Updated: February 13, 2007 11:38:15 AM
Type: Spyware
Version: 4.6
Publisher: Stealth Activity Reporter
Risk Impact: High
File Names: wsys.exe
wsys.dll
LoggerConfugurator.exe
RemoteUnInstaller.exe
ReportManager.exe
Systems Affected: Windows 2000, Windows 98, Windows Me, Windows NT, Windows XP
Spyware.STAR is distributed in WinZip file format, with the name star.zip, containing the following files
When setup.exe is executed, it does the following:
- Creates the following files:
- wsys.exe: This is the main spyware file. Detected as Spyware.STAR.
- wsys.dll: Detected as Spyware.STAR.
- DecodeScreenShots.exe
- LoggerConfigurator.exe: Detected as Spyware.STAR.
- RemoteUnInstaller.exe: Detected as Spyware.STAR.
- ReportManager.exe: Detected as Spyware.STAR.
- Uninstall.exe
- Allows the person installing it to configure the installation Path, and the Log Files Path.
- The default <installation path> is "%ProgramFiles%\STAR\"
- The default <log files path> is "%ProgramFiles%\STAR\"
Notes: %ProgramFiles% is a variable that refers to the path to the program files folder. By default, this is "C:\Program Files\."
- Adds the value:
"wsys" = "<installation path>\wsys.exe"
to the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
so that the spyware runs when you start Windows.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
