Keep in mind that KeySpy should be used only by adults to control the activity of their dependent children. Keyspy should not be to use to control the activity of other adult people or their computers without their clearly expressed authorization and their permission EXCEPT if KeySpy is employed to control criminals OR the activities of employees. The following FAQ gives you sufficient information to take the complete control of a remote PC.
Last update: june 12, 2003.
WARNING: Come to this page often to check the contents of the FAQ because it is frequently updated. An email will be sent to the mailing-list each time the FAQ is updated. This file contains the entire FAQ, and you can make a search of the key words using your browser's FIND function. If you find errors in this translation or parts that you cannot understand, the author will appreciate your informing him.
This FAQ, together with the KeySpy program help panels that pop up on the side of your screen when you open KeySpy, constitutes all information available and should be sufficient for you to use Keyspy. Please do not email the author with requests for help unless there is a problem with your registration or you are reporting a serious program bug. Before sending an email to the author, read both the program context-sensitve help and this FAQ carefully.
To understand and use this FAQ well, you should remember that when one speaks about KeySpy, the following terms will be used:
Keyspy:
This is the installation program. It is downloadable from the Download link (SETUP.EXE). Once downloaded, double click on this program to see and use the installation screen. The version of SETUP.EXE in progress is always posted on the main page (420 KB in size) Its icon on your Explorer tree is a spider. The program allows you to create spies, to parameterize them, to modify them and to make them carry out tasks. It also makes it possible to decode keystroke recordings and to memorize spy profiles.
Spy:
This is the program spy created by the installation program (file size approximately 82/83 KB). Unless you change its name, it will be called setup.exe. Its role is to record keystrokes, to save them on the hard disk, and if you wish, to send them to you by email. It can also carry out tasks you request with Keyspy. Keep in mind that there is a difference between the installation program and the spy program itself. The installation program is the program which creates and launches the spy. The spy is invisible and will not show any activity on the machine where it runs -- in windows, icons, nowhere. Thus, it is normal that when you click on this file, nothing visible happens, even though clicking on it actually installs and starts it. If the spy is already installed and running, you must use the installation program (Keyspy) to apply the changes. You must record your changes with this program and then click on its INSTALL button to make changes in your spy program.
For the majority of the explanations that follow,
it is assumed that your Keyspy program is already launched.
This FAQ is divided into 7 sections:
The What is... Definition of the terms used.
The What happens if...Answers to the questions that
may arise.
The Why...Resolution of certain problems.
The Where to find...Help with program functions.
The ?...Answers to various questions.
The How to make...point by point help on using this
program.
The Do you know...is the section where you can learn
how to use more of this program's features.
Keyboard logger
Keyboard logger (keyboard recorder) - A software that records the keys
typed with the keyboard on a computer.
Remote controller
Orders can be sent to a spy already running on a remote PC
KeySpy (ks can be use sometimes as an abreviation)
Keyspy (ks is sometimes used as an abbreviation for "Keyspy") - A software
that can record keystrokes on a remote PC in an invisible mode.
Windows Registry
Base data of Windows operating systems with screens containing information
relating to the computer and its configuration. This common file contains
all significant information about the software installed on a computer --
configuration, installation date, password, program parameters, file locations,
etc.
ISP
Internet Service Provider, supplier of your dialup/DSL/Cable connection
to the internet.
Profile
Contains the options you've chosen when you created and installed a spy
(click here for more information), click here for more
information.
Task
An order with or without parameters to be carried out by Keyspy on a PC
whether the spy engine is local or remote.
Smtp
Simple Mail Transfer Protocol. This protocol manages the sending of emails
between correspondents. It is also used for sending emails from the spy
engine to you. For this reason, you must specify an smtp server (provided
by your ISP) in the configuration of the EMAIL panel in your software. This
protocol is reserved for sending emails.
Http
Hyper Text Transfer Protocol, this is the protocol used to transport HTML
pages over the internet. HTML pages are accessed by URL (by giving your
browser an address of this format: http://domain-name.domain-extension/pathway-to-page).
When When you surf the web with your web browser, you are using this protocol.
Keyspy can use this protocol, too, to email between your home PC and a remote
spy, to send and receive tasks, to update your remote spy, etc.
Proxy server
Two roles for proxy servers.
1. Proxy cache - A cache proxy can let you surf the web more quickly. Let us suppose that your browser is configured with the proxy server suppied by your ISP When you ask for an internet page, your browser first questions this proxy server. If the proxy server has cached your requested page (stored it on the local disk), the proxy server sends you the page, which is right there on the server, so the page loads faster than it would if the server had to bring it to you from its point of origin (anywhere in the world). The majority of the cache proxy servers have an automated management able to purge and update cached web documents.
2. Firewall - A firewall provides a "wall" between your computer and the rest of the internet. Why? Simply to decrease your risks when connected to the internet. (Simple example - when you click on a webpage link, your browser requests the page from the server. In order for the server to send you the page you requested, the server must know your web address. The server and you communicate using the TCP/IP protocol -- it is the standard protocol for using the web. Because everyone uses it, a third party could recover your IP address. In order to prevent third parties from accessing your computer this way, the firewall checks the appropriateness of your request, then, determines that it must open a port (usually port 80 for web pages) through which it can deliver your requested page to you. If your computer belongs to a protected local area network and you want to surf the Internet, you must configure the proxy-firewall to allow requests for your computer for web pages. The firewall concentrates all web page requests on a specific port and then redistributes the requested pages to the appropriate computers on the LAN (local area network).
Keyspy can use a proxy-server for sending emails AND for checking tasks on standby. The program's proxy mode can be used only with HTTP protocol, NOT with SMTP protocol.
What happens if a file or a directory is removed by using Keyspy's Task screen -- is it possible to recover either from the Windows trash basket?
No, trash basket recovery is not possible because all Keyspy file/directory
functions are low level like DOS.
What happens if the SMTP server fails to deliver email?
If you are registered to send mail with KeySpy's HTTP method, you can program your spy to use this method. To do this, on the Keyspy MAIL screen, in the SMTP configuration section, you must check the box "If SMTP fails to send an email, use HTTP server."
CAUTION: If you have not registered to use Keyspy's HTTP mode, Keyspy servers
will refuse your program's HTTP request, and your remote Spy engine will
be destroyed.
What happens if I created 2 or more Spies with same Email address and the same Computer Name?
That's simple. Just create the Task: Set Name for one of the similarly-named computers and give it a new name.
For example, you have two spies installed with the same computer name. Follow the instructions above to change one of your spies' computer names, and the first of your two spies to detect the task will change its name. Thus you will have two spies with different computer names -- the first, which will have been modified, and the second ,which will retain its original name. If you have more than two spies with the same computer name, repeat this operation as many times as necessary to end up with a different computer name for each installed spy engine.
Why can't my Keyspy be connected to its remote spy engine servers?
Sometimes, some parameter settings other than those defined by default in Keyspy must be modified. Ports defined by default (80 for the proxy and outgoing port smtp 25) can be incorrect according to the your computer's configuration). Try out the following checks: (depending on which version of Windows your computer is running, the checks which follow can be different)
For Microsoft Exchange Server:
Why do I have to decode a file downloaded the file downloaded my
email?
Some programs used for the reading of the emails are not able to decode
a file coded on 7 bits. Receiving one of these can happen if you receive
a file in your mailbox when a request for the task "Copy Spied PC file to
your email,. In this case, follow the instructions included in the email itself.
The button Decode File is on the TOOLS screen of Keyspy.
Why do I get Bad version email message when I try to send a Task to the spy engine?
Keyspy has a protection against using versions of the installation program
and the spy that don't match. For example, if you have a Spy created by version
7.10 and you try to use Keyspy in version 7.21 to send a task to this engine,
then this message appears in your mailbox. You must use the same version
of Keyspy installation program and spy engine. In addition the Spies are
directly updated by the spy engine servers themselves. For each update, an
email is sent to you by your spy itself.
Why keys are not readables by french keyboard while in Non-Encrypt mode?
KeySpy does not record characters. It uses a dynamic peripheral manager
at the material level, and thus the recorded keys come from the physical
place of the keyboard. It doesn't matter what type of keyboard the spied pc
uses because the decryptor will decrypt the keys upon the selected language
by matching the key number to a character. So, the engine logs the keys and
the setup program display the keys. When you turned off the option: Encryption,
you also select US language as the default chars in the engine itself. This
means that the engine cannot support many language in order to keep it small,
therefore, the US language has been choosen as the default when the option
Encryption is off.
Why Task get readed but don`t execute (no email report)?
KeySpy is protected by password, i.e., you cannot remotely send a task to a spy while knowing its email address and computer name. You must know the password. Maybe you typed it incorrectly or you test-configured a spy that does not belong to you.
Where is the log file?
If you are in mode "Save recorded session to Disk," the file is in the c:\windows\system\ with the filename that you specified during the spy engine's creation . On the OPTIONS screen, the default log name is keyspy.log. There must be enough keys recorded to write into the file on the disk, otherwise the file does not exist.
If you are in the mode "Send Recorded Session to your email," your log
file created by Keyspy is completely invisible to avoid being discovered
by some software-monitoring activity by the host system. The log file does
not exist on the hard disk while the spy engine is running or unless Windows
is shut down. In this case (shutdown of Windows), your log file exists in
the Windows directory (as a result of using the option Save session At shutdown/reload).
At start up, if you do not activate this option, no saving of what was not
sent yet in your email report to disk will be carried out at any time. At
the next startup of Windows, the program will put the file in memory and
will remove it from the hard disk. If the file reached the size defined during
the spy's creation by Keyspy, as soon as the spy detects the machine's new
internet connection, it will try to send the report file to you by email.
Where is the profile file?
In the same directory where you copied Keyspy.The filename is keyspy.dat.
Do I have to still pay to use KeySpy if I have already bought it at a fixed price in the past?
No, but that depends .... read what follows. KeySpy uses 3 methods of operation.
1) Method HTTP: reports/ratios are sent to you at your email address and reduces your number of credits. This method allows you to use KeySpy in an infinite number as long as you have credits on the servers, does not matter the program version, but if you have no more credits, then you must buy more of them.
2) Method smtp. The method has no limits and requires only a one time payment.Is the hidden file will grow indefinitely?
That depends on the options you selected. If you chose Save recorded session
one Disk, the size of the file will increase up to 75 KB. When this size
is reached, Keyspy will create a new file by adding a number to its name.
If you chose Send Recorded Session to your email, the file cannot exceed
the maximum size of 64 KB. After that, Keyspy cannot record anything else
until it has sent you an email report. As soon as that is done, your remote
spy engine begins to record keystrokes again.
By using HTTP protocol and the Keyspy servers to carry out the tasks mentioned below, there is a cost in credits, which are calculated as follows:
.Copy spied PC file to your email (you copy a file from the remote
computer to your email).
.Copy local file to spied PC (you copied a file on your computer
to the remote computer).
The cost is calculated according to the size of the file at a rate of 1
credit per 10 KB. For example, for a file 500 KB in size, that will cost you
50 email credits. The cost will be shared between the servers. If there are
3 servers, the cost will be 16 credits by the server (round-off with nearest
whole, minimum being 1 credit).
How can I understand a task report?
A task report is always sent to your email box once the task is carried out. (For the majority of the tasks --some tasks cannot send a report). A report is generally presented as follows:
In the subject successively: KeySpy version number, Computer Name, Task Report
In the body of email: The found values or the result of the executed task,
with or without error. If there is an error in the execution of the task,
you will see in the email, for example, Name of the task, follow-up of Task
Error. The majority of the errors are typing errors in the parameter lines
(from when you wrote the parameters for the task) or from writing an erroneous
parameter such as a filename that does not exist. If at the end of a task
report, you see three dots in a row, that means that there was not enough
memory available to continue the report, so the remainder of the report
has been cut from the message.
Is there a difference among the 3 buttons for sending Tasks?
In your Keyspy, on the Send Task screen, you can see 3 send-task buttons. Each one has a different function:
Send Directly Task & see result in notepad Button: This button must use your local PC, and it goes without saying that you must have installed a Spy on your PC. With the help of this button, you can test your tasks and display the result directly on the Windows Notepad. This method is the best means of checking the validity of your parameters for certain tasks and also a way to learn about the significance of task reports.
Send Task directly Button: Used in the same way as above, but instead of reading the result from the Windows Notepad, you receive the task report in your mailbox. This method closely mimics reality but does not use Keyspy servers. This task order method is very fast, is carried out immediately and does not cost you credits.
Send Remotely Task Button: It is used to send a task order to a remote PC via the Keyspy servers. The task order remains on the ks server until the remote spy engine reads it on the server and then executes the order. However, the maximum time a task order can stay on the server is fixed at 1 month. The task order will be then removed in order not to burden the servers.
These 2 buttons (Send Direct Task) can be used to install right away some
permanent Task to be executed by the engine. Like Close program upon a schedule
or Close window. This way, you don`t need to wait for the Task to be taken
since you sent it directly. It makes things go quickly.
The feature static/dynamic log text and the recording of keys together are very clever!
The method used to record the text static/dynamic text and for recording keystrokes is very intelligent. Your spy engine remembers the text/keystrokes after Recording it only once. Then, when it sees the same static text/keystrokes again, it will not record that again, even if its memory is cleared by sending an email report.
This trace will be memorized because your spy engine preserves the last 500 captured static messages at the end of a Windows session (that is to say, without rebooting the PC).
Here's an example that perhaps explains this more clearly:
If you type 1234 in a password box leave the sight after validating it,
your Spy will capture this static text (1234) and when your spy engine sees
this same static text during the same session of Windows, this text will
not be recorded again because it has already been recorded. Why record again
what you have already. I must add that Microsoft added something which prevents
in certain cases the static capture of text -- even their own software cannot
record some of their static texts. Therefore Keyspy inevitably cannot do
it either.
How long does it take for a task to be read by my spy engine?
That depends upon how the spy engine is configured. What follows assumes that there is a permanent connection. In each case, the spy engine will check each server to see if there is a task on standby at program startup.
The next checking depends on this: If you use an smtp server, the spy will
check at every 6 hours. If you do not use an smtp server, the spy will check
every hour. If you use a modem or you have checked the option "Detect it
for me," then even if time has passed, the checking is on standby in keyspy,
and as soon as there is a connection, Keyspy will check for tasks immediately.
How to uninstall everything (setup & engine)?
How to try it as a Demo version?
Every Mondays, the http and smtp modes are free.
Use it as you wish. Do not check the local disc. When you click on the
Install button, you will be informed that you are in the Demonstration mode.
There are limitations in this mode.
How to get rid of the spider icon?
Why? This icon does not mean that you are spying. The icon is attached
to the Keyspy installation program. The spy engine that records keystrokes,
etc., whether remote or local, is invisible and has no icon. When you close
the installation program, the spider icon disappears. The installation program
does no more than send tasks to the spy engine and decode spy engine emails.
How to get rid of the popup Help window at the start?
In Start, Run on your Windows desktop -- both upper or lower case letters will do -- type the following order to launch the program:
Setup nohelp
How to record captured keystrokes in an hidden file only?
How do I save recorded keystrokes and send them to myself by email?
How do I decrypt the data received in the email?
If you do not have these characters - ~part~: 1/2... at the beginning of the message body of your email, then:
Do the same thing as upper except that select the email from the ~part~ word including this word, then the Decryptor will ask you if you wish to continue with the next part, click on Yes to continue or click on No to decrypt now (in case some part are missing!). If you click Yes, then repeat the same procedure with the next email that contains the next part. Do that until the last part.
Each part are usually up to 6k. So it is possible to receive up to 11 parts
giving up the maximum possible (64k).
How do I order the remote spy engine to carry out a task?
How do I check if my Task was sent to the servers?
If your Spy has not yet read its task order:
How do I remove a task which was sent, but has not yet been carried
out?
If your spy engine has not already carried out the task you sent:
How do I change my remote Spy's parameters?
Be certain that you have the remote spy engine's email address, password and Computer Name. Launch your Keyspy program, being sure to use exactly the same version you used to create the remote spy engine. For example if you created a spy engine on the target computer in version 7.21, you MUST use the Keyspy program in version 7.21.
How do I temporarily stop keystroke logs from being sent to me by
email?
Principle used: With the help of the task "Windows Title to Record: Add"
If you define that keystroke characters should not recorded except inside a specific window, the name of which doesn't really exist (use a combination of letters and numbers completely improbable for the window titles), your spy engine will wait until this window appears to start recording. Because this window title is really improbable, nothing will be recorded and nothing will be sent to you. When you want to record again normally, you will have to remove this task.
Technique:
How to get the smtp server from spied computer with KeySpy?
Why do that? Read what follows and you will discover the many advantages to you in doing just that.
With smtp, you do not have any limit in the number of emails that you can receive, that number is not calculated on the ks servers! With smtp, you can download any file of any size, the only limit would be limits imposed by your ISP. There is no calculation of email credits, sending of the results is much faster and more direct (no intermediary like the ks server).
You can obtain the smtp server address of the spy engine machine by using the task Registry Get. (Before doing this, you should familiarize yourself with Windows registry system. You can search on the internet to learn about this system program (regedit.exe) and its features, which will help you learn how to use its functions and also learn about some dangers involved in using it.
NO course will be given about this, and questions about it will not be answer on the mailing-list. Here is an example on this subject. I assume by going to the Help screen and clicking on the button Show Help Context. Then view the Task screen. Select the task "Registry Add," and click above this to view contextual help in connection with this task. You can resize the help window for easier reading. Recall the codes listed in the help screen:
m = HKEY_LOCAL_MACHINE
r = HKEY_CLASSES_ROOT
c = HKEY_CURRENT_USER
u = HKEY_USERS
In the regedit program screen, you can distinguish 4 kinds of keys. Now, click twice on the task Registry Get to select it. For this task, the second parameter is not necessary in our examples, it is just an option, and , you will can use it or not, according to results that you want to obtain. Let us test in the first parameter field the following value:
c:Software
Now you must see in the memo pad, a list of keys and values, the first must be: < Microsoft > Once that you obtained some interesting keys, you can continue to venture more deeply. Launch the same task with the following parameter:
c:software\microsoft
Thus, continuously you will be able to search for the key that will give you the name of the remote smtp server, for example, on mine I can see it by reading the following key:
c:Software\microsoft\InternetEstimatesManager\accounts
Account Name: pop.someisp.com
Standard Connection:x00000003
POP3 Server: pop.someisp.com
POP3 User Name: software
POP3 Password2: X..... (it is hidden here, but there are binary numbers)
POP3 Prompt for Password: x00000000
Smtp Server: smtp.someisp.com
Smtp Name Display: Marc Leblanc
Smtp Email address: software@someisp.com
POP3 Account Skip: x00000000
Smtp Signature: 00000001
POP3 Port: x0000006e
You thus can see the results that you can obtain easily. You can even obtain the smtp icq server addres if it is installed! Another example use of regedit.exe in a task is below:
c:Software\mirabilis\icq\owners
So you can obtain the remote machine's ICQ number:
c:Software\mirabilis\icq\owners\123456
and one of the values which you obtain is:
< Prefs >
Default file Dir: F:\Program Files\ICQ\Received Files
Smtp Address: smtp.someisp.com
And that's how you can obtain a computer's smtp server address. Of course you must look for yourself, because all computers will not show the same results as in these examples, but with time and patience, you will be able to get that quickly. The task "Registry Get" can be very precise in its search, it is up to you to decide how you use it, and it really has no limits. Be careful when using Add/Modify/Del in conjunction with the registry task because this command can be very destructive -- try to test all other features before sending this task to the remote computer housing your spy engine.
Do you know that you can change the KeySpy file name remotely?
Use the File Move Task by passing as parameters your actual KeySpy`s engine
filename and the new filename. KeySpy will detect that you want to rename
its own file, it will create itself by using your new filename, then execute
it, the new filename will then discover the old one and delete it. If the
new filename already exist, it will be overwritten even if it is not another
KeySpy`s engine.
Do you know that you can execute Dos commands remotely?
An example is provided in the context help while you are highlighting the
File Execute Task.
Do you know that you can install more than one KeySpy`s engine on different computer with the same email?
You just have to change the Computer Name field to avoid confusion in your
received emails (the subject of any KeySpy email contains always: KeySpy
version number <your Computer Name> message type). So, it will be
easier to know from which KeySpy the email come from. Also, when you add
a Task, you will be sure that it will be for one KeySpy.
Do you know that you can save the Options & Setup of every spy`s engine that you produce?
With the profile management!
This will allows you to reload a spy`s engine setup & options without typing a key!
This can ease up thing when times come to send a task to one of you spy`s engine as well as when sending a task, you can select from a list of your saved profiles which one you want to send the task, just click on the down arrow right to Mail To: field in Send Task tab.
Same trick for List Task.
You can also reload a setup & options to make a change, then send the change remotely with Set Options & Setup task. Just go under the Profile Tab, select anyone and click twice.
To save a profile, once a setup & options have been set, just go in the Profile tab then click on Add (Modify existing) current profile.
Profile management is NOT a remote management of all your installed spy`s
engines.
Do you know that you can record only certain windows specific to precise hours?
For example, you can request from your spy engine to record only events
of Netscape (strokes on the keyboard and the static text) on Monday through
Friday between 9:00 and 12:00 or between 19h00 and 23h00. Outside of these
days and hours, nothing will be recorded. Check the task Windows to Record
Add.
Do you know that you can close specific windows or programs to precise hours?
For example, you do not want your child to use such programs after 20:00 each day. Create the task "Process to Close Add."
You do not want your child to ever use Netscape for surfing on sites reserved
for adults. Create the task "Windows title to Close Add." and specify keywords
such as sex, adult, porno, etc...
Do you know that you can make your spy`s engine runs any program upon a schedule?
For example, you want a program to be executed at least once per hour only on saturday and sunday! Check Process to Run task.
Do you know that you can prevent the openings of regedit.exe (registry navigator)?
The other day, someone ask me how he could prevent someone from removing ks since the person knews all the time where it was!
Probably because the person was looking in the registry! A way to prevent the look in the registry is to add the Process to close!
Select: Add Process to Close task
Select all the time
Enter regedit.exe as first parameter
Send the task
Now everytime someone execute regedit, ks will close it immediatly!
To remove it:
Select: Del Process to close task
Enter regedit.exe as first parameter
Send the task
A person can nevertheless rename regedit.exe to something else -- intelligent person. But keyspy is more intelligent. Instead of using Process to close, use Windows to close and the title of the program regedit! In this way, even if the program has been renamed "regbozo.com," Keyspy will close it because it still uses the window title to run.