by Tiger Liu
aka NetSpy
Written in Microsoft Visual C++
Released in March 2001
Made in China
Server: dropped files: c:\WINDOWS\system32\netspy.exe size: 282.624 bytes c:\WINDOWS\system32\NETSPYHKS.DLL size: 45.056 bytes added to registry: HKEY_USERS\.DEFAULT\Software\ORL\VNCHooks\Application_Prefs\netspy.exe HKEY_USERS\S-1-5-18\Software\ORL\VNCHooks\Application_Prefs\netspy.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETSPY_SERVICE\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NETSPY_SERVICE\Enum HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NETSPY_SERVICE\Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETSPY_SERVICE\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NETSPY_SERVICE\Enum HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NETSPY_SERVICE\Security tested on Windows XP December 19, 2004 port: 7306, 7389 TCPMegaSecurity