by Tiger Liu
aka NetSpy
Written in Microsoft Visual C++
Released in March 2002
Made in China
Server: dropped files: c:\WINNT\system32\netspy.exe size: 385.024 bytes c:\WINNT\system32\NETSPYHKS.DLL size: 36.864 bytes port: 7306, 7389 TCP added to registry: HKEY_CURRENT_USER\Software\Sirius Software\NetMonitor V3.0\Recent File List HKEY_CURRENT_USER\Software\Sirius Software\NetMonitor V3.0\Settings HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETSPY_SERVICE\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NETSPY_SERVICE\Enum HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NETSPY_SERVICE\Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETSPY_SERVICE\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NETSPY_SERVICE\Enum HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NETSPY_SERVICE\Security tested on Windows 2000MegaSecurity