SELaplana >> Security >> Beware of Key Logger residing on your Flash Drive

Beware of Key Logger residing on your Flash Drive

Posted by Sustines Laplana, 9 August 2007 at Category/ies: Security
4 Comments »

Last Sunday, I was forced to use the computer of one of the computer café (Iantech Cafe) here in Maasin City because Reems Cafe was closed. And I found out that the computers were installed with Key Loggers.

Well. We all know that Key Logger is a program designed to record which keys are pressed. It can be a legitimate program used by the cafe administrator as surveillance but most of the times it’s malicious one.

Checked the Flash Drive

Since all computers of that cafe including their cafe timer were installed by this, so I withdrawn from using the computer and went home to check my flash drive for possible infection. My accounts on different blogs will be compromised if I will continue using a computer installed with key loggers.

And here’s the result:

(1) Bootex.Log

I found a hidden file on the root directory of the flash drive with filename: BOOTEX.LOG. When I open the log file it contains this message: “Checking File system on E: One of your disks needs to be checked for consistency. You may cancel the disk check but it is strongly recommended that you continue. Windows will now check the disk. …

There’s no wonder why the bootex.log contains this message because normally, the bootex.log is a log file written when the scandisk run. The only question is: why is it that bootex.log is saved on my flash drive when in fact I don’t run scandisk to check the flash drive nor the Windows automatically check the flash drive for error using the scandisk command?

(2) Recycler folder

I found a hidden directory with directory name: RECYCLER. The folder “Recycler” is hidden and can be viewed when browsing it using the Windows Explorer. To view it, you must use the DOS Prompt and use the “dir /a” command.

FYI, the folder called Recycler is a windows folder which is associated to the Recycle Bin. Each of the Windows XP user has assigned folder on the Recycler folder. Once the Recycle Bin of one of the users is emptied, the folder in the Recycler which is assigned to that user will be emptied too.

Now, if you emptied all of the Recycle Bin of all the accounts in your Windows XP, but the Recycler is not being emptied, then it only means that your Windows XP is infected by any malware.

(3) INFO.EXE

Inside the folder “Recycler” INFO.EXE is saved there. This file is not a legitimate file of the Windows XP. Usually, it is used by worms, virus, or any malware in activating themselves.

Thus, this finding warns me that the Key Loggers I found on those computers are malicious Key Loggers.

(4) DESKTOP.INI

The DESKTOP.INI file is the 2nd file inside the folder “Recycler”. It contains this registry command: [.ShellClassInfo] CLSID= <645ff040-5081-101b-9f08-00aa002f954e>

How to detect these files?

Just like what I said above, these files can’t be viewed when using the Windows Explorer even if you set its option to view hidden files. You can only view it when you’re at the DOS prompt.

Here’s what to do:

  1. Click START then click RUN. And type on the dialogue box “COMMAND” and then click OK.

    Windows

  2. Then a window with black background will appear. At the command prompt (here in my computer it says: “C:Docume~1Reems6>) type E: (E: if your flash drive is assigned as drive E:. If it is assigned as drive D: then type D: on the command prompt) and then press the ENTER key. Then the command prompt will now be “E:>“.
  3. Then type “dir /a” and press the ENTER key. The content of your flash drive will now appear similar to what appeared here:

    Windows

  4. Check for the files and folder I mentioned above. If your flash drive contains those files and folder, then that flash drive is already infected by Key Logger.

Note about Key Loggers

Remember that Key Loggers will record what keys are pressed, and then the data will be send to the remote servers. In other words, your passwords might be collected by this program and then send them to someone who has access to the remote servers. Thus, your accounts might be compromised.

Similar posts:

  1. How To Remove Worm@W32.Resik From Your PC and Flash Drive
  2. How to View the Hidden Files of Worm@W32.Resik Worm?
  3. How To Delete the Hidden Files of the Resik Worm?
Automatically receive updates via email...
Enter your email address:
Tweet This
Bookmark and Share
Tweet This!

Comments

4 Responses to “Beware of Key Logger residing on your Flash Drive”

  1. jimmg says:
    November 18, 2008 at 2:42 pm

    is using keylogger legal or not?

    Reply
  2. jake says:
    November 20, 2008 at 11:12 pm

    @jimmg: I think you already know what keylogger is and or is it legal or not because your name is linked to your keylogger site.

    I think you are just spamming here.

    Reply
  3. Chad says:
    February 13, 2009 at 1:16 am

    Bootex.log is a file created by chkdsk.exe when it is run; its results are rolled into the main log after the system finished booting. If chkdsk.exe is interrupted, bootex.log can become corrupted. When chkdsk.exe runs again, it tries to write to bootex.log, which is, unfortunately, now corrupt. It doesn’t know this until after the check; so even though it was deleted by chkdsk.exe, it was written to in the mean time and is therefore still corrupt.

    You need to do a bit of research before you go claiming that it’s a keylogger. It’s people like you who make certain parts of the internet untrustworthy.

    Reply
    • SELaplana says:
      February 14, 2009 at 3:55 pm

      I know what bootex.log is and what is keylogger. when I say that the computers of that cafe were installed with keylogger its because the I checked the computers for keylogger.

Leave a Reply

CommentLuv badge
«
»

Pinay Scandal

Actually, this terms refer to the photos, videos or any stories that reveal shameful, sxeperience, and secrets of some individuals or celebrities.

What is bootex.log?

Question: What is Bootex.Log? Answer: Bootex.Log is a file created by the chkdsk.exe, a tool that check for errors on the harddrives, floppy disks or flash drives.

How to Remove Worm From Flash Drive

Question Just want to ask if you know how to remove the worm from the Flash Drive. If you know about this, please tell me how

How To Remove Worm@W32.Resik From Your PC and Flash Drive

My USB Flash drive is infected by Worm@W32.Resik. That's definitely sure because of these reasons: When I checked my USB Flash drive, it already contains a

Are You an IM User? Beware of An Spyware Spying You!

Did you know that lot of spywares nowadays have the ability to record IM conversation, email information and even the users web surfing info? One of

How To Delete the Hidden Files of the Resik Worm?

This is actually part of my post on how to remove the Worm@W32.Resik worm from your PC or Flash Drive. Our visitor who send us

How to View the Hidden Files of Worm@W32.Resik Worm?

I receive an email from a co-ERAIANs (Students of the New Era University) asking me how to view the hidden files of the worms. I read

Make PhP10,000 Online By Making Proudly Pinoy Logo

As the Filipinos celebrate the Philippine Independence, the "Proudly Pinoy" Logo Design competition has been also launched. All designers residing in the Philippine can participate

Apple MacBook Air for Philippine Users

Macuha recently asked if Apple Macbook Air is already available in the Philippines. Jehzlau on his blog answered Macuha that Apple Macbook Air is not

Avoiding Invalid Clicks on Adsense

Google Adsense Team posted today at the Google Adsense official blog a post that tells us a very important tip on how to avoid invalid

Is Your Daughter a Hyper-texter?

After reading the title of this post, you might tell me: So what if my daughter is hyper-texter texting hundreds of text messages to someone

Naruto Anime Episode 186

Watch the Naruto Anime Episode 186 here. You don't have to download anything manually. Just wait for seconds and this episode will be viewed online.

Hey DAVE! What’s DAVE?

I remember my previous boardmate who once told me that passing the Electrical Engineer Licensure Examination is not by intelligence but by wiseness. And that

Nonito Donaire versus Wilfredo Vazquez Boxing Bout Result: The Filipino Flash Wins

New WBO Super Bantamweight, Nonito “The Filipino Flash” Donaire Nonito Donaire wins over Wilfredo Vazquez in a 12-round split decision and getting his new world title, WBO

“Here You Have” Email Virus

I am sure your familiar with the "I Love You" virus because the alleged authors of it were Filipinos and both drop-out of AMA computer

Learn More About Google Adsense New Interface

Google prepared this series of videos about the new interface of Google Adsense. Watch the videos, learn and earn more money from Adsense. Google Adsense New

www.sss.gov.ph static information

sss gov.ph SSS Online Inquiry

Bookmark and Share

Search the Site

Recent Posts

Updates


    Categories
      Recent Entries
      Making Money Online
      Board Examination Results
      Naruto Related
      Anime Episodes Guide
      Our Products
      My Other Posts
      User
      Tag Cloud
      Search Lyrics by Artists: 0-9 - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z