start.exe", and "mw6p.dll" (supporting file installed on the root drive C:\ ) . Log files with the extension of ".bic" (these are image files that if you change the extension to ".bmp" they will display in image editing software), files with ".act" extension (binary log files) as well as binary files with ".web" extension (web site visit log files) and binary files with the extension of ".ksl". (i.e 2002-10 04 at 21-49 o3.bic, etc...) The file name reflects the date, time and type of the log file. The "mw". "immco", "kw", or any suspected entries within the "StartUp" folder under "C:\Windows\Start Menu\Programs\StartUp\"


"SpyAgent" by SpyTech @ http://www.spytech-web.com

SpyAgent4.exe, SystemSA32.dll, YahooDLL.dll 

This is a key logger, a snap shoot monitor, and offers assorted other logging features that requires a setup and displays info within the Windows Add/ Remove Software listing only IF the user did not elect to install in the "sleath mode". This software has the option of sending these created log files to an configured email address at the interval the Admin user has set. The software requires a password to gain entry to the Admin screen (there is no default password but rather is set by the user at setup). The default install path is "C:\Program Files\SpyTech Software\Spytech SpyAgent\" . We suspect that an advanced user could easily configure to place within a different path and change the startup to this new path (as well as rename the exe file name). All the files, as well as the folders, have "hidden" attributes so you must have Explorer configured to "show all files" to view. All settings (except Windows command to start at boot) are stored within a program file, and as far as we can determine, not in the Windows registry.

This software makes use of the Windows registry, to set it to start at Windows boot up. You can easily disable this software by following this process >>> Activate Windows "Regedit.exe", do a find search for the data of "SpyAgent4.exe", after finding this value under the Windows "Run" Key, delete the name entry.. OR use the "System Tools, within our Monitor Spy software, for an easier solution. Reboot the system.

To completely rid the system of the software,do the above then merely uninstall or delete the application main folder it was installed to as well as the log files and folders most likely located at 'C:\Windows\SAcache\' and 'C:\Windows\Sycache\' . You must rid the system of starting at Windows boot (if it is set to do so) to be able to delete these files within the application folder. You must have Windows Explorer set to "show all files as the folder and files are set to the "hidden" value.  

Look for:

SpyAgent4.exe, SystemSA32.dll, YahooDLL.dll. Log files with the extension of ".log" (these will most likely be located within the 'C:\Windows\SAcache\' folder). Log files with the extension of ".ssf" which will most likely be located within the 'C:\Windows\Sycache\' folder.


"No Secrets" by Code-it Software

eyes.exe

This is a key logger, as well as a snap shoot monitor, that        requires no setup and can be activated from any location the exe file is placed. The default access hot key is "Ctrl+Shift+E" and entry password is "password". These values can be changed via the configuration screen. The Admin user can configure the software to automatically edit the target machine's registry to start on boot-up. The executable can be renamed to anything but will always create a "eyes.uzy" file that is used as a resource file for the software. 

You can easily change the hotkey and password by editing the values of the key "No_Secrets" in the Windows registry (just do a search then modify the key values via the "Windows Registry Editor") this way you can access the configuration/ Admin screen via the newly created 'visible hot key' and 'entry password'  then view/ delete logs as well as set configuration to not start at Windows boot.

Look for:

eyes.exe and eyes.uzy in any location on the system. This exe name can be changed but it will always create (at activation) the ".uzy" file that is used to contain the resources of the exe file.

a folder named "SnapShots" (within the same path of the "spoolyhe.exe") that contains the screen snapshots recorded as well as the "No_Secrets.txt" which is the actual key log created. The Admin does NOT have the option to change the name of the folder nor the key log in this simple application.


Home Key Logger by KMiNT21 Software, Inc.

KeyLogger.exe & KeyLogger.dll (supporting file)

"Home Key Logger" is a simple key logger that is offered free; therefore very popular, as a means to promote (we presume) a more advanced key logger named "Family Key Logger". It is installed on the system via a setup program that gives the user the choice of path to install. The default install path is "C:\Program Files\HomeKeyLogger" where it installs the following files: 

C:\Program Files\HomeKeyLogger\KeyLogger.exe
C:\Program Files\HomeKeyLogger\KeyLogger.Dll
C:\Program Files\HomeKeyLogger\license.txt
C:\Program Files\HomeKeyLogger\readme.txt
C:\Program Files\HomeKeyLogger\FAQ.html
C:\Program Files\HomeKeyLogger\QuickStart.html
C:\Program Files\HomeKeyLogger\uninstall.exe
C:\Program Files\HomeKeyLogger\Links\Program's home page.url
C:\Program Files\HomeKeyLogger\Links\Try Family Key Logger.url
C:\Program Files\HomeKeyLogger\Links\Mail to support.url

The setup also writes Registry keys of:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows

\CurrentVersion\Uninstall\HomeKeyLogger

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows

\CurrentVersion\Run\C:\Program Files\Home Key Logger\Keylogger.exe

The "make visible hot key is "Ctrl+Alt+Shift+M" and the key log file, it records to, is "KeyLog.txt". For this free version, the user is not allowed to change these values.

We assume that the exe file name could be changed, by an advanced user, as well as changing the "Run" path; however, we would expect that the KeyLogger.dll supporting file would have to retain it's name and would have to reside either in the programs path, the Windows directory or Windows\System directory.

You can uninstall this software easily by deleting the install folder and all files within as well as searching for "KeyLLogger.exe" as data in the Registry Editor then delete the entry under the "Run" key (disable to start at Windows boot). .. OR use the "System Tools, within our Monitor Spy software, for an easier solution.. OR simply use Windows "Add/Remove Program function (if an advanced user did not mess with the exe name and path).


My Little Spy by Wizard Industries Ltd.

Monitor.exe & sysinfo.dll (supporting - log file)

"My Little Spy" is a key logger that is offered as Shareware with a free 14 day evaluation period. It is installed on the system via a setup program that gives the user the choice of path to install. The default install path is "C:\Windows\System\Monitor.exe" and creates no program folder (which makes it a little more "sleathy" then some?). The setup installs the following files:

C:\WINDOWS\SYSTEM\Monitor.exe (the exe file)
C:\WINDOWS\SYSTEM\mfn32.dll (suspect = not sure)
C:\WINDOWS\SYSTEM\monhelp.html (info page)
C:\WINDOWS\SYSTEM\sysinfo.dll (the log file)
C:\WINDOWS\SYSTEM\Helper.exe (help feture?)

As well as adding the Registry key of:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\

Uninstall\My Little Spy TRIAL VERSION_is1

And the registry key value of "the path of the software monitor.exe" in the 

LOCAL_Machine\Software\Microsoft\Windows\Current Version\Run Services\ to set the monitor.exe to run at Windows startup.

The "make visible hot key is "Alt+F10" and the key log file, it records to, is "sysinfo.dll" , a binary file, which is meant to trick a user into thinking it is a system file. All the files have "hidden" attributes so you must have Explorer configured to "show all files" to view.

We assume that the exe file name could be changed, by an advanced user, as well as changing the "Run Services" path; however, we would expect that the sysinfo.dll (supporting log file) would have to retain it's name and path - not positive about this as did not test.

You can uninstall this software easily by searching for "monitor.exe" as data in the Registry Editor then delete the entry under the "Run Services" key (disable to start at Windows boot). .. OR use the "System Tools, within our Monitor Spy software, for an easier solution. After reboot, delete the program files installed (see above list). . OR simply use Windows "Add/Remove Program function (if an advanced user did not mess with the exe name and path).


Ghost Keylogger 2.0 by Sureshot

syncagent.exe , syncagent.dll & syncconfig.exe

Ghost Keylogger is an invisible easy-to-use surveillance tool that records every keystroke to an optionally encrypted log file. The log file can be sent via e-mail to a specified receiver that it claims does silently (we will test this feature soon).

It requires a setup but does not display info within the Windows Add/ Remove Software listing nor the Start menu. The software requires a password to gain entry to the Admin screen (there is no default password but rather is set by the user at setup via a "configuration exe file named "syncconfig.exe"). The default install path is "C:\Program Files\Sync Manager\" . An advanced user could easily configure to place within a different path and change the startup to this new path (as well as rename the exe file name and we suspect the configuration exe file name). All the files, as well as the folders, have "hidden" attributes so you must have Explorer configured to "show all files" to view. All settings (except Windows command to start at boot) are stored within a program file, and as far as we can determine, not in the Windows registry.

Files to look for:
C:\Program Files\Sync Manager\manual.html (help)
C:\Program Files\Sync Manager\syncconfig.exe (confif exe)
C:\Program Files\Sync Manager\faq.html (help)
C:\Program Files\Sync Manager\uninstall.bat (uninstall bat)
C:\Program Files\Sync Manager\agent\syncagent.dll (support dll)
C:\Program Files\Sync Manager\agent\syncagent.exe (programs exe)
C:\Program Files\Sync Manager\agent\syncagent.cfg (config file?)
C:\Program Files\Sync Mananger\logfile.cip (key log file)

This software makes use of the Windows registry, to set it to start at Windows boot up. You can easily disable this software by following this process >>> Activate Windows "Regedit.exe", do a find search for the data of "syncagent.exe", after finding this value under the Windows "RunService" Key, delete the name entry.. OR use the "System Tools, within our Monitor Spy software, for an easier solution. Reboot the system. Note that if an advanced user renamed the exe file you can check out "Active Programs Running" within Monitor Spy's System tools, to determine a suspected exe that has been renamed, it will be 564Kb. Also, if the user renamed the "synncconfig.exe" file (used to access the configuration as well as viewing the log files) it will retain it's 'Internal Name' property of "ConfigApplication".


WinWhatWhere by WinWhatWhere Corp.

The two required exe files are randomly named at install as well as changed and moved around the system.. but can be detected!

"WinWhatWhere" is a very popular, easy-to-use surveillance tool that records every keystroke as well as taking a snap shot of the screen. It offers some advanced features such as emailing of logs, creating a "remote installation" .exe file, etc. This software makes use of a data base type report that, from our testing, does a good job at reporting all activity on the system. It has a few advanced tricks such as renaming itself and moving around the exe and supporting files. But never fear.. it can be caught with a little work - just not as easy as most!

It requires a setup but does not display info within the Windows Add/ Remove Software listing nor the Start menu. The software requires a password to gain entry to the Admin screen (there is no default password but rather is set by the user at setup via the configuration screen/ form. The default install path is "C:\Windows\OLBE\" for the log file "zw84.dat, zw82.dat, etc. - randomly numbered)" as well as the programs exe file that is also randomly named at first activation. It also creates a data base file with a name such as "_il33042" that is also randomly numbered/ named.

Supporting files to look for (but be careful in deleting these files as they may be required for other applications - it will not hurt to leave on the system!):
\WINDOWS\SYSTEM\_zmStat.dat (probably a program stat file?)
\WINDOWS\SYSTEM\Dwspydll.dll (Win process "hook" file)
\WINDOWS\SYSTEM\dwspy36.dll (Win process "hook" file)
\WINDOWS\SYSTEM\_ISource2.dll (image processing)
\WINDOWS\SYSTEM\Dwshk36.ocx (Win process "hook" file) \WINDOWS\SYSTEM\dwspyvb6.dll (Win process "hook" file)
\WINDOWS\SYSTEM\ExEMail.dll (suspect used for emailing log)

As well as the Registry keys of:

HKEY_LOCAL_MACHINE\Software\WinWhatWhere Corporation\WinWhatWhere Investigator

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\

CurrentVersion\Uninstall\WinWhatWhere Investigator

The two main exe files are randomly named after first activation of the software. These files are renamed and moved around the system by each other. What happens, as far we we tested, is that the (for an example) AMPCOL.exe is used to start the other exe (i.e "ampbin.exe"- the main key logging exe file), then at random times renames the program file (i.e ampbin.exe) which in turn renames the startup (i.e.AMPCOL.exe) file, then moves to other locations as well as resets the name of the file in the Windows Registry for the "Start at Windows Boot" functions.

The easiest way to detect this software is by running Monitor Spy to detect the name of the key log and the path it is located in; thus you have the key log. Next use the "System Monitor" tool within Monitor Spy and check for "Active Tasks", right click on any suspected file running and get the Properties of the file. The versions company name will be listed as "WinWhatWhere". To delete.. use the Monitor Spy System Monitor to stop the software from running then delete the file via My Computer or Explorer. The program will still contain entries in the Registry that should be taken care of (if the user elected to run at Windows Startup, which is most likely). 

As we have stated, the file name that is used to start the software is randomly changed; therefore, will take a little effort to detect but is really not much of a problem.. here's how. This software makes use of the Windows registry, to set it to start at Windows boot up. You can easily disable this software by deleting the command to Run at windows boot under the HKEY_LOCAL_MACHINE and the HKEY_CURRENT_USER "Run" and "RunServices" values (it places entries in all 4 locations of the Registry).. OR use the "System Tools, within our Monitor Spy software, for an easier solution to delete all 4 of these entries. To detect, if in fact the suspected file listed to run, is the target file, right click the file viewed in Explorer (will be located within the System Folder) and check for "windoc32" as the file version's Internal Name, ""winsdoc32.sys" as the file version's Original File Name and "IsMFt" as the file version's Product Name.  Delete the Registry entries then delete the file within the System folder. Reboot the system.. "IsMFt" = "NotR_butKO" (Not Really, But Kind Of" ? 


PC Spy by PC Spy

pcs.exe , Rstins.exe

PC Spy is typical key logger that also offers the option of taking snap shots of the screen at user defined intravals. It also offers user configuration of the log file path, has the ability to back date log files, and set to start at Windows boot.

It requires a setup but does not display info within the Windows Add/ Remove Software listing nor the Start menu. The default install path is "C:\Program Files\PCS\" . An advanced user could easily configure to place within a different path and change the startup to this new path, as well as rename the exe file name we suspect. All settings (except Windows command to start at boot) are stored within a program ini file (C:\Windows\Kinw27.ini), as far as we have determined, not in the Windows registry.

Files to look for:
C:\WINDOWS\Kinw27.ini (programs setting ini file)
C:\WINDOWS\Rstins.exe (programs key logger exe file)
C:\Program Files\PCS\pcs.exe (programs configuration exe file)

This software makes use of the Windows registry, to set it to start at Windows boot up. You can easily disable this software by following this process >>> Activate Windows "Regedit.exe", do a find search for the data of "Rstins.exe", after finding this value under the Windows "RunService" Key, delete the name entry.. OR use the "System Tools", within our Monitor Spy software, for an easier solution. The size of Rstins.exe file is 557056 bytes.


Desktop Detective by BITLOGIC

DDClinet.exe & DDClinet.dll 

This is a key logger, a snap shoot monitor, and offers assorted other logging features that requires a setup and does not display an entry within the Windows Add/ Remove Software listing or the Start Menu. This software has the option of running in 'sleath mode' with the make visible hot key of "Ctrl+Alt+X" (the user has no option to change this hot key). The default install path is "C:\Program Files\Desktop Detective 2000 Home Edition\" . We suspect that an advanced user could easily configure to place within a different path and change the startup to this new path (as well as rename the exe file name). We also suspect that the "DDClient.dll file can not be renamed but could be relocated within the Windows or Windows\System folder and still work. All settings (except Windows command to start at boot) are stored within a program file, and as far as we can determine, not in the Windows registry.

This software makes use of the Windows registry, to set it to start at Windows boot up. You can easily disable this software by following this process >>> Activate Windows "Regedit.exe", do a find search for the data of "DDClinet.exe", after finding this value under the Windows Local_Machine "Run" Key, delete the name entry.. OR use the "System Tools", within our Monitor Spy software, for an easier solution. Reboot the system. It the user changed the name of the exe file you can check it by right clicking the suspected file (or use Monitor Spy's System tools) and check for the Company Name property as "Bitlogic Software", the Original File Name property as "DDClinet.exe" and the Product Name property as "DD 2000 Home Edition". 

To completely rid the system of the software,. do the above then merely uninstall or delete the application main folder it was installed to as well as the log files and folders contained within. You must rid the system of starting at Windows boot (if it is set to do so) to be able to delete these files within the application folder.  

Look for:

C:\Program Files\Desktop Detective 2000 Home Edition\DDClient.dll (supporting dll file)


C:\Program Files\Desktop Detective 2000 Home Edition\DDClient.exe (programs exe file)


C:\Program Files\Desktop Detective 2000 Home Edition\ddkey.dat (log file)

C:\Program Files\Desktop Detective 2000 Home Edition\ddkey.idx (log file)

C:\Program Files\Desktop Detective 2000 Home Edition\ddimg.dat (log file)

C:\Program Files\Desktop Detective 2000 Home Edition\ddimg.idx (log file)


Key Thief  by Idigital Technologies

Startkey.exe & Srvsks.exe

This is a key logger, a snap shoot monitor, that offers the option of having the key log emailed to an address inputted by installer/ user. Requires a setup and does not display an entry within the Windows Add/ Remove Software listing or the Start Menu if the user elects not to display via the setup. This software runs in 'sleath mode' with the make visible hot key of "Ctrl+Alt+K" (the user has option to change this hot key). The default install path is "C:\Program Files\Idigital Technologies\Key Serv 2.0\" . All settings (except Windows command to start at boot) are stored within the Windows registry under HKEY_LOCAL_MACHINE\Software\Nelco.

This software makes use of the Windows registry, to set it to start at Windows boot up. You can easily disable this software by following this process >>> Activate Windows "Regedit.exe", do a find search for the data of "Startkey.exe", after finding this value under the Windows Local_Machine "Run" Key, delete the name entry.. OR use the "System Tools", within our Monitor Spy software, for an easier solution. Reboot the system. It the user changed the name of the exe file you can check it by right clicking the suspected file (or use Monitor Spy's System tools) and check for the Company Name property as "Idigital Technologies", the Original File Name property as "Startkey" and the Product Name property as "Key Thief v2.0". 

To completely rid the system of the software,. do the above then merely uninstall or delete the application main folder it was installed to as well as the log files and folders contained within. You must rid the system of starting at Windows boot (if it is set to do so) to be able to delete these files within the application folder (software can not be active). Also be sure to delete the "ikeyhk2.dll" file installed under the Windows\System directory for a clean uninstall.

Files to look for:

ikeyhk2.dll (supporting file)

Startkey.exe (Start exe file - activates Srvcks.exe)

Srvcks.exe (key logger exe file)

Remove.exe (uninstall utility)  


pcSpyAssistant  by Cktech Systems

pcSpyAssistantProgram.exe & pcSpyAssistant.dll

This is a key logger, as well as a snap shoot monitor. Requires a setup and does display an entry within the Windows Add/ Remove Software listing and the Start Menu. It is suspected that an advanced user could configure this software to eliminate these entries. This software disables the "Ctrl+Alt+Del" hot key combo so that it can not be disabled as well as displays an icon within the system tray when active. All settings (except Windows command to start at boot) and entry password are stored within a program ini file within the install directory.

This software makes use of the Windows registry, to set it to start at Windows boot up as well as storing the password required to enter the configuration screen. You can easily disable this software by following this process >>> Activate Windows "Regedit.exe", do a find search for the data of "pcSpyAssistantProgram.exe", after finding this value under the Windows Local_Machine "Run" Key, delete the name entry.. OR use the "System Tools", within our Monitor Spy software, for an easier solution. Reboot the system then delete the install folder contents. Probably the easiest way to disable this software is to merely open up Regedit.exe the search for the key of "HKey_CURRENT_USER\Software\VB & VB Settings\PCSpyAssistant Program\Settings\" and grab the password to gain entry (it is the data of this registry key and not encrypted in any way)... then click the system tray icon, enter the password, deactivate to start at Windows boot, exit the software then delete the install folder contents. 

To completely rid the system of the software,. do the above OR merely uninstall or delete the application main folder it was installed to as well as the log files and folders contained within. You must rid the system of starting at Windows boot (if it is set to do so) to be able to delete these files within the application folder (software can not be active). Also be sure to delete the "pcSpyAssistant.dlll" file installed under the Windows\System directory for a clean uninstall.

Files to look for:

ipcSpyAssistant.dll (supporting file)

pcSpyAssistantProgram.exe (key logger exe file)

pcd.dat & k_pcd.dat (log files)

config.dat & Flag.spy (ini files?) 


StarrCommander Pro

STARRCMD.EXE

Look for:

C:\WINNT\SYSTEM32\KREC32

ehks.zip


ev0luti0n HTTP key logger V2.0

This is a key logger that records all the keystrokes to a file allowing you to view them, just by typing the victims IP address in Internet Explorer (or some other Internet browser).


loggerv0.9.1.zip

This is a simple key logger that runs invisibly on the target computer.

All keystrokes logged are kept in a file called "dat.cab". This file can be opened in any text application and is stored in the same directory as the key logger.

When the key logger is first run it should automatically edit the target machine's registry to start on boot-up. The executable can be renamed to anything.

Files to look for:

"C:/windows/logger.exe /show" in a dos window


DK2Full.zip

Diablo Keys 2.2 - Win32 key logger has a new version... Diablo Keys is a windows keystroke logger that will log all activity in the system, including keys, windows, time and date. DK will send the logs to a predefined email address or ftp account. The New version grabs window text boxes and cached passwords, is more stable, faster and easier to use. It is now compatible with windows NT/2000 and ME. DK is not a trojan but a monitoring tool like PCAcme, although it is completely free. This requires physical access to the computer.


SKLOGV1.12

stAlllOnized

This is a key logger that can log all keystrokes, is case-sensitive and supports all standard keys. It has been written in VB, uses the GetAsyncKeyState API call and doesn't need any other dll or ocx file (only the standard vb6 dlls). It restarts when you start windows (modifies the registry) and can be started/stopped anytime by using key combinations.

File to look for:

C:/Windows/System/windowskj.log


Phantom2.zip

Phantom2 is the successor to Phantom, a keystroke record and playback program for MS-DOS. Works as a TSR program that resides in memory.

Files to look for:

Phantom2.exe

Phantom.exe


KeyLog25.zip

KEYLOG!.EXE is a Windows 3.x/95 version 2.5 of a freeware utility that records keystrokes. It is the successor of the original KeyLog. There are newer and better features in this program. To quit the program, all you need to do is press CTRL-ALT-DEL and end the program called -KiDViD-. -KiDViD- is KeyLog's name in disguise.

Files to look for:

1. KeyLog!.exe ... C:\Windows\Temp

2. KeyLog!.txt ... C:\Windows\Temp

3. KeyLog!.reg ... C:\Windows\Temp

4. Qpro200.dll ... C:\Windows\System


Radmin

Radmin is a remote control program that enables you to work on one or more remote computers from your own. It is a complete remote control solution with all key features such as File Transfer, NT security, Telnet and Multilanguage support included.

Files to look for include

- Client (Radmin.exe)

- Server (r_server.exe)

- Driver (raddrv.dll) (Only on WinNT)


ISPYNOW

iSpyNow is a commercially available product that logs messengers, window activities, websites, keystrokes, passwords, realtime captures.

Files to look for include C:\Program Files\iSpyNOW\iSpyNOW.exe

C:\Windows\ISNSYS.dll


Top 10 Key Loggers Reported...

  1. SpyAgent 
  2. Iopus Starr Pro Key Logger 
  3. Second Sight 
  4. Modem Spy 
  5. Home Key Logger 1.01 
  6. ISpyNow 
  7. Spector 
  8. WinWhatWhere 
  9. Surf Spy 2.10 
  10. 007 Starr 

Note: Products that display a * next to the product name have additional information about them on this page.

Software monitoring products...
Benntra * Your Hidden Eyes
Code-it Software * No Secrets
UserFriendly Products, Inc. * Mate Watcher
User-Friendly Products, Inc. * Employee Watcher
UserFriendly Products, Inc. * Kid Watcher
UserFriendly Products, Inc. * IsMyMateCheating online
WinWhatWhere, Corp. * WinWhatWhere Investigator
Cktech Systems * pcSpyAssistant 
CodexDataSystems, Inc. Achtung!
CodexDataSystems, Inc. Achtung! Pro
Segobit Software Actions Monitor
SoftActivity.com Activity Logger
SoftActivity.com Activity Monitor
KMiNT21 Software, Inc. Advanced TCP Logger
Zoran`s Software 2Spy!
Aimsoft Development Corporation AIM Keys
Raytown Corporation AlertMobile Pro
Raytown Corporation AlertMobile Light
Arkanum Soft AMonitor
SniffTech ANASIL
Biodata Systems GmbH ApplicationRadar
OdiSoft AppsTraka
TIFNY AtomicLog
cDc communications Back Orifice
Ascentive LLC Be Aware
iOpus Software BEEE
cablehead.com Blackbox
Alexander Jmerik Boss Everyware
catchcheat.com Catch Cheat
Cerberian, Inc. Cerberian
Tybee Software ChatNANNY
Ascentive LLC ChatWatch
Webroot Software Inc. ChildSafe
APEX Software Corp. com.Policy
Covenant Eyes, LLC Covenant Eyes
Marshal Software Content Security
Cresotech, Inc. Cresotech Typerecorer (T-REC)
Cyber Intelligence Software Group Cyber Informer
Pearl Software Cyber Snoop
CodexDataSystems, Inc. D.I.R.T. - Data Interception 
Kogosoft Corporation DBSpy
BITLOGIC * Desktop Detective
Alpine Snow Desktop Spy
Omniquad Ltd. Desktop Surveillance
Omniquad Ltd. Detective
FutureSoft, Inc. DynaComm i:filter
Danil Dks (KeySpy)
Donald Dick Donald Dick
Kogosoft Corporation DWSpy
ClearSwift MIMEsweeper  e-Sweeper
Elron Software Elron Internet Manager
Websense Inc. Employee Internet Management (EIM)
BSSCO, Inc. ENFILTRATOR Black Box
eSniff, Inc. eSniff
OTG Software, Inc. EmailXaminer
Fatline Corporation FastTracker
APEX Software Corp. FamilyCAM
Applied Logic Corporation Find-Out!
galaxyTrading galaxySpy
Wards Creek Software,Inc. GameWarden
Sureshot  * Ghost Keylogger
Alushta Corp. Ghost Spy
GlobalPatrol GlobalPatrol
Golden Eye Golden Eye
BadBoyKilla Hack '99 KeyLogger
Streiff Information Services HackerWacker
Ilya V. Osipov HookDump
KMiNT21 Software, Inc. * Home Key Logger
Symantec Corporation I-Gear
Tybee Software IamBigBrother
ICUSurf, LLC ICUSurf
IIPwr.com IIPwr Package
Elron Software IM Web Inspector
OTG Software, Inc. IMxtender
ITKsoft In The Know
BITLOGIC INControl
Ingenuity (UK) Ltd Ingenuity
TalyaSoft Informer
Jungle-Monkey Software InLook Express
FobiaSoft Inspector
Sequel Technology Corporation Internet Resource Manager (IRM)
NataSoft IntraSpy
WinWhatWhere Corporation Investigator
Alin Inclezan Invisible Activity Spy
Amecisco Invisible KeyLogger 97
Amecisco Invisible KeyLogger Stealth
iOpus Software iOpus STARR
iSpymail.com iSpy
iSpyNOW.com  * iSpyNOW
iSpyNOW.com iSpymail
Lower Hutt iWonder Recorder
UltraSoft Key Interceptor
Idigital Technologies * Key Thief
Diplodock.com Keyboard Guardian
Original Programs, Inc. Keyboard Monitor
Tenebrill Inc. Keycorder (Key-Corder)
Mikko Technology KeyKey
Yourbusted.com KeyKey
OXD Software Keylogger
miniCoders KeyLogger
NGF Digital Productions Key Logger
IIPwr.com KeySpy
Marc Leblanc KeySpy
DewaSoft Keystroke Reporter
Arne Vidstrom klogger
SurfControl plc LittleBrother
Symantec Corporation Mail-Gear
Marshal Software MailMarshal SMTP
ClearSwift MIMEsweeper MAILsweeper
Tumbleweed Communications Messaging Management System
MDSA Software MDSA Sentinel
ClearSwift MIMEsweeper MIMEsweeper
Omniquad Ltd. MicroManager
A Value Systems MoM
SecureMac Monitorer
Kra-Tronic Corporation Mouse and Key - Recorder
wizard Industries Ltd. * My Little Spy
N2H2, Inc. N2H2
NetBus NetBus
iomart Group plc NetIntelligence
eSynch company (Kissco) NetMonitor
ExploreAnywhere Software NETObserve
Telemate.Net Software, Inc. NetSpective WebFilter
Telemate.Net Software, Inc. NetSpective Reporter
BySoft Data AB NT Logon Capture (NTLC)
Original Programs, Inc. Online Recorder
ProtectCom Orvell Monitoring
ntlworld.com PasTmon
Next Generation Count (NGC) PC & Internet Monitor
Raytown Corporation PC Activity Monitor (PC Acme)
Raytown Corporation PC Activity Monitor Net
Raytown Corporation PC Activity Monitor Pro
Biodata Systems GmbH PCfire
Strategic Business Solutions Inc. PC Monitor
Softdd.com PC Spy
PC Spy * PC Spy
PC Weasel PCWeasel
Peter Surrena Design, Inc. PeopleMonitor
Pearl Software Pearl Echo
NetHunter Group ProBot
ClearSwift MIMEsweeper PORNsweeper
iCognito Technologies Ltd. PureSight
Kintech, Inc. QuietEye
FobiaSoft Raven
Brian Cadge RazzMon
Greene Global Investment Group Realtime Spy
RedHand Software Ltd. RedHand
Strategic Business Solutions Inc. Resource Monitor
Anton Vasiljev ResShow
SafeNetCorp.com SafeNet
SafeNetCorp.com SafeNet Pro
VAAP Salus
Alpine Snow Save Keys
Softcentral SC-KeyLog
Mikko Technology Screen Logger
Kogosoft Corporation ScreenSpy
iQuesoft-Online Second Sight
ClearSwift MIMEsweeper SECRETsweeper
sentrycam.com SentryCam
Spytech Software Shadow
Adavi, Inc. Silent Guard
Adavi, Inc. Silent Watch
SilentRunner, Inc. SilentRunner
Tryco Ltd Slymail
Virtual Imagination Inc. Snapshot Spy
Dr. Seuss Spectator
SpectorSoft Corporation Spector
SpectorSoft Corporation Spector Pro
Zackware spIE
SRA International, Inc. SRA Assentor
Cube'd Productions Spy
spysoft.de Spy Camera
Spytech Software * SpyAgent
Spytech Software SpyAnywhere
spyAOL spyAOL
ExploreAnywhere Software SpyBuddy
TSM-Soft SpyCapture
Spytech Software SpyCheck
cablehead.com SpyGraphica
Baysite Plus Publishing Spysoft
red0xd stAllIOnized KeyLogger
ICaughtYou LLC Stellar Internet Monitoring
iOpus Software Stealth Activity Monitor (SAM)
Peter Zierl Stealth Activity Reporter
Raytown Corporation Stealth Email Redirector (SER)
Raytown Corporation Stealth Keyboard Interceptor
Raytown Corporation Stealth Keyboard Interceptor Auto
P.G.M. Stealth KeySpy
Amecisco StealthMail
Buffalo Software, Inc. Surf Snoop
Rahul Soni Stealth Spy
Omniquad Ltd. Surveillance Anywhere
BySoft Data AB Surf Spy
SurfControl plc SurfControl
Esm Software Surfing Spy
Harris Digital Publishing Group System Detective
AB Software System Spy
Matthew T. Pandina Tiny Key Logger
Trisys, Inc. Trisys Insight
SecureMac TypeRecorder
Raheel Abdul Hameed Ultimate Spy
Urbis.net Ltd UrbisNet
Vericept Corporation Vericept VIEW
REALCODE Development Inc. Visage PC surveillance
Ersieht, Inc. WatchDog
Zemerick Software Inc. Watchful Eye
ClearSwift MIMEsweeper WEBsweeper
Softec Enterprises Inc. WebPI
Christian Walter Windows Keylogger
BySoft Data AB Windows Remote
BySoft Data AB Windows Spy
Webroot Software Inc. WinGuardian
WinRecon WinRecon
BC COMPUTING Win-Spy Windows Monitor
Tropical Software Winvestigator
withu.com WIP Ethernet Analyzer
gmgDesign Software XLog
8e6 Technologies X-Stop

Please email for any additional help you may be seeking. Note: Any additional info, that would be of value to this page, would be GREATLY APPRECIATED BY US AND OTHER USERS!

 



 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

10.05.2002 >>> Hit Counter