Win-Spy 8.8 build 137

Win-Spy 8.8 build 137
(Backdoor.Win32.VB.bal)
(Trojan.Win32.Whispy.d)
(Trojan-Spy.Win32.WinSpy.xl)
(not-a-virus:Monitor.Win32.WinSpy.88)
(Trojan-Spy.Win32.WinSpy.ae)
(Trojan-Spy.Win32.WinSpy.ej)
(Trojan-Spy.Win32.WinSpy.es)
(Trojan-Spy.Win32.WinSpy.zm)

by BC Computing

Written in Visual Basic

Released in December 2006

more versions




Remote Install File:
dropped files:
c:\WINDOWS\zip\csrss.exe       Size: 102,912 bytes 
c:\WINDOWS\zip\services.exe    Size: 118,272 bytes 
c:\WINDOWS\comp.exe            Size: 28,672 bytes 
c:\WINDOWS\hpeg.dll            Size: 69,120 bytes 
c:\WINDOWS\msimn.exe           Size: 57,344 bytes 
c:\WINDOWS\msn64.exe           Size: 50,176 bytes 
c:\WINDOWS\refsdm.dll          Size: 26 bytes 
c:\WINDOWS\srvcsr.dll          Size: 57,344 bytes 
c:\WINDOWS\taskmgr.exe         Size: 81,408 bytes 
c:\WINDOWS\winup32.exe         Size: 64,512 bytes 
c:\WINDOWS\ziplog.txt

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "NAVUpdater"
data: C:\WINDOWS\zip\csrss.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "NAVUpdater32"
data: C:\WINDOWS\zip\services.exe 


tested on Windows XP
January 26, 2007

MegaSecurity