Win-Spy 8.5

Win-Spy 8.5
(Trojan-Spy.Win32.WinSpy.a)
(Trojan-Spy.Win32.WinSpy.b)
(Trojan-Spy.Win32.WinSpy.c)
(Trojan-Spy.Win32.WinSpy.d)
(not-a-virus:Monitor.Win32.WinSpy.d)
(not-a-virus:Monitor.Win32.WinSpy.k)
(not-a-virus:Monitor.Win32.WinSpy.708)
(not-a-virus:Monitor.Win32.WinSpy.30)
(Trojan-Proxy.Win32.VB.h)
(Trojan-Spy.Win32.VB.ec)

by BC Computing

Written in Visual Basic

Released in July 2005

more versions





Server:
dropped files:
c:\Program Files\Accessories\Common\ChatRoom.txt
c:\Program Files\Accessories\Common\desktop.ini
c:\Program Files\Accessories\Common\Keylog.txt
c:\Program Files\Accessories\Common\OnlineTime.txt
c:\Program Files\Accessories\Common\WebsitesDetail.txt
c:\Program Files\Accessories\Common\WebsitesSummary.txt
c:\WINDOWS\Outlook.exe         Size: 63,488 bytes 
c:\WINDOWS\taskmgr.exe         Size: 108,544 bytes 
c:\WINDOWS\uniner.exe          Size: 26,112 bytes 
c:\WINDOWS\WinHandler.dll      Size: 97,792 bytes 
c:\WINDOWS\wsdll32.exe         Size: 57,856 bytes 
c:\WINDOWS\dll32\csrss.exe     Size: 81,920 bytes 
c:\WINDOWS\dll32\services.exe  Size: 98,816 bytes 
c:\WINDOWS\system32\ANSMTP.dll Size: 274,432 bytes 	

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "NTSet"
data: C:\WINDOWS\dll32\services.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "NTSet32"
dData: C:\WINDOWS\dll32\services.exe 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MSMSGS"
data: "C:\Program Files\Messenger\msmsgs.exe" /background 


tested on Windows XP
September 29, 2006

MegaSecurity