[Dshield] Re: list Digest, Vol 10, Issue 2

emmetto@mtp.gov emmetto at mtp.gov
Wed Oct 1 18:48:17 GMT 2003


In response to the regloadr.exe and the port 135 activity,  I encountered a
keystroke logger called regload.exe.   It stores all keystrokes in a file
called regload.hlp (which is a text file).

This regloadr.exe may be some variant that sends the keystrokes over the
network.   I would look for files in the %systemroot% folder, especially
recently modified files to see if keystrokes are being logged somewhere.

Emmett.






More information about the list mailing list