Win-Spy 8.7 Build 1.04

Win-Spy 8.7 Build 1.04
(not-a-virus:Monitor.Win32.WinSpy.t)
(Trojan-Spy.Win32.WinSpy.o)
(Trojan-Spy.Win32.WinSpy.p)
(Trojan-Spy.Win32.WinSpy.n)
(Trojan-Spy.Win32.WinSpy.l)

by BC Computing

Written in Visual Basic

Released in March 2006

more versions





Server:
dropped files:
c:\WINDOWS\msn32.exe            Size: 66,048 bytes 
c:\WINDOWS\OutlookExpress.exe   Size: 37,376 bytes 
c:\WINDOWS\taskmgr.exe          Size: 78,848 bytes 
c:\WINDOWS\winup32.exe          Size: 64,512 bytes 
c:\WINDOWS\winusers.exe         Size: 27,648 bytes 
c:\WINDOWS\winvid.exe           Size: 41,984 bytes 
c:\WINDOWS\ziplog.txt           Size: 5,615 bytes 
c:\WINDOWS\data\csrss.exe       Size: 74,240 bytes 
c:\WINDOWS\data\services.exe    Size: 117,248 bytes 

added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\YahooMessenger

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "YahooMessenger"
data: C:\WINDOWS\data\csrss.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "YahooMessenger32"
data: C:\WINDOWS\data\services.exe 



tested on Windows XP
March 29, 2007

MegaSecurity