Updated: February 13, 2007 11:38:51 AM
Type: Spyware
Publisher: ITEE Communications
Risk Impact: High
File Names:
dd2000he.exeDD2000pe.exe,DDClient.exe,DDController.exe,DDClient.dll
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
When Spyware.DesktopD is installed, it does the following:
- Displays the product information.
- Displays the license agreement.
- Installs itself in one of the following folders:
- %ProgramFiles%\Desktop Detective 2000 Home Edition
- %ProgramFiles%\Desktop Detective 2000 Professional Edition
Note: %ProgramFiles% is a variable that refers to the path to the program files folder. By default, this is C:\Program Files.
- May create some of the following files in one of the above folders:
- DDClient.dll: Key hook DLL.
- DDClient.exe: Main logger and configuration file. Detected as Spyware.DesktopD.
- DDController.exe: Main logger and configuration file. Detected as Spyware.DesktopD.
- Release Notes.txt: Documentation.
- Licence.txt: License information.
- Help.doc: Help file.
- DDConfig.sys: Configuration settings.
- ddimg.dat: Log file.
- ddimg.bif: Log file.
- ddimg.bdf: Log file.
- ddimg.idx: Log file.
- ddkey.dat: Log file.
- ddkey.idx: Log file.
- ddnet.dat: Log file.
- ddnet.idx: Log file.
- DDEventLog.txt: Log file.
- Adds the value:
"DD2SERVICE" = "%ProgramFiles%\Desktop Detective 2000 Home Edition\DDClient.exe /autostart"
or
"DD2KPECLIENT" = "%ProgramFiles%\Desktop Detective 2000 Home Edition\DDClient.exe /autostart"
to the registry subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
so that the spyware runs when you start Windows.
- May create one of the following registry subkeys:
HKEY_LOCAL_MACHINE\Software\ITEECOM\DD2000
or
HKEY_LOCAL_MACHINE\Software\ITEECOM\DD2KPE
- May perform some of the following actions:
- Capture screenshots
- Log keystrokes
- Monitor Internet Explorer
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
