[Dshield] Re: list Digest, Vol 10, Issue 2
emmetto at mtp.gov
Wed Oct 1 18:48:17 GMT 2003
In response to the regloadr.exe and the port 135 activity, I encountered a
keystroke logger called regload.exe. It stores all keystrokes in a file
called regload.hlp (which is a text file).
This regloadr.exe may be some variant that sends the keystrokes over the
network. I would look for files in the %systemroot% folder, especially
recently modified files to see if keystrokes are being logged somewhere.
More information about the list