![]() |
|
![]() |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() |
![]() ![]() |
![]() |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() |
Monitor Spy v1.9 advanced on-line help... | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() |
VERY IMPORTANT NOTICE !!! If you are a registered user, of this software, you should of been notified of a major revision/ upgrade (from v1.4 to v1.7) on 09.24.2002 as well as an upgrade 11.18.2002.. If not, please contact for your free download of version 1.7 ! This page will be constantly updated, in an effort to provide you with information about popular (and some not so popular) key loggers. It attempts to answer questions relating to deactivation and technical details. The "short" reports were supplied to the public school system, by the FBI (we claim no warranty or copyright). All the more "advanced" reports were generated using our Scanster software (to determine what files and Registry entries were made during install process) and then using the Monitor Spy software to determine log files generated or written to. What a set of tools, huh? Everything that is written - including this page - is protected by Copywrite laws; however, the info on this page is free to distribute with a simple request to Code-it Software. This will soon be the most complete published information concerning key logger application conformation we have seen in our research. The "scoop" on some Key logger applications... "Your Hidden Eyes" marketed by Benntra, Corp. spoolyhe.exe This is a key logger, as well as a snap shoot monitor, that requires no setup and can be activated from any location the exe file is placed. The targeted audience, for this product, is the in-experienced user. The default access hot key is "Ctrl+Shift+E" and entry password is "password". These values can be changed via the configuration screen. The Admin user can configure the software to automatically edit the target machine's registry to start on boot-up. The executable can be renamed to anything but will always create a "spoolyhe.uzy" file that is used as a resource file for the software. You can easily change the hotkey and password by editing the values of the key "Benntra" in the Windows registry (just do a search then modify the key values via the "Windows Registry Editor") this way you can access the configuration/ Admin screen via the newly created 'visible hot key' and 'entry password' then view/ delete logs as well as set configuration to not start at Windows boot. Look for: spoolyhe.exe and spoolyhe.uzy in any location on the system. This exe name can be changed but it will always create (at activation) the ".uzy" file that is used to contain the resources of the exe file. a folder named "SnapShots" (within the same path of the "spoolyhe.exe") that contains the screen snapshots recorded as well as the "YourHiddenEyes.txt" which is the actual key log created. The Admin does NOT have the option to change the name of the folder nor the key log in this application. "Mate Watcher", "Kid Watcher", "Employee Watcher" & "IsMyMateCheatingOnline" marketed by UserFreindly Products, Inc. @ http://www.matewatchstore.com These are all identical products as the web site states in small print (a marketing scheme to present 4 different products that are basically the same with only the product name and the install folder being different). start.exe, winxpdemo.exe, & mw6p.dll These are all key loggers, as well as including a snap shoot monitor, that requires a setup but does not display info within the Windows Add/ Remove Software listing. The default access hot key is "Ctrl+Shift+Alt+H" for all and default entry password is "password" for 'Mate Watcher', "CatchCheater" for 'IsMyMateCheatingonline'. These values can be changed via the configuration screen. The default install path is "C:\userfriendlyproducts\" with a different folder assigned depending on what version you have installed (i.e "mw" for Mate Watcher, amd "immco" for IsMyMateCheating, "kw" for Kid Watcher, etc. The user has no choice of electing what path to install but an advanced user could easily configure to place within a different path and change the startup to this new path (as well as rename the exe file name, I would suspect). All the files, as well as the folders, have "hidden" attributes so you must have Explorer configured to "show all files" to view. You can easily disable this software by following this process >>> "Start", "Settings", "Task Bar and Start Menu", "Advanced" tab, "Advanced", "Programs" icon, click "Startup" icon, highlight the "mw", "immco", "kw" or any suspected name (you can right click and view properties to determine if these startup items are located within the "userfriendlyproducts" folder) icon in the right view pane then elect to delete this entry, reboot the system. This software does not make use of the Windows registry, that we can determine, but merely puts a startup entry into the Startup folder. Look for: "winxpdemo.exe" , "start.exe", and "mw6p.dll" (supporting file installed on the root drive C:\ ) . Log files with the extension of ".bic" (these are image files that if you change the extension to ".bmp" they will display in image editing software), files with ".act" extension (binary log files) as well as binary files with ".web" extension (web site visit log files) and binary files with the extension of ".ksl". (i.e 2002-10 04 at 21-49 o3.bic, etc...) The file name reflects the date, time and type of the log file. The "mw". "immco", "kw", or any suspected entries within the "StartUp" folder under "C:\Windows\Start Menu\Programs\StartUp\" "SpyAgent" by SpyTech @ http://www.spytech-web.com SpyAgent4.exe, SystemSA32.dll, YahooDLL.dll This is a key logger, a snap shoot monitor, and offers assorted other logging features that requires a setup and displays info within the Windows Add/ Remove Software listing only IF the user did not elect to install in the "sleath mode". This software has the option of sending these created log files to an configured email address at the interval the Admin user has set. The software requires a password to gain entry to the Admin screen (there is no default password but rather is set by the user at setup). The default install path is "C:\Program Files\SpyTech Software\Spytech SpyAgent\" . We suspect that an advanced user could easily configure to place within a different path and change the startup to this new path (as well as rename the exe file name). All the files, as well as the folders, have "hidden" attributes so you must have Explorer configured to "show all files" to view. All settings (except Windows command to start at boot) are stored within a program file, and as far as we can determine, not in the Windows registry. This software makes use of the Windows registry, to set it to start at Windows boot up. You can easily disable this software by following this process >>> Activate Windows "Regedit.exe", do a find search for the data of "SpyAgent4.exe", after finding this value under the Windows "Run" Key, delete the name entry.. OR use the "System Tools, within our Monitor Spy software, for an easier solution. Reboot the system. To completely rid the system of the software,do the above then merely uninstall or delete the application main folder it was installed to as well as the log files and folders most likely located at 'C:\Windows\SAcache\' and 'C:\Windows\Sycache\' . You must rid the system of starting at Windows boot (if it is set to do so) to be able to delete these files within the application folder. You must have Windows Explorer set to "show all files as the folder and files are set to the "hidden" value. Look for: SpyAgent4.exe, SystemSA32.dll, YahooDLL.dll. Log files with the extension of ".log" (these will most likely be located within the 'C:\Windows\SAcache\' folder). Log files with the extension of ".ssf" which will most likely be located within the 'C:\Windows\Sycache\' folder. "No Secrets" by Code-it Software eyes.exe This is a key logger, as well as a snap shoot monitor, that requires no setup and can be activated from any location the exe file is placed. The default access hot key is "Ctrl+Shift+E" and entry password is "password". These values can be changed via the configuration screen. The Admin user can configure the software to automatically edit the target machine's registry to start on boot-up. The executable can be renamed to anything but will always create a "eyes.uzy" file that is used as a resource file for the software. You can easily change the hotkey and password by editing the values of the key "No_Secrets" in the Windows registry (just do a search then modify the key values via the "Windows Registry Editor") this way you can access the configuration/ Admin screen via the newly created 'visible hot key' and 'entry password' then view/ delete logs as well as set configuration to not start at Windows boot. Look for: eyes.exe and eyes.uzy in any location on the system. This exe name can be changed but it will always create (at activation) the ".uzy" file that is used to contain the resources of the exe file. a folder named "SnapShots" (within the same path of the "spoolyhe.exe") that contains the screen snapshots recorded as well as the "No_Secrets.txt" which is the actual key log created. The Admin does NOT have the option to change the name of the folder nor the key log in this simple application. Home Key Logger by KMiNT21 Software, Inc. KeyLogger.exe & KeyLogger.dll (supporting file) "Home Key Logger" is a simple key logger that is offered free; therefore very popular, as a means to promote (we presume) a more advanced key logger named "Family Key Logger". It is installed on the system via a setup program that gives the user the choice of path to install. The default install path is "C:\Program Files\HomeKeyLogger" where it installs the following files: C:\Program Files\HomeKeyLogger\KeyLogger.exe The setup also writes Registry keys of: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows \CurrentVersion\Uninstall\HomeKeyLogger HKEY_LOCAL_MACHINE\Software\Microsoft\Windows \CurrentVersion\Run\C:\Program Files\Home Key Logger\Keylogger.exe The "make visible hot key is "Ctrl+Alt+Shift+M" and the key log file, it records to, is "KeyLog.txt". For this free version, the user is not allowed to change these values. We assume that the exe file name could be changed, by an advanced user, as well as changing the "Run" path; however, we would expect that the KeyLogger.dll supporting file would have to retain it's name and would have to reside either in the programs path, the Windows directory or Windows\System directory. You can uninstall this software easily by deleting the install folder and all files within as well as searching for "KeyLLogger.exe" as data in the Registry Editor then delete the entry under the "Run" key (disable to start at Windows boot). .. OR use the "System Tools, within our Monitor Spy software, for an easier solution.. OR simply use Windows "Add/Remove Program function (if an advanced user did not mess with the exe name and path). My Little Spy by Wizard Industries Ltd. Monitor.exe & sysinfo.dll (supporting - log file) "My Little Spy" is a key logger that is offered as Shareware with a free 14 day evaluation period. It is installed on the system via a setup program that gives the user the choice of path to install. The default install path is "C:\Windows\System\Monitor.exe" and creates no program folder (which makes it a little more "sleathy" then some?). The setup installs the following files: C:\WINDOWS\SYSTEM\Monitor.exe (the exe file) As well as adding the Registry key of: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ Uninstall\My Little Spy TRIAL VERSION_is1 And the registry key value of "the path of the software monitor.exe" in the LOCAL_Machine\Software\Microsoft\Windows\Current Version\Run Services\ to set the monitor.exe to run at Windows startup. The "make visible hot key is "Alt+F10" and the key log file, it records to, is "sysinfo.dll" , a binary file, which is meant to trick a user into thinking it is a system file. All the files have "hidden" attributes so you must have Explorer configured to "show all files" to view. We assume that the exe file name could be changed, by an advanced user, as well as changing the "Run Services" path; however, we would expect that the sysinfo.dll (supporting log file) would have to retain it's name and path - not positive about this as did not test. You can uninstall this software easily by searching for "monitor.exe" as data in the Registry Editor then delete the entry under the "Run Services" key (disable to start at Windows boot). .. OR use the "System Tools, within our Monitor Spy software, for an easier solution. After reboot, delete the program files installed (see above list). . OR simply use Windows "Add/Remove Program function (if an advanced user did not mess with the exe name and path). Ghost Keylogger 2.0 by Sureshot syncagent.exe , syncagent.dll & syncconfig.exe Ghost Keylogger is an invisible easy-to-use surveillance tool that records every keystroke to an optionally encrypted log file. The log file can be sent via e-mail to a specified receiver that it claims does silently (we will test this feature soon). It requires a setup but does not display info within the Windows Add/ Remove Software listing nor the Start menu. The software requires a password to gain entry to the Admin screen (there is no default password but rather is set by the user at setup via a "configuration exe file named "syncconfig.exe"). The default install path is "C:\Program Files\Sync Manager\" . An advanced user could easily configure to place within a different path and change the startup to this new path (as well as rename the exe file name and we suspect the configuration exe file name). All the files, as well as the folders, have "hidden" attributes so you must have Explorer configured to "show all files" to view. All settings (except Windows command to start at boot) are stored within a program file, and as far as we can determine, not in the Windows registry. Files to look for: This software makes use of the Windows registry, to set it to start at Windows boot up. You can easily disable this software by following this process >>> Activate Windows "Regedit.exe", do a find search for the data of "syncagent.exe", after finding this value under the Windows "RunService" Key, delete the name entry.. OR use the "System Tools, within our Monitor Spy software, for an easier solution. Reboot the system. Note that if an advanced user renamed the exe file you can check out "Active Programs Running" within Monitor Spy's System tools, to determine a suspected exe that has been renamed, it will be 564Kb. Also, if the user renamed the "synncconfig.exe" file (used to access the configuration as well as viewing the log files) it will retain it's 'Internal Name' property of "ConfigApplication". WinWhatWhere by WinWhatWhere Corp. The two required exe files are randomly named at install as well as changed and moved around the system.. but can be detected! "WinWhatWhere" is a very popular, easy-to-use surveillance tool that records every keystroke as well as taking a snap shot of the screen. It offers some advanced features such as emailing of logs, creating a "remote installation" .exe file, etc. This software makes use of a data base type report that, from our testing, does a good job at reporting all activity on the system. It has a few advanced tricks such as renaming itself and moving around the exe and supporting files. But never fear.. it can be caught with a little work - just not as easy as most! It requires a setup but does not display info within the Windows Add/ Remove Software listing nor the Start menu. The software requires a password to gain entry to the Admin screen (there is no default password but rather is set by the user at setup via the configuration screen/ form. The default install path is "C:\Windows\OLBE\" for the log file "zw84.dat, zw82.dat, etc. - randomly numbered)" as well as the programs exe file that is also randomly named at first activation. It also creates a data base file with a name such as "_il33042" that is also randomly numbered/ named. Supporting files to look for (but be careful in deleting these files as they may be required for other applications - it will not hurt to leave on the system!): As well as the Registry keys of: HKEY_LOCAL_MACHINE\Software\WinWhatWhere Corporation\WinWhatWhere Investigator HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\Uninstall\WinWhatWhere Investigator The two main exe files are randomly named after first activation of the software. These files are renamed and moved around the system by each other. What happens, as far we we tested, is that the (for an example) AMPCOL.exe is used to start the other exe (i.e "ampbin.exe"- the main key logging exe file), then at random times renames the program file (i.e ampbin.exe) which in turn renames the startup (i.e.AMPCOL.exe) file, then moves to other locations as well as resets the name of the file in the Windows Registry for the "Start at Windows Boot" functions. The easiest way to detect this software is by running Monitor Spy to detect the name of the key log and the path it is located in; thus you have the key log. Next use the "System Monitor" tool within Monitor Spy and check for "Active Tasks", right click on any suspected file running and get the Properties of the file. The versions company name will be listed as "WinWhatWhere". To delete.. use the Monitor Spy System Monitor to stop the software from running then delete the file via My Computer or Explorer. The program will still contain entries in the Registry that should be taken care of (if the user elected to run at Windows Startup, which is most likely). As we have stated, the file name that is used to start the software is randomly changed; therefore, will take a little effort to detect but is really not much of a problem.. here's how. This software makes use of the Windows registry, to set it to start at Windows boot up. You can easily disable this software by deleting the command to Run at windows boot under the HKEY_LOCAL_MACHINE and the HKEY_CURRENT_USER "Run" and "RunServices" values (it places entries in all 4 locations of the Registry).. OR use the "System Tools, within our Monitor Spy software, for an easier solution to delete all 4 of these entries. To detect, if in fact the suspected file listed to run, is the target file, right click the file viewed in Explorer (will be located within the System Folder) and check for "windoc32" as the file version's Internal Name, ""winsdoc32.sys" as the file version's Original File Name and "IsMFt" as the file version's Product Name. Delete the Registry entries then delete the file within the System folder. Reboot the system.. "IsMFt" = "NotR_butKO" (Not Really, But Kind Of" ? PC Spy by PC Spy pcs.exe , Rstins.exe PC Spy is typical key logger that also offers the option of taking snap shots of the screen at user defined intravals. It also offers user configuration of the log file path, has the ability to back date log files, and set to start at Windows boot. It requires a setup but does not display info within the Windows Add/ Remove Software listing nor the Start menu. The default install path is "C:\Program Files\PCS\" . An advanced user could easily configure to place within a different path and change the startup to this new path, as well as rename the exe file name we suspect. All settings (except Windows command to start at boot) are stored within a program ini file (C:\Windows\Kinw27.ini), as far as we have determined, not in the Windows registry. Files to look for: This software makes use of the Windows registry, to set it to start at Windows boot up. You can easily disable this software by following this process >>> Activate Windows "Regedit.exe", do a find search for the data of "Rstins.exe", after finding this value under the Windows "RunService" Key, delete the name entry.. OR use the "System Tools", within our Monitor Spy software, for an easier solution. The size of Rstins.exe file is 557056 bytes. Desktop Detective by BITLOGIC DDClinet.exe & DDClinet.dll This is a key logger, a snap shoot monitor, and offers assorted other logging features that requires a setup and does not display an entry within the Windows Add/ Remove Software listing or the Start Menu. This software has the option of running in 'sleath mode' with the make visible hot key of "Ctrl+Alt+X" (the user has no option to change this hot key). The default install path is "C:\Program Files\Desktop Detective 2000 Home Edition\" . We suspect that an advanced user could easily configure to place within a different path and change the startup to this new path (as well as rename the exe file name). We also suspect that the "DDClient.dll file can not be renamed but could be relocated within the Windows or Windows\System folder and still work. All settings (except Windows command to start at boot) are stored within a program file, and as far as we can determine, not in the Windows registry. This software makes use of the Windows registry, to set it to start at Windows boot up. You can easily disable this software by following this process >>> Activate Windows "Regedit.exe", do a find search for the data of "DDClinet.exe", after finding this value under the Windows Local_Machine "Run" Key, delete the name entry.. OR use the "System Tools", within our Monitor Spy software, for an easier solution. Reboot the system. It the user changed the name of the exe file you can check it by right clicking the suspected file (or use Monitor Spy's System tools) and check for the Company Name property as "Bitlogic Software", the Original File Name property as "DDClinet.exe" and the Product Name property as "DD 2000 Home Edition". To completely rid the system of the software,. do the above then merely uninstall or delete the application main folder it was installed to as well as the log files and folders contained within. You must rid the system of starting at Windows boot (if it is set to do so) to be able to delete these files within the application folder. Look for: C:\Program Files\Desktop Detective 2000 Home Edition\DDClient.dll (supporting dll file)
C:\Program Files\Desktop Detective 2000 Home Edition\ddkey.idx (log file) C:\Program Files\Desktop Detective 2000 Home Edition\ddimg.dat (log file) C:\Program Files\Desktop Detective 2000 Home Edition\ddimg.idx (log file) Key Thief by Idigital Technologies Startkey.exe & Srvsks.exe This is a key logger, a snap shoot monitor, that offers the option of having the key log emailed to an address inputted by installer/ user. Requires a setup and does not display an entry within the Windows Add/ Remove Software listing or the Start Menu if the user elects not to display via the setup. This software runs in 'sleath mode' with the make visible hot key of "Ctrl+Alt+K" (the user has option to change this hot key). The default install path is "C:\Program Files\Idigital Technologies\Key Serv 2.0\" . All settings (except Windows command to start at boot) are stored within the Windows registry under HKEY_LOCAL_MACHINE\Software\Nelco. This software makes use of the Windows registry, to set it to start at Windows boot up. You can easily disable this software by following this process >>> Activate Windows "Regedit.exe", do a find search for the data of "Startkey.exe", after finding this value under the Windows Local_Machine "Run" Key, delete the name entry.. OR use the "System Tools", within our Monitor Spy software, for an easier solution. Reboot the system. It the user changed the name of the exe file you can check it by right clicking the suspected file (or use Monitor Spy's System tools) and check for the Company Name property as "Idigital Technologies", the Original File Name property as "Startkey" and the Product Name property as "Key Thief v2.0". To completely rid the system of the software,. do the above then merely uninstall or delete the application main folder it was installed to as well as the log files and folders contained within. You must rid the system of starting at Windows boot (if it is set to do so) to be able to delete these files within the application folder (software can not be active). Also be sure to delete the "ikeyhk2.dll" file installed under the Windows\System directory for a clean uninstall. Files to look for: ikeyhk2.dll (supporting file) Startkey.exe (Start exe file - activates Srvcks.exe) Srvcks.exe (key logger exe file) Remove.exe (uninstall utility) pcSpyAssistant by Cktech Systems pcSpyAssistantProgram.exe & pcSpyAssistant.dll This is a key logger, as well as a snap shoot monitor. Requires a setup and does display an entry within the Windows Add/ Remove Software listing and the Start Menu. It is suspected that an advanced user could configure this software to eliminate these entries. This software disables the "Ctrl+Alt+Del" hot key combo so that it can not be disabled as well as displays an icon within the system tray when active. All settings (except Windows command to start at boot) and entry password are stored within a program ini file within the install directory. This software makes use of the Windows registry, to set it to start at Windows boot up as well as storing the password required to enter the configuration screen. You can easily disable this software by following this process >>> Activate Windows "Regedit.exe", do a find search for the data of "pcSpyAssistantProgram.exe", after finding this value under the Windows Local_Machine "Run" Key, delete the name entry.. OR use the "System Tools", within our Monitor Spy software, for an easier solution. Reboot the system then delete the install folder contents. Probably the easiest way to disable this software is to merely open up Regedit.exe the search for the key of "HKey_CURRENT_USER\Software\VB & VB Settings\PCSpyAssistant Program\Settings\" and grab the password to gain entry (it is the data of this registry key and not encrypted in any way)... then click the system tray icon, enter the password, deactivate to start at Windows boot, exit the software then delete the install folder contents. To completely rid the system of the software,. do the above OR merely uninstall or delete the application main folder it was installed to as well as the log files and folders contained within. You must rid the system of starting at Windows boot (if it is set to do so) to be able to delete these files within the application folder (software can not be active). Also be sure to delete the "pcSpyAssistant.dlll" file installed under the Windows\System directory for a clean uninstall. Files to look for: ipcSpyAssistant.dll (supporting file) pcSpyAssistantProgram.exe (key logger exe file) pcd.dat & k_pcd.dat (log files) config.dat & Flag.spy (ini files?) StarrCommander Pro STARRCMD.EXE Look for: C:\WINNT\SYSTEM32\KREC32 ehks.zip ev0luti0n HTTP key logger V2.0 This is a key logger that records all the keystrokes to a file allowing you to view them, just by typing the victims IP address in Internet Explorer (or some other Internet browser). loggerv0.9.1.zip This is a simple key logger that runs invisibly on the target computer. All keystrokes logged are kept in a file called "dat.cab". This file can be opened in any text application and is stored in the same directory as the key logger. When the key logger is first run it should automatically edit the target machine's registry to start on boot-up. The executable can be renamed to anything. Files to look for: "C:/windows/logger.exe /show" in a dos window DK2Full.zip Diablo Keys 2.2 - Win32 key logger has a new version... Diablo Keys is a windows keystroke logger that will log all activity in the system, including keys, windows, time and date. DK will send the logs to a predefined email address or ftp account. The New version grabs window text boxes and cached passwords, is more stable, faster and easier to use. It is now compatible with windows NT/2000 and ME. DK is not a trojan but a monitoring tool like PCAcme, although it is completely free. This requires physical access to the computer. SKLOGV1.12 stAlllOnized This is a key logger that can log all keystrokes, is case-sensitive and supports all standard keys. It has been written in VB, uses the GetAsyncKeyState API call and doesn't need any other dll or ocx file (only the standard vb6 dlls). It restarts when you start windows (modifies the registry) and can be started/stopped anytime by using key combinations. File to look for: C:/Windows/System/windowskj.log Phantom2.zip Phantom2 is the successor to Phantom, a keystroke record and playback program for MS-DOS. Works as a TSR program that resides in memory. Files to look for: Phantom2.exe Phantom.exe KeyLog25.zip KEYLOG!.EXE is a Windows 3.x/95 version 2.5 of a freeware utility that records keystrokes. It is the successor of the original KeyLog. There are newer and better features in this program. To quit the program, all you need to do is press CTRL-ALT-DEL and end the program called -KiDViD-. -KiDViD- is KeyLog's name in disguise. Files to look for: 1. KeyLog!.exe ... C:\Windows\Temp 2. KeyLog!.txt ... C:\Windows\Temp 3. KeyLog!.reg ... C:\Windows\Temp 4. Qpro200.dll ... C:\Windows\System Radmin Radmin is a remote control program that enables you to work on one or more remote computers from your own. It is a complete remote control solution with all key features such as File Transfer, NT security, Telnet and Multilanguage support included. Files to look for include - Client (Radmin.exe) - Server (r_server.exe) - Driver (raddrv.dll) (Only on WinNT) ISPYNOW iSpyNow is a commercially available product that logs messengers, window activities, websites, keystrokes, passwords, realtime captures. Files to look for include C:\Program Files\iSpyNOW\iSpyNOW.exe C:\Windows\ISNSYS.dll Top 10 Key Loggers Reported...
Note: Products that display a * next to the product name have additional information about them on this page.
Please email for any additional help you may be seeking. Note: Any additional info, that would be of value to this page, would be GREATLY APPRECIATED BY US AND OTHER USERS!
|
![]() |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() |
|
![]() |
10.05.2002 >>>