Updated: February 13, 2007 11:38:20 AM
Type: Spyware
Version: 1.22
Publisher: Mikko Technology
Risk Impact: High
File Names:
cd.bin
install.exe
keykey._ex
keykey._nt
keykey._sy
kkdrv._dl
kkmon._ex
Loadkk._ex
LoadWin
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Spyware.KeyKey can do the following:
- Log keystrokes
- Take screenshots
- Log transferring via email
When Spyware.KeyKey is installed, the following actions are performed:
- Displays the license agreement.
- Allows the installation to be selected. The default installation folder is %ProgramFiles%\KEYKEY.
Note: %ProgramFiles% is a variable that refers to the path to the program files folder. By default, this is C:\Program Files.
- Allows the option to:
- Create a shortcut icon on the desktop
- Install the keystroke recorder module
- Install the screen logger module
- Creates the following folders and files:
- %ProgramFiles%\KEYKEY\log\: Log files are located in this directory.
- %ProgramFiles%\KEYKEY\slman.exe: Screen log manager, detected as Spyware.KeyKey.
- %ProgramFiles%\KEYKEY\slview.exe: Screen log viewer, detected as Spyware.KeyKey.
- %ProgramFiles%\KEYKEY\uninst.exe: Uninstaller.
- %System%\sldrv.dll: Used for screen logging, detected as Spyware.KeyKey.
- %System%\zlib.dll: Compressor/Decompressor.
- %System%\loadwin.exe: Screen logger, detected as Spyware.KeyKey.
- C:\Documents and Settings\Administrator\Desktop\Screen Logger Manager.lnk: Desktop Link.
- C:\Documents and Settings\Administrator\Desktop\Screen Logger Viewer.lnk: Desktop Link.
- C:\Documents and Settings\Administrator\Desktop\keykey.lnk
- C:\Documents and Settings\All Users\Start Menu\Programs\KeyKey Professional\Screen Logger Manager.lnk: Start menu link.
- C:\Documents and Settings\All Users\Start Menu\Programs\KeyKey Professional\Screen Logger Viewer.lnk: Start menu link.
- C:\Documents and Settings\All Users\Start Menu\Programs\KeyKey Professional\Uninstall KeyKey Professional.lnk: Start menu link.
- C:\Documents and Settings\All Users\Start Menu\Programs\KeyKey Professional\keykey.lnk
- %ProgramFiles%\KEYKEY\keykey.exe: Keystroke log converter, detected as Spyware.KeyKey.
- %ProgramFiles%\KEYKEY\kkmon.exe: Keystroke log manager/viewer, detected as Spyware.KeyKey.
- %ProgramFiles%\KEYKEY\read_me.txt: Documentation.
- %ProgramFiles%\KEYKEY\order.txt: Ordering information.
- %ProgramFiles%\KEYKEY\cd.bin
- %System%\drivers\keykey.sys: Spyware uses this driver. Detected as Spyware.KeyKey.
- %System%\kkdrv.dll: Used for keystroke logging, detected as Spyware.KeyKey.
- %System%\loadkk.exe: Keystroke logger, detected as Spyware.KeyKey.
- %ProgramFiles%\KEYKEY\reg_kk.reg
- C:\Documents and Settings\Administrator\Desktop\KeyKey.lnk: Desktop Link.
- C:\Documents and Settings\All Users\Start Menu\Programs\KeyKey Professional\KeyKey.lnk: Start menu link.
Note: %System% is a variable. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
- Adds these values:
"SL Loader" = "loadwin.exe"
"KK Loader" = "%System%\loadkk.exe"
to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
so that both the screen logging and the keystroke logging components of the spyware run when you start Windows.
- Adds the subkey:
ScreenLogger
to the registry key:
HKEY_LOCAL_MACHINE\Software
and then adds the following values to that subkey:
"MonitorPath" = "%ProgramFiles%\KEYKEY\slman.exe"
"ApplicationPath" = "%ProgramFiles%\KEYKEY\"
"LogFileDir" = "%ProgramFiles%\KEYKEY\log"
"RegName" = ""
"RegCompany" = ""
"RegNo" = ""
"Version" = "e8 03 00 00"
"bActive" = "0x1"
"bRecordOnKeystroke" = "0x0"
"bRecordOnMouseEvent" = "0x0"
"bRecordOnTimeInterval" = "0x1"
"ColorCode" = "0x3"
"CompressionCode" = "0x1"
"LogFileDays" = "0x1E"
"LogFileSize" = "0x0"
"nRecordOnMouseEventScreen" = "0x3"
"nRecordOnMouseEventScreenSurround" = "0x7"
"nRecordOnMouseEventScreenOption" = "0x1"
"nRecordMouseEventScreenOptionMM" = "0x0"
"nRecordMouseEventScreenOptionMC" = "0x1"
"nRecordMouseEventScreenOptionTI" = "0x384"
"nRecordOnKeystrokeScreen" = "0x3"
"nRecordOnKeystrokeScreenSurround" = "0x7"
"nRecordOnKeystrokeScreenOption" = "0x3"
"nRecordOnKeystrokeScreenOptionNKS" = "0x64"
"nRecordOnKeystrokeScreenOptionNTI" = "0x258"
"nRecordOnTimeIntervalScreen" = "0x3"
"nRecordOnTimeIntervalScreenSurround" = "0x7"
"nRecordOnTimeIntervalScreenSurroundK" = "0x1"
"nRecordOnTimeIntervalScreenSurroundM" = "0x1"
"nRecordOnTimeIntervalValue" = "0xF"
"nRecordOnTimeIntervalUnit" = "0x2"
- Adds the subkey:
KeyKey
to the registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
and then adds the following values to that subkey:
"ErrorControl" = "0x1"
"Start" = "0x2"
"Type" = "0x1"
"Group" = "Keyboard Class"
- Adds the subkey:
Parameters
to the registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\KeyKey
and then adds the following values to that subkey:
"LogFileName" = "%ProgramFiles%\KEYKEY\log\keykey.scn"
"OldLogFileName" = "%ProgramFiles%\KEYKEY\log\keykey.old"
"LogCountName" = "%ProgramFiles%\KEYKEY\log\keykey.cnt"
"LogDirFile" = "%ProgramFiles%\KEYKEY\log\kklog.txt"
"ReportPath" = "%ProgramFiles%\KEYKEY\keykey.exe"
"MonitorPath" = "%ProgramFiles%\KEYKEY\kkmon.exe"
"AppDir" = "%ProgramFiles%\KEYKEY\"
"LogDir" = "%ProgramFiles%\KEYKEY\log\"
"RegName" = ""
"RegCompany" = ""
"RegNo" = "20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20"
"nSessions" = "0x3E8"
"Version" = "0x898"
"nMaxLogFileSizeLow" = "0x96000"
"nMaxLogFileSizeHigh" = "0x0"
"bRecordShift" = "0x1"
"bActive" = "0x1"
"nBufferSize" = "0x0"
"bRecordTime" = "0x1"
"bRecordProcess" = "0x1"
"bRecordCaption" = "0x1"
"bEnableHotKey" = "0x0"
"HotKey" = "0x804C"
"bAutoFlush" = "0x0"
"FlushTime" = "0x384"
"bRecordTimeStamp" = "0x0"
"TimeStampTime" = "0x384"
"bDeleteReportFileOnExit" = "0x1"
"bSendCurrentLogFile" = "0x1"
"bSendOldLogFile" = "0x1"
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
