Yahoo Spy Final

Yahoo Spy Final Version
(Trojan-Spy.Win32.Agent.ak)
(Trojan-Spy.Win32.Yspy.a)
(Trojan.Win32.Zapchast)
(Constructor.Win32.YSPY.a)

by MEHRDAD

Released in September 2004

more versions


Server:
dropped files:
c:\WINNT\tcpctrl.exe          size: 944 bytes 
c:\WINNT\msagent\update.exe   size: 33.503 bytes 
c:\WINNT\system32\Decoder.dll size: 6.144 bytes 

startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "load"
data: C:\WINNT\tcpctrl.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
data: explorer.exe C:\WINNT\msagent\update.exe 

tested on Win2000

MegaSecurity