CyberSpy 1.3 (a)
(Backdoor.Win32.Cyberspy.13.a)

by Ghirai

Written in Visual Basic

more versions


-the files 'Install.exe' and '~Install.exe' are a little different:
	-both are servers, but '~Install.exe' also kills from memory/uninstalls some firewalls and A-Virus programs...
	-that's the only difference.

-you'll probably need the vb6 runtimes and mswinsck.ocx in your Windows\System folder (check altavista, etc.)



					Ghirai.


Server:
dropped file:
C:\WINDOWS\SYSTEM\~Cab001.exe 

size: 47 and 49 KB

port: 38742 TCP

startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Regcheck" 
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices "Regcheck" 
c:\windows\win.ini, "load" 

MegaSecurity