Win-Spy 8.6

Win-Spy 8.6
(Trojan-Spy.Win32.WinSpy.h)
(Trojan-Spy.Win32.WinSpy.e)
(Trojan-Spy.Win32.WinSpy.j)
(Trojan-Spy.Win32.WinSpy.po)
(not-a-virus:Monitor.Win32.WinSpy.k)
(not-a-virus:Monitor.Win32.WinSpy.t)

by BC Computing

Written in Visual Basic

Released in July 2005

more versions





Server:
dropped files:
c:\WINDOWS\conn.exe               Size: 41,472 bytes 
c:\WINDOWS\encod.exe              Size: 26,624 bytes 
c:\WINDOWS\MSCOMCTBN.dll          Size: 46,080 bytes 
c:\WINDOWS\Outlook32.exe          Size: 36,864 bytes 
c:\WINDOWS\taskmgr.exe            Size: 78,336 bytes 
c:\WINDOWS\msapps\csrss.exe       Size: 89,088 bytes 
c:\WINDOWS\msapps\services.exe    Size: 99,328 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "SoundMaxDriver"
data: C:\WINDOWS\msapps\csrss.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "SoundMaxDriver32"
data: C:\WINDOWS\msapps\services.exe 


tested on Windows XP
September 29, 2006

MegaSecurity