||||
Symantec.com > Security Response > Threats and Risks > Spyware.ISpynow
PRINT THIS PAGE

Spyware.ISpynow

Printer Friendly Page

Updated: February 13, 2007 11:33:48 AM
Type: Spyware
Publisher: Explore Anywhere Software
Risk Impact: High
File Names: varies
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


When Spyware.Ispynow runs, it performs the following actions:

  1. Creates the following files:
    • %UserProfile%\Start Menu\Programs\iSpyNOW\Help Documentation.lnk
    • %UserProfile%\Start Menu\Programs\iSpyNOW\iSpyNOW Tray Companion.lnk
    • %UserProfile%\Start Menu\Programs\iSpyNOW\License Agreement.lnk
    • %UserProfile%\Start Menu\Programs\iSpyNOW\Readme.lnk
    • %UserProfile%\Start Menu\Programs\iSpyNOW\Remove iSpyNOW.lnk
    • %UserProfile%\Start Menu\Programs\iSpyNOW\Visit the Official iSpyNOW Website.lnk
    • %ProgramFiles%\ISN\header.gif
    • %ProgramFiles%\ISN\isnhelp.htm
    • %ProgramFiles%\ISN\isn_builder.exe
    • %ProgramFiles%\ISN\license.txt
    • %ProgramFiles%\ISN\Readme.txt
    • %ProgramFiles%\ISN\uninstal.log
    • %ProgramFiles%\ISN\Visit the Official iSpyNOW Website.url
    • %Windir%\isntrayopt.dat
    • %Windir%\softmod32.exe

      Note:
    • %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).
    • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
    • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt (Windows NT/2000).

  2. Creates the following file, if it is not already present on the system:

    • %Windir%\unvise32.exe

  3. Creates the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSpyNOW

  4. Adds the values:

    "Microsoft Tray"="[Executable file path]"
    "isntray" = "C:\Program Files\ISN\isn_builder.exe"

    to the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that the Adware runs every time Windows starts.

  5. Logs both sides of all the chat and instant message conversations for AOL, ICQ, MSN, AIM, and Yahoo Instant Messenger.

  6. Captures information about every window that was viewed and interacted with.

  7. Tracks every executable that was executed and interacted with.

  8. Tracks all the keystrokes and the windows they were pressed in.

  9. Logs all the Web site title and addresses that were visited.


Search by name
Example: W32.Beagle.AG@mm
Limited Time Offers! Save up to 50%
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS