Just found keystroke logger (klogger.exe from Kelly Software) on my work

PC. I have quarantined it. Would like to know details, such as when, (registry?) where (looks like it reports to Documents and Setting/myname/recent/readme.txt.lnk a 1K shortcut which appears to point to E:

D is my CD drive

Would love to read that txt file.

its on the network - and NO you probably do not have rights to the file

There is nothing you can legally do about it

So just crash the computer and see what you get on the new one

Thats what I did

too.

Its kinda like a security clearance. If the network admin hasn't granted you rights to the file, no matter where the physical location you will not be allowed to see it.

Every thing is an object. Programs, files, users, are all objects

appears to point to the root of E:

The documentation on this logger says it writes logs to a *.tmp in the root of C.

The actual software resides on your computer except it is awfully hard to find. Some are vulnerable to the search function if you know what you are looking for. Then you need to corrupt only a few lines of code to disable it.

Do you have a file name from the logger prog

or a girlfriend

Net.

Or an outside source. These keyloggers can usually be sent to someone without their knowing through an email, or an email attachment. A fake .jpg can do the same.

I just found one too!!

It points to Karl.Rove@Whitehouse.gov

Just Kidding. Will Spybot S&D get rid of it?

this http://www.xblock.com/

it is the only scanner that picks up winwhatwhere and spector pro

both of which are commercial system monitors that cost hundreds of dollars

I also highly advise you to (in addition to xblock) use a registered antivirus program such as www.f-secure.com and:

use process explorer and root kit finder both of which are free at wwwsysinternals.com and excellent.

less likely planted by corporate? It is a very big Co. and doesn't use freeware

coworkers and bosses from using them (against company policy)

process explorer and another app (http://www.sysinternals.com/Utilities/Filemon.html) at sysinternals will tell you exactly what files are involved so long as the keylogger is actively running

down the alphabet like J:, R: etc. How do I figure out what E is since it's only 1 drive past my CD drive.

it should tell you what UNC path is mapped to that drive (if it is a network drive)

But is is possible you got the keylogger from a "bad" website, from an email worm, from an infected download, or even from a worm that is running somewhere on your corporate network. If this is the case then you may also have a Trojan virus in addition to the keylogger.

Also if you have ever purchased anything online with that PC I would cancel or report my credit cards stolen and get new numbers.

If you want the peace of mind that there was nothing else on your PC use xcleaner

could say I surf intermittently, something the co. knows about anyways as we all do in my dept. (online)

... before doing anything about it....

start here or Goggle it with english sites only as a return

http://www.2-spyware.com/remove-klogger.html

me to download an executable.

ksLogger

Type: Keyloggers
Severity scale: (63 / 100)
It is a relatively simple keylogger that records all user keystrokes and saves them to a file. ksLogger is created mostly for personal use and is not a real parasite. However, it is absolutely free and can be used by hackers for obvious malicious purposes. ksLogger must be manually installed. It runs on every Windows startup.

Related files: kslogger.exe, sys007s.exe, sys007dll.dll

ksLogger manual removal:
Kill processes:
kslogger.exe, sys007s.exe
Help: how to kill malicious processes

Delete registry values:
HKEY_CURRENT_USER\Software\sys007s
Help: how to remove registry entries

Unregister DLLs:
sys007dll.dll
Help: how to unregister malicious DLLs

Delete files:
kslogger.exe, sys007s.exe, sys007dll.dll
Help: how to remove harmful files

Misc:
Logs are stored in x.tmp file located in the root of the main hard disk (C:).

If you suspect corporate espionage is involved you should report this to IT & HR immediately so they can examine the system and try to determine where it came from but ONLY do this if you have nothing to hide.

headquarters in '04, the phone calls to a known and interviewed by the newspaper Bush protestor.

They are looking to do a "closet" drawdown, and are busy finding reasons to fire people. Misuse of computers has become a biggie lately.

forum. There's some pretty sharp cookies (punk intended) there.