||||
Symantec.com > Security Response > Threats and Risks > Spyware.ActivityLog
PRINT THIS PAGE

Spyware.ActivityLog

Printer Friendly Page

Updated: February 13, 2007 11:38:03 AM
Type: Spyware
Version: 2.5
Publisher: Deep Software (www.softactivity.com)
Risk Impact: Medium
File Names: alogger.exe,alaware.dll,alogcfg.exe,alsys.exe,Emailer.dll,slgrl.dll,swkbhkl.dll
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


Spyware.ActivityLog is a spyware program that monitors all user activity, logs keystrokes, and takes periodic screenshots. The user who installed the spyware can view the gathered information locally or by email.

When Spyware.ActivityLog is installed, it performs the following actions:
  1. Creates the following files in %ProgramFiles%\Activity Logger:

    • alaware.dll: A monitoring component.
    • alm.dat: Contains a disclaimer. This file is not malicious and will not be detected.
    • ALOGCFG.CNT: A configuration component. This file is not malicious and will not be detected.
    • alogcfg.exe: A configuration component.
    • alogcfg.GID: A configuration component. This file is not malicious and will not be detected.
    • ALOGCFG.HLP: A help file, which is not malicious and will not be detected.
    • alogger.url: A shortcut to a Web site.
    • alsys.exe: A monitoring component.
    • buyal.url: A shortcut to a Web site.
    • Emailer.dll: A library used for emailing the logs.
    • ijl15.dll: A valid JPEG library. This file is not malicious and will not be detected.
    • license.txt: A text file. This file is not malicious and will not be detected.
    • LogExp.dll: This is a library used for exporting logs to different formats. This file is not malicious and will not be detected.
    • mfc42.dll: A valid Microsoft library.
    • msvcrt.dll: A valid Microsoft library.
    • README.TXT: A text file, which is not malicious and will not be detected.
    • scrview.exe: A screenshot viewer. This file is not malicious and will not be detected.
    • slgrl.dll: A monitoring component.
    • swkbhkl.dll: A monitoring component.
    • unins000.dat: An uninstallation component.This file is not malicious and will not be detected.
    • unins000.exe: An uninstallation component. This file is not malicious and will not be detected.

      Note:       %ProgramFiles% is a variable that refers to the path to the program files folder. By default, this is C:\Program Files.

  2. Creates the following files in %ProgramFiles%\Activity Logger\Templates :

    • bottom.html
    • delim.csv
    • first.html
    • head.html
    • header.csv
    • last.html
    • log.xls
    • logrec.html
    • scrshot.html
    • url.html

      Note: These files are templates used for reporting the logged information. These files are not malicious and will not be detected.

  3. Creates the following files in C:\Documents and Settings\All Users\Application Data\AL:

    • <date_time>.jpg
    • alog.swl

      Note: These files contain the logged information and screenshots. These files are not malicious and will not be detected.

  4. Creates the following file in C:\Documents and Settings\All Users\Application Data\Lgr:

    alprm.dat

    Note: This file contains the email address to which the information will be mailed. This file is not malicious and will not be detected.

  5. Creates the following shortcuts in C:\Documents and Settings\All Users\Start Menu\Programs\ActivityLogger:

    • Activity Logger Configuration.lnk
    • Visit Activity Logger Website.lnk
    • Activity Logger Help.lnk
    • Uninstall Activity Logger.lnk

  6. Adds the value:

    "AISys" = "C:\Program Files\Activity Logger\\alsys.exe"

    to the registry key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

    so that the spyware runs when you start Windows.

  7. Adds the values:

    "Install Log" = "1"
    "Install Scr" = "1"
    "Install DispWarn" = "0"
    "Install AutoStart" = "1"
    Install IsEml = "1"
    Install Email = "[EMAIL ADDRESS]"
    Del from uninstall = "0"

    to the registry subkey:

    HKEY_CURRENT_USER\Software\SoftActivity\Activity Logger\Configuration utility
  8. Adds the values:

    "Inno Setup: Setup Version" = "4.2.2"
    "Inno Setup: App Path" = "C:\Program Files\Activity Logger"
    "Inno Setup: Icon Group" = "Activity Logger"
    "Inno Setup: User" = "[USER_NAME]"
    "DisplayIcon" = "C:\Program Files\Activity Logger\alogcfg.exe"
    "UninstallString" = "C:\Program Files\Activity Logger\unins000.exe"
    "DisplayVersion" = "2.5"
    "Publisher" = "Deep Software"
    "URLInfoAbout" = "[http://]www.softactivity.com/[REMOVED]"
    "HelpLink" = "[http://]www.softactivity.com/[REMOVED]"
    "URLUpdateInfo" = "[http://]www.softactivity.com/[REMOVED]"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Winodws\CurrentVersion\Uninstall\{F166CABE-0F32-4BE8-95BD-3E540C21A5DD}_is1

  9. Creates the files in %ProgramFiles%\Activity Logger\Logs called [DATE]_[TIME] with the extension .html,.cvs or .xls.

    Note:
    • These files contain the logged information and screenshots. These files are not malicious and will not be detected.
    • [DATE] is a variable that refers to the day the file was saved and [TIME] is a variable that refers to the time the file was saved.


Search by name
Example: W32.Beagle.AG@mm
Limited Time Offers! Save up to 50%
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS