Overview |
Vendor Notes: |
from the doc: 'The program "Dks v.1.3.1" is intended for tracking of pressing all keys in a system and management of the log-file with an obtained information. The program can work on systems MS Windows 9x/ME/NT/2000/XP. FreeWare. "AS IS". Before installation it is necessary closely to read and to accept all conditions of the licensing Agreement ("license.txt"). START OF THE PROGRAM: 1) Rewrites itself in the system catalogue MS Windows with name "Systemks.exe": Win-9x/ME - C:\WINDOWS\SYSTEM\systemks.exe Win-NT/2000 - C:\WINNT\SYSTEM32\systemks.exe; Win-XP - C:\WINXP\SYSTEM32\systemks.exe; ( hereinafter < WinSysDir >). 3) Creates 2 additional DLL "systemks.dll" (processing of pressed keys) and " sysadks.dll " (for auto start). 2) writes in the register parameters of load "system" dll "sysadks.dll", which on its start, starts "systemks.exe". ATTENTION! If a system WinNT/2000/XP and user is not the administrator, the keys of auto start in the register will not be created. DELETING OF THE PROGRAM: ATTENTION!!! On attempt of deleting of the program, it will be started again. It is possible to delete the program ONLY with the help of special deleting program "Deldks13.exe" in the catalogue DELDKS13 of the distribution kit. The deleting of the program with the help of TaskManager for NT/2000/XP - is forbidden. Deleting of the program on 9x/ME by the normal manager of processes (on "Alt"+"Ctrl"+"Del" the program is latent) - restart. WORK OF THE PROGRAM: During work of the of the program occurs braking of the buffer of accumulation of an information about the pressed keys on lines, length about 100 numerals, and dumping in the file "\kslog.dat" after reaching a size of the buffer 1000 numerals or unloading DLL (the attribute of the file system, from an explorer is not seen).' |
Alias: |
KeyLog-Dks trojan, TrojanSpy.Win32.DKS.14 |
Category: |
Key Logger: (Keystroke Logger). A program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack. For example, a key logger will reveal the contents of all e-mail composed by the user. Keylog programs are commonly included in rootkits and RATs (remote administration trojans).
|
Variants: |
DKS KeySpy 1.3.1DKS KeySpy 1.4 |
Similar Pests: |
Key Logger |
Origins |
EMail: |
support@danil.dp.ua |
URL: |
http://www.danil.dp.ua |
Date of Origin: |
Variants from January, 2003 to September, 2003 |
Operation |
Storage Required: |
DKS KeySpy 1.3.1: at least 49 KBDKS KeySpy 1.4: at least 53 KB |
Risks |
Detection Issues: |
Difficult to detect by design. May hide from process list. May install with variable names in variable locations. |
Detection and Removal |
Automatic Removal: |
 PestPatrol detects this.
PestPatrol removes this.
|
Manual Removal: |
Follow these steps to remove DKS KeySpy from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake. |
|
Stop Running Processes:
Kill these running processes with Task Manager:
|
|
Remove Files:
Remove these files (if present) with Windows Explorer:
|
Research |
File Analyses: |
|
More Info: |
AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo! |
Research By: |
PestPatrol's Pest Research Center |
Last Revised: |
March 04, 2005 |