||||
Symantec.com > Security Response > Threats and Risks > Spyware.IamBigBrother
PRINT THIS PAGE

Spyware.IamBigBrother

Printer Friendly Page

Updated: February 7, 2007 8:47:43 PM
Type: Spyware
Name: IamBigBrother
Version: 9.0
Publisher: InternetSafetySoftware.com
Risk Impact: Medium
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

Spyware.IamBigBrother must be manually installed. The file name of the retail version may vary. The demo version of Spyware.IamBigBrother is distributed as the following file:
brother90demo.exe

Once executed, it creates the following files:
  • dlhost.exe
  • cpanel.exe
  • nl.exe
  • asycfilt.dll
  • comcat.dll
  • comdlg32.ocx
  • ctl3d32.dll
  • dartftp.dll
  • dartsock.dll
  • encodex.dll
  • ijl15.dll
  • ijl15.lib
  • ijl15l.lib
  • marbryObj.dll
  • mailcontrol.ocx
  • mimex.dll
  • winl.dll
  • IRIMG1.JPG
  • IRIMG2.JPG
  • bigbrotherbox.gif
  • box_kidcontrol.gif
  • dmm.dll
  • header_main_iambb.gif
  • help.htm
  • help_top.gif
  • iambb_screen.gif
  • ma.exe
  • spoolsv.exe
  • tutorial.gif
  • tutorial_1.gif
  • tutorial_2.gif
  • tutorial_3.gif
  • uninstall.dat
  • uninstall.xml
  • %System%\DOM.dll
  • %System%\DartFtp.dll
  • %System%\DartSock.dll
  • %System%\EncodeX.dll
  • %System%\MSCOMCT2.OCX
  • %System%\MSFLXGRD.OCX
  • %System%\MSINET.OCX
  • %System%\MabryObj.dll
  • %System%\MailControl.ocx
  • %System%\MimeX.dll
  • %System%\RICHTX32.OCX
  • %System%\SmtpX.DLL
  • %System%\comdlg32.ocx
  • %System%\csXImage.ocx
  • %Windir%\cp.exe

The security risk then creates the following registry entries so that it runs every time Windows starts:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"Windows System Tray" = "[PATH TO SECURITY RISK]\dlhost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"Windows Service Manager" = "[PATH TO SECURITY RISK]\spoolsv.exe"

It also creates the following registry subkeys:
HKEY_Classes_Root\CLSID\{39fda070-61ba-11d2-ad84-00105a17b608}\InprocServer32
HKEY_Classes_Root\CLSID\{39fda070-61ba-11d2-ad84-00105a17b608}\ToolboxBitmap32
HKEY_Classes_Root\CLSID\{a1eedaa7-c4d8-11d2-ad9c-00105a17b608}\InprocServer32
HKEY_Classes_Root\CLSID\{a1eedaa7-c4d8-11d2-ad9c-00105a17b608}\ToolboxBitmap32
HKEY_Classes_Root\CLSID\{ca4fc24b-c65c-11d1-aa6f-000000000000}InprocServer32\
HKEY_Classes_Root\CLSID\{ca4fc24b-c65c-11d1-aa6f-000000000000}\ToolboxBitmap32
HKEY_Classes_Root\CLSID\{ddd136ce-517b-11d2-ad03-00105a17b608}InprocServer32
HKEY_Classes_Root\CLSID\{ddd136ce-517b-11d2-ad03-00105a17b608}\ToolboxBitmap32
HKEY_Classes_Root\CLSID\{4f99a075-5227-11d2-ad06-00105a17b608}InprocServer32
HKEY_Classes_Root\CLSID\{4f99a075-5227-11d2-ad06-00105a17b608}\ToolboxBitmap32
HKEY_Classes_Root\CLSID\{371d0743-7a57-11d2-ad5a-00105a17b608}InprocServer32
HKEY_Classes_Root\CLSID\{371d0743-7a57-11d2-ad5a-00105a17b608}\ToolboxBitmap32
HKEY_Classes_Root\CLSID\{e9d55102-9683-11d2-ba68-0040053687fe}InprocServer32
HKEY_Classes_Root\CLSID\{e9d55102-9683-11d2-ba68-0040053687fe}\ToolboxBitmap32
HKEY_Classes_Root\CLSID\{0c1f87ae-ae62-11d3-911c-00105a17b608}InprocServer32
HKEY_Classes_Root\CLSID\{0c1f87ae-ae62-11d3-911c-00105a17b608}\ToolboxBitmap32
HKEY_Classes_Root\CLSID\{b22fe43c-d1e8-432a-a862-9f83d5f04732}InprocServer32
HKEY_Classes_Root\CLSID\{b22fe43c-d1e8-432a-a862-9f83d5f04732}\ToolboxBitmap32

The security risk allows the user installing it to configure the installation Path and Log Files Path.
Search by name
Example: W32.Beagle.AG@mm
Windows 7
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS