Spy Yahoo 2.0
(Constructor.Win32.VB.et)
(Trojan-Spy.Win32.VB.akw)

by Ali Moazemi

Written in Visual Basic

Released in June 2008

more versions 






Server
Dropped Files:
c:\WINDOWS\system32\regsvr.exe                                        Size: 87,462 bytes 


Added to Registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "System"
Data: regsvr.exe 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\stud "ImagePath"
Data: %SystemRoot%\System32\oobe\setup\svchost.exe /service 
	
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\stud "ImagePath"
Data: %SystemRoot%\System32\oobe\setup\svchost.exe /service 
	
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\stud "ImagePath"
Data: %SystemRoot%\System32\oobe\setup\svchost.exe /service 



Tested on Windows XP
July 06, 2008
MegaSecurity