Updated: February 13, 2007 11:33:00 AM
Type: Spyware
Version: 1.0
Publisher: SpectorSoft
Risk Impact: Medium
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
When the installer for Spyware.Eblaster is executed, it does the following:
- Creates the following files:
- %System%\nvrcr32.dll
- %System%\rmashlex.dll
Note: %System% is a variable. The spyware locates the System folder and copies itself to that location. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
- Creates these registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
ShellServiceObjectDelayLoad\XmLdrKLocation = {0C887F38-5178-43DA-B9F0-B856141FCDA4}
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{6A6A1EAE-13E1-4DC7-8014-B7677EF6D47A}
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{0C887F38-5178-43DA-B9F0-B856141FCDA4}
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{2BE166ED-F16C-46DE-B623-3575FD985D6D}
When Spyware.Eblaster runs, it monitors email messages and instant messaging communication. This spyware does not indicate that it is running.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
