by Ayan Chakrabarti
Released in August 2001
KeySave Features -=-=-=-= * Logs all keys pressed by user along with key combinations. * Once installed, KeySave is completely invisible. It does not show any message while starting up. In Win 9x, it is even invisible in the <ALT+CTRL+DEL> list. * Besides keys, it also logs the caption of the foreground windows in which keys are being typed. * KeySave has a SMTP module which can be used to mail log files to a specific e-mail address every time the computer is online. * KeySave comes with a QuickInstall maker which creates standalone .exes that are able to install KeySave on a system without any user interaction. * KeySave is also very small. KBDLOG.EXE is only 27K while the QuickInstall .exes that are created are just over 50K. * KeySave is completely FREE !! Installing KeySave -=-=-=-=-=-=-=-=-= To install KeySave on a machine you must have the following two files - install.exe - kbdlog.exe Run install.exe which will ask you the following questions - - Enter filename (including .exe extension) for storing KeySave: The KeySave executable is stored in your windows directory with the filename that you type in here. For example, if your windows directory is C:\Windows and you want the KeySave executable to be stored as C:\Windows\abcd.exe then you should type in abcd.exe in response to this question. - Do you want log files to be sent by email ? <y/n> You can make KeySave send log files via email whenever the machine goes online. Type in y here to activate this feature. The following three questions are asked to you only if you have typed y here. - SMTP Host Address: - From Address: - Send Mail To: This is the info required by KeySave to send the log files via email. Please note that KeySave does not support those SMTP servers that require POP Authentication. Following this, KeySave is installed on your system and you are asked whether you want to start the keylogger. If you don't want the keylogger to run until the next reboot, type n here otherwise type y. Please note - Running kbdlog.exe directly will start the keylogger itself. However it will not be installed on your system, ie. it will not run every time you start-up. Also, log files will not be mailed automatically. Making a QuickInstaller -=-=-=-=-=-=-=-=-=-=-=- A quick installer is a stand alone exe that contains the kbdlog.exe file as well as installation options within itself and can install KeySave without any user interaction required. To make a quick installer, simple run QINST.EXE, which is present in the QINST subdirectory. Also ensure that the file QINST.MOD is in the same directory. Give the filename for the output .exe as well as the installation options which you do during normal installation. QINST.EXE will then create the QuickInstaller file. Now the file created can be taken to and run on any machine to install KeySave with the inputted options. Please note that RUNNING QINST.EXE DOES NOT BY ITSELF INSTALL KEYSAVE ON THE MACHINE. The generated exe has to be run to install KeySave. Also, the exe file created by QINST.EXE is standalone and does not require any other file to install KeySave. Uninstalling KeySave -=-=-=-=-=-=-=-=-=-= You must know what filename you entered during install for storing the KeySave exe. The KeySave exe will be stored in your windows directory under that name. 1. Remove the reference to the KeySave exe (with full path) from the [windows] section and "run" key of your WIN.INI file. 2. Reboot your machine. 3. Delete the KeySave exe from your windows directory. Also if you want to remove the logs, they are stored in a subdirectory called KBDLOG in your windows directory. Using KeySave -=-=-=-=-=-=- KeySave logs keys to a file called LOGFILE.KEY in the KBDLOG subdirectory of your windows directory. If your windows directory is C:\Windows, the full path to LOGFILE.KEY is "C:\Windows\KBDLOG\LOGFILE.KEY". The LOGFILE.KEY file is renamed to a MLQxxxx.MQU file every day and logging continues in a new LOGFILE.KEY. The xxxx represents a sequence number. If you have log file emailing enabled, the MLQxxxx.MQU files are sent by email and then deleted to prevent them from taking up too much disk space. Whether you get the MLQxxxx.MQU files via email or access them directly from your system, you need to use READDATA to view these files. READDATA has two kinds of output modes, c for console output and t for output which can be redirected to a file. eg) readdata c c:\windows\kbdlog\mlq0001.mqu readdata t c:\windows\kbdlog\mlq0001.mqu > klog.txt The first statement will display the logs in a coloured format on the screen while the second will redirect it to a file called klog.txt When showing console output, you can go to a previous screen by pressing the '<' key. Ayan Chakrabarti Server: c:\WINDOWS\xxxx.exe Size: 27.136 bytes startup: c:\windows\win.ini, [windows] "run"MegaSecurity