i.r: <excited> Ooooh! Oooh! I.R hack NASA!
i.m: Whaaaaaaa? No! Foolish baboon, they will trace you for sure!
i.r: Naahhhhh! I.R upload in-memory rootkit! I.R real stealthy, you bet!
i.m: And what insane scheme do you plan to implement while you are in there?
i.r: I.R install key sniffer! <sniffs finger> I.R sniffed NASA admin's password! <dances about and jumps up and down beating chest> I.R GREAT HACKER!
i.m: Well, we can but hope. Hadn't you better disconnect before they find you?
i.r: Uhhhhhhh... ahhhhhhh... <scratches head> OK! I.R unload rootkit! <pokes at keyboard> Huh? <taps more keys> EEEeeeeeee!!! <pounds keyboard in rage>
i.m: What! What? What what what WHAT?!
i.r: Rootkit no unload! Why rootkit no unload? IR issue net stop command but it still there!
i.m: Oh, pitiful baboon, they have you now! <Sobs> Your doom is certain, and all because a keyboard IRP lies waiting at the bottom of the stack. <Cheers up> Yet NO! I shall save you! It is my noble duty and I shall not fail, for I AM WEASEL!
i.m.weasle takes us down a technical overview of fixing the common problem most keyloggers have, unloading after installing a filter driver in the keyboard device stack. Posted on rookit.com.