Updated: February 13, 2007 11:38:53 AM
Type: Spyware
Version: 2.7
Publisher: FindPassword.com
Risk Impact: High
File Names: Password_Stealer.exe,lpr123.exe
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Spyware.RemPSteal can do the following:
- Log passwords
- Send the log by email
- Run in hidden mode
- Be unhidden using Ctrl+Alt+8
When Spyware.RemPSteal is installed, it does the following:
- Creates the following files:
- C:\Windows\Lpr123.exe: Main logger and configuration file. Detected as Spyware.RemPSteal.
- C:\Windows\UnInstall.exe: Uninstaller.
- C:\Windows\Spdhook.dll: Key hook DLL.
- C:\Windows\Spd123.ini: Configuration settings and captured passwords.
- Adds the value:
"lpr" = "C:\windows\lpr123.exe"
to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
so that the spyware runs when you start Windows.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
