||||
Symantec.com > Security Response > Threats and Risks > Spyware.007Spy
PRINT THIS PAGE

Spyware.007Spy

Printer Friendly Page

Updated: February 13, 2007 11:39:11 AM
Type: Spyware
Version: 3.03
Publisher: @ Spy Software
Risk Impact: High
File Names: Ssmgr.exe,svchost.exe,007install.exe
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


When Spyware.007Spy is installed, it does the following:
  1. Adds some of the following values:

    "WinService32" = "%ProgramFiles%\Sysmnt\ssmgr.exe"
    "WinService32" = "svchost"
    "WinLiveUpdate" = "%ProgramFiles%\Common Files\Microsoft Shared\DAO\System32_\svchost.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that the spyware runs when Windows starts.

    Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

  2. Drops and registers the following legitimate files:

    • %System%\msinet.ocx
    • %System%\ANSMTP.dll
    • %System%\ijl11pro.dll
    • %System%\mswinsck.ocx
    • %System%\VB5STKIT.DLL
    • %Windir%\XPButton.OCX

      Note:
    • %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
    • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.

  3. Creates some of the following files and folders:

    • %ProgramFiles%\Sysmnt\Ssmgr.exe
    • %ProgramFiles%\Sysmnt\Help.chm
    • %ProgramFiles%\Sysmnt\Uninst00.dat
    • %ProgramFiles%\Sysmnt\Unins000.exe
    • %ProgramFiles%\Sysmnt\License.txt
    • C:\Documents and Settings\All Users\Application Data\Ssdata
    • %ProgramFiles%\Common Files\Microsoft Shared\DAO\System32_\faq.url
    • %ProgramFiles%\Common Files\Microsoft Shared\DAO\System32_\help.chm
    • %ProgramFiles%\Common Files\Microsoft Shared\DAO\System32_\license.txt
    • %ProgramFiles%\Common Files\Microsoft Shared\DAO\System32_\svchost.exe
    • %ProgramFiles%\Common Files\Microsoft Shared\DAO\System32_\website.url
    • %ProgramFiles%\Common Files\Microsoft Shared\DAO\System32_\ssdata\lgstat.ini
    • %ProgramFiles%\Common Files\Microsoft Shared\DAO\System32_\ssdata\files.dat
    • %ProgramFiles%\Common Files\Microsoft Shared\DAO\System32_\ssdata\scr.dat
    • %ProgramFiles%\Common Files\Microsoft Shared\DAO\System32_\ssdata\kys.dat
    • %ProgramFiles%\Common Files\Microsoft Shared\DAO\System32_\ssdata\scrdata
    • %Windir%\sslogo.bmp
    • %Windir%\ssmon.pas
    • %System%\ssmon.lnk
    • %System%\sysmnt.dat
    • %System%\ssfaq.url
    • %System%\sshelp.chm
    • %System%\ssWebSite.url
    • %UserProfile%\Start Menu\Programs\007 Spy Software\007 Spy Software.lnk
    • %UserProfile%\Start Menu\Programs\007 Spy Software\Online Faq.lnk
    • %UserProfile%\Start Menu\Programs\007 Spy Software\Spy Software Online.lnk
    • %UserProfile%\Start Menu\Programs\007 Spy Software\User Manual.lnk
    • %UserProfile%\Desktop\007 Spy Software.lnk


Search by name
Example: W32.Beagle.AG@mm
Windows 7
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS