Win-Spy 8.7 Build 1.01

Win-Spy 8.7 Build 1.01
(Trojan-Spy.Win32.WinSpy.p)
(Trojan-Spy.Win32.WinSpy.o)
(Trojan-Spy.Win32.WinSpy.l)
(Trojan-Spy.Win32.WinSpy.n)
(Trojan-Spy.Win32.WinSpy.j)
(Trojan-Spy.Win32.WinSpy.n)
(Trojan-Spy.Win32.WinSpy.acb)
(Trojan-Spy.Win32.WinSpy.sl)
(Backdoor.Win32.VB.yu)
(not-a-virus:Monitor.Win32.WinSpy.t)

by BC Computing

Written in Visual Basic

Released in July 2005

more versions





Server:
dropped files:
c:\Program Files\Accessories\Common\ChatRoom.txt
c:\Program Files\Accessories\Common\Keylog.txt 
c:\WINDOWS\comp.exe               Size: 27,648 bytes 
c:\WINDOWS\dll32.exe              Size: 41,984 bytes 
c:\WINDOWS\hpeg.dll               Size: 180,224 bytes 
c:\WINDOWS\MSCDLR.dll             Size: 46,592 bytes 
c:\WINDOWS\msimn.exe              Size: 37,376 bytes 
c:\WINDOWS\msn32.exe              Size: 66,048 bytes 
c:\WINDOWS\refsdm.dll             Size: 26 bytes 
c:\WINDOWS\taskmgr.exe            Size: 78,848 bytes 
c:\WINDOWS\winup32.exe            Size: 65,536 bytes 
c:\WINDOWS\ziplog.txt             Size: 5,615 bytes 
c:\WINDOWS\system32\AOSMTP.dll    Size: 270,336 bytes 
c:\WINDOWS\zip\csrss.exe          Size: 74,240 bytes 
c:\WINDOWS\zip\services.exe       Size: 117,248 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "NAVUpdater"
data: C:\WINDOWS\zip\csrss.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "NAVUpdater32"
data: C:\WINDOWS\zip\services.exe 


tested on Windows XP
October 10, 2006

MegaSecurity