Symantec | United States

Enterprise

Shopping

/
Security Response/
Spyware.Eblaster

Add

Spyware.Eblaster

Printer Friendly Page|Rate this page

Updated:: February 13, 2007 11:33:00 AM
Type:: Spyware
Version:: 1.0
Publisher:: SpectorSoft
Risk Impact:: Medium
Systems Affected:: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

When the installer for Spyware.Eblaster is executed, it does the following:

Creates the following files:
- %System%\nvrcr32.dll
- %System%\rmashlex.dll
  
  Note: %System% is a variable. The spyware locates the System folder and copies itself to that location. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
Creates these registry keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ ShellServiceObjectDelayLoad\XmLdrKLocation = {0C887F38-5178-43DA-B9F0-B856141FCDA4} HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{6A6A1EAE-13E1-4DC7-8014-B7677EF6D47A} HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{0C887F38-5178-43DA-B9F0-B856141FCDA4} HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{2BE166ED-F16C-46DE-B623-3575FD985D6D}

When Spyware.Eblaster runs, it monitors email messages and instant messaging communication. This spyware does not indicate that it is running.

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm

STAR Antimalware Protection Technologies

Internet Security Threat Report, Volume 17

Symantec DeepSight Screensaver

Symantec [+]
Norton [+]
- AntiVirus|
- Norton Store|
- Internet Security|
- Mac AntiVirus|
- Mobile Security|
- Norton|
- Spyware|
- Virus Protection|
- Virus Removal|
- Virus Scan
Website Security Solutions [+]
PC Tools [+]