Fearless Key Spy 1.0
(Trojan.Spy.Fearless.10)

by Ghirai

Written in Visual Basic

Released in April 2003

more versions 


Description:

FKS is a keylogger, that will upload the logs to the root folder of a ftp server you specify,
when the log reaches a certain size. It will start everytime with windows.
It will log *all* keys, and the window caption (between >>> <<< chars,
like ">>> Yahoo! Mail - Microsoft Internet Explorer <<<") they were typed in.
Date and time when system starts/stops will also be logged.
The logs will be uploaded with the name "FKSlog_[time].log", like FKSlog_10-23-15.log
(10 o'clock, 23 mins and 15 secs).
When reading the log, "<RET>" means enter (return), "<BS>" is backspace,
"<ESC>" is escape, "<TAB>" is the tab key, "<DEL>" is the delete key.
Compatible with 9*/Me/2K/XP.

Configuring the server:

It should be easy to set up if you ever used a trojan before; run FKS.exe.

First, the server options tab:
-> In the "Server Name" field, enter a new for the server after installation, 
something unsuspicious would be better (use your imagination).
Note that if you specify a filanem that exists on the host computer(in the sys dir), it will be overwritten!
-> The Registry Key field: same as above, enter something "normal" ;)

The Logging Option tab:
-> The ftp address fileld: enter the hostanme of your ftp server, like "ftp.myhost.com", 
    or "myhost.com". You should know that... The server will connect to port 21 (default for ftp).
-> Ftp username: type in your username
-> ftp password: enter your ftp password
-> "When log gets..." filed: the size of the logfile when it sould get uploaded;
 you have to think here a little, depending on what you're after: if you want a quick log,
  enter a small filesize (5-10000 bytes). If not, 500000 bytes (50KB) should be ok.
  Note that some ftp servers have a size limit, but that's your problem.
-> Logfile name fileld: enter a filename, any extension, or no extension, etc.
 Note that you shouldn't type system filenames, cause they will get overwritten...

That's it, hit "Build Server", and you're done. The editor will make a "server.exe" file, 
in the patch where you have the editor. DON'T compress/encrypt or otherwise tamper with the server file!
Now all you have to do is make your victim run "server.exe"...

Ghirai


Server:
c:\WINDOWS\SYSTEM\ouleaut32.exe 

size: 18.189 bytes 

startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ouleaut32" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "ouleaut32" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "ouleaut32" 
HKEY_CURRENT_USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run "Path" 

added:
c:\WINDOWS\SYSTEM\TheHook.dll
MegaSecurity