It Figures - The need for a firewall
2001.02.01 01:29 by C.G.
My day off. I'm messing with my computer, tweaking my Cable connection to the max, upgrading my software, and so on. Well, I was updating my MS Office 2000 when something very interesting and alarming happened. I got to the installation of the Office update, when Office Update informed me that there were some Programs running. ATITv Player (I was watching some TV too,) and RegLoad. Well, I have seen Regload.exe before, when I looked in MSConfig to turn some startup programs off. But what is Regload.exe, you may ask, well I wanted to know. So I did a search on my Computer for regload. I came up with 3 hits. 1)Regload.exe 2)Regload.hlp and 3)Regload.lgc. My curiosity has gotten the better of me I was thinking at this point. I almost dismissed it as a part of Windows 98. Boy was I wrong. Well I right clicked on Regload.exe and chose properties.
Here's what I found:
Comments: Registry Loading device.
Company Name: Microsoft Corporation
Internal Name: Key Phr33k
Wait a second, what in the world is that? Not being a computer idiot, I know what phreaking is, but what is a phreak proggie doing on my computer? Well the name kind of gives it away. It copies all my keystrokes into a file. But what file? Then I clicked on Regload.hlp.
" The Regload.hlp file is not a valid help file, or is corrupted." Really, then what is taking up One Meg of disk space??? That's where Right click , Open With comes into play. Well well well, I opened it with WordPad and boy was I surprised. Everything I had typed on my keyboard from 12/16/99 to 9/9/00 was staring me in the face. Oh my God. Everything, passwords, bank accounts, credit card info, social security number, EVERYTHING, was in this file. It was only recently that I started using a firewall to block access to and from my computer. It kind of explains why my Active Light on my Cable Modem has been flashing randomly. Time to put a Stop to this garbage. I immediately stopped Regload from running, deleted all the Regload files, opened the registry, did a search for all Regload instances, deleted them all. Made sure there were no entries in MSConfig that tried to load Regload. I probably have successfully deleted all references, but now I'm paranoid. I'm going to format C: and reload Windows.
This is to inform everybody of the dangers of the Internet. It is a warning, don't let it happen to you. I may never know where my keystrokes are or what they are being used for, but it can't be good. Get a firewall, secure your computer. We may never stop this from happening, but a least we can slow it down a little.
Thanks for your time,