Strange startkeylogger IRC/Norton Bug

I'm not quite sure what the problem is with this, but I'm told its a problem with norton personal firewall.

When you type "startkeylogger" in a populated IRC channel you will notice that many of the clients in the channel quit, with the quit message: "Read error: Connection reset by peer".

Fun Fun Fun!

Update here

22 Jan 2006 by HM2K

64 comments

Note: Comments are disabled.

by jeroen_77 @ 19 Mar 2006 03:50 am

dont disable anything in norton, just get a new ip adress and hide it before you log on, since i did that i never got the message by norton saying i got atacked by spybot keylogger, with this information i know that someone is trying to break into your computer through irc!

by hm2k @ 04 Mar 2006 10:53 pm

That is not a norton bug, its a netgear/linksys bug.

I have already covered that bug here: http://www.hm2k.org/news/1141413208.html

by rcsu @ 04 Mar 2006 07:59 pm

Approved: Netgear routers with SPI (Packet inspection) turned on are known to work.

by lol @ 04 Mar 2006 02:16 pm

a new norton bug: type
DCC SEND "string" 0 0 0
in a irc channel.

by itot @ 03 Mar 2006 03:12 am

im using norton personal firewall but didnt get booted. feck you(j/k)

by DJmart @ 03 Mar 2006 01:40 am

(QUOTE) You will NOT get banned/k-lined/g-lined for using this on an IRC server. That's just some scared wannabe who uses Norton that's spreading those vicious rumors. tongue (QUOTE)

You will if your in a network channel, say one of the channels the network it self owns. via efnet #help.... glined.

by peenis @ 28 Feb 2006 05:53 pm

peeeeeeenis wink

by Infurnus @ 28 Feb 2006 03:34 pm

If anyone ever makes a trojan or keylogger or anything like that, they should make the trigger "a". That or "hi". Especially "lol" or "pwn".

by Gee @ 27 Feb 2006 09:19 pm

If put as a topic they cant join chan, shuld be a good topic for nortons suport chan on irc...
this ain kiddy thing, its norton that is to blame as they built in a DOS fuction...
The user of the norton can write it them self on a chan and then its ok..

Norton = flush there stuff... as they put deliberate stuff in it, some one writeing that word combo dont mean anything its only words...
it the same as dropping the user if someone write mp3 or virus dos or why not windows or norton...

norton relly stupid, any admin banning pepole for saying it on chat chan are even worse as censorship of harmless words!
users of it shuld return there norton for a full refund until they fix there code to actually use intelligent detection and not this redicules stuff.

by a real irc op @ 27 Feb 2006 08:04 pm

I'm an oper/admin on an irc server, and our server has taken the measure to block "startkeylogger" and "stopkeylogger" from being said. (We've also blocked the nicks.) This is a very silly bug :P

by IRC server op @ 26 Feb 2006 11:48 pm

You will NOT get banned/k-lined/g-lined for using this on an IRC server. That's just some scared wannabe who uses Norton that's spreading those vicious rumors. tongue

by DJmart @ 26 Feb 2006 04:03 am

You will get glined, or banned from certain servers, and channels, this is not advised

by niggers @ 26 Feb 2006 12:43 am

you people are niggers. angry

i smell a lynching!

by Bigmeanie @ 25 Feb 2006 11:40 pm

This thing is so damn funny, i wish more people used norton .

by anonymous does not forgive @ 25 Feb 2006 05:30 pm

"This is not a "problem" with NPF or NIS, it's part of their intrusion detection system."

...i'd say it's a big fucking problem if people can close a connection and block it for a half-hour because of a 14-character plain text message.

by JUHOJ @ 24 Feb 2006 10:00 pm

-.-

by PCboy @ 24 Feb 2006 08:02 pm

By a mac ... Norton is evil

by heahea @ 24 Feb 2006 07:27 pm

startkeylogger

by paska @ 24 Feb 2006 06:00 pm

vittu mit� paskaa! ei toi voimi toimia!

by friend49 @ 24 Feb 2006 05:43 pm

This is just stupid that there are so many idiots out there wanting to exploit a flaw.

by FliesLikeABrick @ 23 Feb 2006 07:09 pm

Just use linux and you'll never have any issues...

by Spuds @ 23 Feb 2006 04:18 pm

LOL: You're a dildo.

by dtox @ 23 Feb 2006 02:30 pm

IT'S TRUE! laughing

IT'S TRUE!

by HM2K @ 23 Feb 2006 02:25 pm

In response to sartan's post.

There's no point taking it off now they know about it anyway.

As you can see I made this post last month, and I first discovered this 1 or 2 years ago.

As this issue was completly undocumented I decided to make this post, and as you all know all the best bugs are exploited, and later fixed. Watch this space.

by HAHAHAHA @ 23 Feb 2006 02:21 pm

hahaha bunch of n00b fags by Wuzz @ 22 Feb 2006 10:14 pm
This malfunction can be repaired by going within Norton -> Intrusion detection -> configure tab -> advanced tab and then unchecking Spybot keylogger command <-- that fixes it smile

by damn @ 23 Feb 2006 02:17 pm

This works only at norton 2006 internet security, i'm a victim sad

by saffsafsa @ 23 Feb 2006 02:06 pm

teinit, kun tommosta kirjottelee

by drochaid @ 23 Feb 2006 02:05 pm

This is not a "problem" with NPF or NIS, it's part of their intrusion detection system. On such a request, it blocks the originating IP for 30mins. You can disable this activity as someone above mentioned (NOT recommended) or go in and remove the single IP block... then complain to your network operators and have the person that started pissing around BANNED.

So many comments, so little intelligence... angry

by user @ 23 Feb 2006 01:54 pm

>> there is people who just play around with this shit?
>> Take down this stupid post [...] stupid script kiddies...
Damn, you are so moroni; stop complaining about kiddies, send your complaints to Symantec instead of and better of that, stop purchasing (or using cracked :P) crap software...
You want a firewall ? use checkpoint.

by Drai< @ 23 Feb 2006 12:48 pm

by d00d @ 23 Feb 2006 10:51 am

Just check the instructions posted by Wuzz below. They work and you'll be get rid of this problem.

by tehmaze @ 23 Feb 2006 10:43 am

Yeah works sometimes, also on other protocols like e-mail and msn... Norton should be ashamed of themselves ;)

by Deanna @ 23 Feb 2006 10:34 am

Could you please get rid of this page and the instructions, it's really annoying, as there is people who just play around with this shit?

by numnuts @ 23 Feb 2006 10:10 am

ok so i typed and got booted

by sartan @ 23 Feb 2006 06:26 am

HM2K, pal... Take down this stupid post, stupid script kiddies are having a field day with this one.

by George W. Bush @ 23 Feb 2006 05:14 am

lol like half my chan dropped. NUBZ.

by krazie @ 23 Feb 2006 02:09 am

[05:56:59pm] ninex> http://www.hm2k.org/news/1137968795.html
[06:00:52pm] krazie> startkeylogger
[06:00:54pm] * Quits: cyfi (Read error: Connection reset by peer)

by asdsad @ 23 Feb 2006 01:35 am

so.. it does work :)

by adsda @ 23 Feb 2006 01:35 am

[22:01:44] <bug> startkeylogger
[22:02:01] <@majju> ja maailman kammottavin kommentaattori :D
[22:02:42] <@LAama1> �sken se oli "OI OIH OI VOI JOI OI OI"
[22:02:49] <@LAama1> +!
[22:03:02] * _asdas has quit IRC (Connection timed out)
[22:03:04] * @dcg has quit IRC (Connection timed out)
[22:03:06] * @sinjis has quit IRC (Connection timed out)
[22:03:07] * superaasi has quit IRC (Connection timed out)

by Madox @ 23 Feb 2006 01:13 am

Well, this has only been mildly annoying....

by {{st3v3n}} @ 23 Feb 2006 01:04 am

how can i download it ?please give me the link for download it crying

by unhappy1 @ 23 Feb 2006 01:01 am

it does too work. it also refuses to let me connect to mirc on any server i am buged out of.

i cant use mirc anymore.

by taka @ 23 Feb 2006 12:11 am

**** BEGINNE LOGBUCH UM Thu Feb 23 00:33:39 2006

Feb 23 00:33:39 --> You are now talking on #kewlar
Feb 23 00:33:45 <Takaramono> startkeylogger
Feb 23 00:33:45 <-- Rel0 has quit (Read error: Connection reset by peer)
Feb 23 00:34:21 --> Rel0 ([email protected]) has joined #kewlar
Feb 23 00:35:13 <Takaramono> startkeylogger
Feb 23 00:35:13 <-- Rel0 has quit (Read error: Connection reset by peer)
Feb 23 00:36:50 --> Rel0 ([email protected]) has joined #kewlar
Feb 23 00:37:49 <Takaramono> startkeylogger
Feb 23 00:37:49 <-- Rel0 has quit (Read error: Connection reset by peer)
F

very funny ^^

by xD @ 22 Feb 2006 11:25 pm

by lol @ 22 Feb 2006 11:18 pm

yeah sure....

by Linus @ 22 Feb 2006 10:46 pm

(23:38:30) (Linus) startkeylogger
(23:41:19) �� quit: (Qazw) ([email protected]) (Ping timeout)
(23:41:36) �� quit: (vietnamron) ([email protected]) (Read error: Connection reset by peer)
(23:42:01) �� quit: (`EcheloN) ([email protected]) (Ping timeout)

by Alex @ 22 Feb 2006 10:43 pm

heh funny bug. was just disconnected twice for it. the second time somone told me about it and wrote startkeylogger just to spite me hehe

by Heimagain @ 22 Feb 2006 10:19 pm

and - if I wanted to make a keyloggertrigger, I'd call it something like "anyone for beer?".

This is just to silly.

by KobraHeimdal @ 22 Feb 2006 10:18 pm

Well - I have had some hysteric people telling me about the _bug_ too. I will never give them my email adress, as it will be filled with superstisious woodoo mails.

by Wuzz @ 22 Feb 2006 10:14 pm

This malfunction can be repaired by going within Norton -> Intrusion detection -> configure tab -> advanced tab and then unchecking Spybot keylogger commands tongue

by error404 @ 22 Feb 2006 10:07 pm

And if you type "format c:", the next time norton does a system scan, it detects the mirc logs as infected files and deletes them!!

by O-piz @ 22 Feb 2006 09:54 pm

[22:51:36] <O-piz> startkeylogger
[22:51:36] * seflflmsmgmse (~[email protected]) Quit (Read error: Connection reset by peer) laughing

by nephotep @ 22 Feb 2006 09:36 pm

ahhhh i was wrong sry :D this really works :p

by nephotep @ 22 Feb 2006 09:34 pm

its a bs guys dont beleive it :) there are ppl leaving in every sec so its not you making them leave ;)

by teh @ 22 Feb 2006 09:34 pm

It's spread round quakenet like wildfire.

by HM2K @ 22 Feb 2006 09:33 pm

Interesting response to this particular post, i've yet to clarify that its actually a problem with npf.

by bob @ 22 Feb 2006 09:33 pm

it would be interesting in a channel about norton...

by CCS PHS @ 22 Feb 2006 09:04 pm

Drop dead command

by akubaba @ 22 Feb 2006 08:29 pm

stopkeylogger works too wink

by BOFH @ 22 Feb 2006 08:09 pm

You can even use it as your nickname on some servers - join a channel and watch others leave :-)

Or you just join one of the warez channels with more than 500 (sometimes more than 1000) leechers... just say the word, and see more than a dozen people drop at once
laughing

by keEv @ 22 Feb 2006 05:35 pm

18:31:51 ] <Liebe> startkeylogger
[ 18:31:52 ] * Quits: X-3EaM`Othba ([email protected]) (Read error: Connection reset by peer)
[ 18:31:52 ] * Quits: win32`GAZB0LL ([email protected]) (Read error: Connection reset by peer)

by synchro @ 22 Feb 2006 05:31 pm

3 / 1700 users down :P too bad so few are using norton ^^.

by lemuel @ 12 Feb 2006 06:29 am

hehehe yeah it's working
100 users = 1 disconnection

by 1234 @ 10 Feb 2006 10:01 pm

Ive tryed this and it works tongue