 |
Home
Articles
Spyware Research
Support
Scan Now
Purchase
F.A.Q.
Top 25 Spyware:
Glossary Latest Detections  |
 |
Trojan/Key Logger/Fearless.20Alias: Trj/Fearless.C, Fearless KeySpy 2.0, Win32/FearlessKeySpy.20.A!Trojan, TrojanSpy.Win32.Fearless.20
Description: Variants: Fearless KeySpy 1.0, Fearless KeySpy 1.1b, Fearless KeySpy 2.0 From the publisher: FKS is a keylogger, that will upload the logs to the root folder of a ftp server you specify, when the log reaches a certain size. It will start everytime with windows. It will log *all* keys, and the window caption (between <<< chars, like ' Yahoo! Mail - Microsoft Internet Explorer <<<') they were typed in. Date and time when system starts/stops will also be logged. The logs will be uploaded with the name 'FKSlog_[time].log', like FKSlog_10-23-15.log (10 o'clock, 23 mins and 15 secs). When reading the log, '' means enter (return), '' is backspace, '' is escape, '' is the tab key, '' is the delete key. Compatible with 9*/Me/2K/XP. Configuring the server: It should be easy to set up if you ever used a trojan before; run FKS.exe. First, the server options tab: - In the 'Server Name' field, enter a new for the server after installation, something unsuspicious would be better (use your imagination). Note that if you specify a filanem that exists on the host computer(in the sys dir), it will be overwritten! - The Registry Key field: same as above, enter something 'normal' ;) The Logging Option tab: - The ftp address fileld: enter the hostanme of your ftp server, like 'ftp.myhost.com', or 'myhost.com'. You should know that... The server will connect to port 21 (default for ftp). - Ftp username: type in your username - ftp password: enter your ftp password - 'When log gets...' filed: the size of the logfile when it sould get uploaded; you have to think here a little, depending on what you're after: if you want a quick log, enter a small filesize (5-10000 bytes). If not, 500000 bytes (50KB) should be ok. Note that some ftp servers have a size limit, but that's your problem. - Logfile name fileld: enter a filename, any extension, or no extension, etc. Note that you shouldn't type system filenames, cause they will get overwritten... That's it, hit 'Build Server', and you're done. The editor will make a 'server.exe' file, in the patch where you have the editor. DON'T compress/encrypt or otherwise tamper with the server file! Now all you have to do is make your victim run 'server.exe'... Ghirai Threat type: Key Logger - A Key logger is a software application that runs in the background and records any keyboard activity. Logged information is stored in the machine and can be retrieved later by the attacker through the internet connection. Key loggers can record sensitive information such as passwords, credit card numbers, personal identification numbers, etc. Key loggers are commonly included as parts of other spyware programs. Trojan - A Trojans or Trojan Horse is any programs that installs itself secretly, quite often with sinister intent. Once installed, the trojan author (hacker) can gain complete control of the infected PC. Trojans are usually designed to steal sensitive information and/or destroy the system. Trojans can be distributed as unsolicited email attachments, or bundled with freeware and shareware programs. Advice: Remove This is a very high risk threat and should be removed immediately as to prevent harm to your computer or your privacy. Detection: SpyNoMore detects Trojan/Key Logger/Fearless.20: Yes Threat risk: High Risk  Very dangerous malware. Can log user's keyboard activity and take snapshots of the user's screen. Uses stealth installation and removal is very difficult. Category includes spyware programs, adware programs and trojans. Symptoms:
Running Process Signatures: N/A File Signatures: %WINDOWS%\system\fks2.0_server.exe Registered Dll (Dynamic Link Library) Signatures: N/A Folder Signatures: N/A Registry Signatures: N/A SpyNoMore Collected Residual File Signatures: N/A
| | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||
|
||||
 |
|
 | ||