by Tiger Liu
aka NetSpy
Written in Microsoft Visual C++
Released in April 2001
Made in China
Server: dropped files: c:\WINDOWS\system32\netspy.exe size: 380.928 bytes c:\WINDOWS\system32\NETSPYHKS.DLL size: 45.056 bytes port: 7306, 7389 TCP added to registry: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETSPY_SERVICE\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NETSPY_SERVICE\Enum HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NETSPY_SERVICE\Security HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\B HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETSPY_SERVICE\0000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETSPY_SERVICE\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NETSPY_SERVICE\Enum HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NETSPY_SERVICE\Security tested on Windows XPMegaSecurity