Windows 98 key logger

[h3z]

This is way off topic. The only reason it might even be relevant, is to support the greater trust involved in using open source software.

It was at least ten years ago. But, I recall reading a handful of websites that exposed a compressed hidden file on Windows 98. It contained every single keystroke that ever occurred on the host PC. You could only view the file using an alternative operating system like Linux or some third party program. I tested it and found it to be true. It is not all that surprising that I can't find any of those websites now. Since, Windows 98 is likely to only receive Google hits involving virtual machine configurations and what not.

Does anyone else remember this?

Does anyone remember the name of the file? It might yield as a more useful search engine keyword.

I would like to get my hands on more information about this topic.

It is noted that I should probably be asking this on a Windows forum. But, I thought it unrealistic to hope for any useful information there.

Many BSD gurus are versed in the history of many operating systems. And, I thought that this would be a not soon forgotten memory. Since, it would've been a great inspiration for investigate a BSD platform, having learned about this hidden Windows key logger.

 

[fonz]

Does anyone else remember this?

I do remember the rather embarrassing out-of-band bug that led to the hilarious WinNuke saga (and all the pranks that could be pulled with it). Your story rings a bell, but no more than that.

 

[ShelLuser]

This is way off topic. The only reason it might even be relevant, is to support the greater trust involved in using open source software.

Or just to bring up some good memories It's been ages since I messed with Windows 95 and later 98. If I recall correctly I had just purchased an IBM Aptiva during that time for the sole purpose of running OS/2. Naive as I was back then I figured that if I would get myself a real IBM computer then surely it should be no problem to get OS/2 running as optimal as possible?

Well, think again. It had no problem with Windows 98 but OS/2 just didn't work. I eventually ended up with an Compaq Presario... something with a nice 486DX4 processor. Not only did it run OS/2 very smoothly; they even provided native OS/2 drivers for it (I purchased an extra "administrator" set of drivers; that got me approximately 3 or 4 boxes of 3.5" floppy disks with all the hardware drivers I could need).

ALAS...

You're extremely off topic and now I might be saying something extremely silly; but I think you couldn't have picked a better technical forum. First we're a bunch of adults here, second; I think most of us like to tinker. And third; most of us know what we're talking about. On several Microsoft fora you'll often come across people who merely recite facts, but more than often without understanding the theory behind it themselves.

But, I recall reading a handful of websites that exposed a compressed hidden file on Windows 98. It contained every single keystroke that ever occurred on the host PC. You could only view the file using an alternative operating system like Linux or some third party program.

My company has a TechNet subscription, which isn't only very easy to gain access to an almost complete library of Microsoft software, it also provides full access to several technical documents.

I just took a quick peek and only now do I notice that both Windows 95 and 98 aren't available in the library. Which is pretty weird considering that I can still grab Windows 3.1 or 3.11. I can even get MS-DOS 6.0 or 6.22 if I want to.

Even Windows 3.2, that's new to me. Windows 3.2.144, only in simplified Chinese.

But I did come across this TechNet article regarding the Windows 98 registry. And that made me wonder if these files couldn't be user.dat or system.dat?

I know that Windows used to store a lot of sensitive information back then. Even the system swap file always contained a lot of information about recent system usage, which might also be a relevant target.

But right now I'm wondering if this couldn't be related to user.dat, even though this is a rough guess on my part.

It is noted that I should probably be asking this on a Windows forum. But, I thought it unrealistic to hope for any useful information there.

I fully agree. And well, this is a forum for off topic items

.

Hope this can help. And I'll be sure to keep this in the back of my head as well. If something pops up I'll be sure to get back to you.

 

[throAU]

This is way off topic. The only reason it might even be relevant, is to support the greater trust involved in using open source software.

It was at least ten years ago. But, I recall reading a handful of websites that exposed a compressed hidden file on Windows 98. It contained every single keystroke that ever occurred on the host PC. You could only view the file using an alternative operating system like Linux or some third party program. I tested it and found it to be true.

Any more details? I have a Windows 98 VM that I'm curious to have a poke around on

 

[SirDice]

It was at least ten years ago. But, I recall reading a handful of websites that exposed a compressed hidden file on Windows 98. It contained every single keystroke that ever occurred on the host PC. You could only view the file using an alternative operating system like Linux or some third party program.

Not without any malware.

 

[Crivens]

Not without any malware.

<trollmode=ON> The OP is asking about something in Windows 98. So yes, with malware. </trollmode>

But yes, even when Windows 98 does not tick all the boxes for malware, it will have a complete zoo once you connect it to the Internet and let it sit there for about ten seconds.

Ok ok, going back to work

 

[h3z]

Any more details? I have a Windows 98 VM that I'm curious to have a poke around on

I can't remember the location. One site supplied two tools for finding the file. One a Linux floppy disk image. The other a free tool the site author had written. The site did contain information about Windows XP. Mainly regarding the ntfs file system. Wish I could remember more. I am still hunting around, but have only turned up easter egg information. There can't be that many files, only seen externally of the operating system itself. And, it can't be that the file is unseen from the operating system whilst it is running. Or, the site(s) would have mentioned using a DOS boot disk. This was also exposed as an intended function of the Windows system. Not something resulting from a commonly contracted toy.

nice 486DX4 processor

Good times

You're extremely off topic and now I might be saying something extremely silly; but I think you couldn't have picked a better technical forum. First we're a bunch of adults here, second; I think most of us like to tinker. And third; most of us know what we're talking about. On several Microsoft fora you'll often come across people who merely recite facts, but more than often without understanding the theory behind it themselves.

In my search I did stumble upon a Microsoft tech. declaring to someone else looking for the same thing, that Gates would've have been sued if anything like that existed. And, that's actually the closest I have gotten to finding any resemblance of what is I am seeking.

I think you couldn't have picked a better technical forum

It seems to me, that the users here are a rare catch. I don't know of a perfect description for the atmosphere here. Love of knowledge does come to mind.

 

[_martin]

Hm, that's interesting. Frankly I don't remember this. But I'm curious: how would W98 Windows 98 hide those files on a FAT filesystem? NTFS has a neat way of doing that (ooh those times when pr0n movies were hidden under a few bytes on notes.txt), but FAT? Hm... you caught my attention.

But thinking that out loud - if you consider disk size at that time, that would be a pretty big log. Even if you zip it small.

 

[kpa]

It would be humongous if it contained anything else but the keystrokes, like timestamps.

 

[throAU]

<trollmode=ON> The OP is asking about something in Windows 98. So yes, with malware. </trollmode>

But yes, even when Windows 98 does not tick all the boxes for malware, it will have a complete zoo once you connect it to the Internet and let it sit there for about ten seconds.

Ok ok, going back to work

Have you tested that lately? I'm somewhat keen to give that a shot myself - Windows 98 is so old now that it may well not support many of the APIs that are currently being exploited in the wild.

It doesn't listen on any ports by default, from memory (other than ICMP?). I could be wrong on that, it's been a while.

 

[ShelLuser]

Hm, that's interesting. Frankly I don't remember this. But I'm curious: how would W98 Windows 98 hide those files on a FAT filesystem?

About the same way DOS used to hide files which had the h attribute set I think. The underlying file system doesn't really matter in these cases; it depends on how the operating system provides the information to the end user.

 

[Crivens]

Have you tested that lately? I'm somewhat keen to give that a shot myself - Windows 98 is so old now that it may well not support many of the APIs that are currently being exploited in the wild.

It doesn't listen on any ports by default, from memory (other than ICMP?). I could be wrong on that, it's been a while.

No, I did not test it. I can only extrapolate from the time it took a flatmate from connecting his computer to the LAN and then asking me why it suddenly was throwing up demands to plug in the modem so it could dial some expensive numbers. But you may well be right in assuming that most of the current malware will simply not work. Maybe it demands C# runtime support or something like that.

This reminds me of an admin I know who had the outbound firewall running on NetBSD/VAX, grinning every time when some script kiddie tried something.

 

[h3z]

I found my old Windows 98 SE disk. It was like finding something molding in the fridge. Only I was out looking for it. Somewhat dismayed by the thought of actually using it.

 

[gkontos]

http://bit.ly/15JEgIv

 

[MorgothV8]

I installed Windows 95 to give it a try. It survived - no viruses harm. But even google.com refused to go Funny Also I've installed (after a really long time) NT 3.51 - but WOW it has no Internet client at all Anyway - big fun - I'll try Windows (8, my favorite Windows: NT4.0, FreeBSD 3.X (my first Unix-like) and so on. Host = Mac Mountain Lion and Vbox newest. Guest = old systems I remember.

 

[gkontos]

It survived - no viruses harm.

That's because you are behind NAT. Try hooking one directly to the Internet.

 

[throAU]

That's because you are behind NAT. Try hooking one directly to the Internet.

There's not a lot of people firing off WinNuke any more, Windows 95 doesn't expose any network ports by default (hell, TCP/IP and file sharing isn't even installed by default).

It doesn't support Java or Javascript by default. Doesn't support Flash by default. I'm pretty sure Internet Explorer 1 doesn't support iframes, ActiveX or any of the other nasties.

I'd take the Pepsi Challenge and put money on Windows 95 RTM being much safer on today's Internet than Windows XP

Sure, if someone was to actively target you, it would be a walk in the park. But the market share is so small now that it isn't targeted.

 

[MorgothV8]

It cannot even go to google.com. The browser hangs etc and I think it is impossible to update to IE 9.X, 10.X I have no antivirus at all - it is just plain Windows 95 installed inside VirtualBox. NT 4.0 also works OK, and also cannot handle google.com properly. I have no browser in NT 3.51, and I don't know if there is any supported, but PuTTY/SSH to the host works OK.