||||
Symantec.com > Security Response > Threats and Risks > Spyware.DsktopSurveil
PRINT THIS PAGE

Spyware.DsktopSurveil

Printer Friendly Page

Updated: February 13, 2007 11:39:32 AM
Type: Spyware
Version: 6.0.3
Publisher: Omniquad
Risk Impact: High
File Names: flash.exe,MessageBox.exe,ODSPConfig.exe,ODSPHost.dll,ODSPHost_NT.exe,ODSPlay.exe,utility.dll,welcome
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP


When Spyware.DsktopSurveil is installed, it does the following:
  1. Creates the following files:
    • %ProgramFiles%\ODSP\banner.htm
    • %ProgramFiles%\ODSP\banner.JPG
    • %ProgramFiles%\ODSP\BLOWFISH.DLL
    • %ProgramFiles%\ODSP\buy.htm
    • %ProgramFiles%\ODSP\cximage.dll
    • %ProgramFiles%\ODSP\Encrypt.dll
    • %ProgramFiles%\ODSP\flash.exe
    • %ProgramFiles%\ODSP\help.htm
    • %ProgramFiles%\ODSP\htmluser.htm
    • %ProgramFiles%\ODSP\htmlview.htm
    • %ProgramFiles%\ODSP\irunin.bmp
    • %ProgramFiles%\ODSP\irunin.dat
    • %ProgramFiles%\ODSP\irunin.lgn
    • %ProgramFiles%\ODSP\killproc.exe
    • %ProgramFiles%\ODSP\MessageBox.exe
    • %ProgramFiles%\ODSP\mfc42.dll
    • %ProgramFiles%\ODSP\ODSP.dat
    • %ProgramFiles%\ODSP\odsp.sf6
    • %ProgramFiles%\ODSP\ODSPConfig.exe
    • %ProgramFiles%\ODSP\ODSPHost.dll
    • %ProgramFiles%\ODSP\ODSPHost_NT.exe
    • %ProgramFiles%\ODSP\ODSPlay.exe
    • %ProgramFiles%\ODSP\restart.bat
    • %ProgramFiles%\ODSP\Utility.dll
    • %ProgramFiles%\ODSP\welcome.exe
    • %ProgramFiles%\ODSP\XT1931Lib.dll
    • %Windir%\iun6002.exe
    • %Windir%\otnsdd32.dat
    • Additional log files in %ProgramFiles%\ODSP\Logs
    • Additional profiles in %ProgramFiles%\ODSP\Profiles

      Note:
      • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
      • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.

  2. Creates the registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ODSP 6.0.2
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ODSP Host
    HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ODSP_HOST
    HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ODSP Host
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_ODSP_HOST

    and adds the subkeys and values to them to set the flags and configurations.

  3. Adds the value:

    "ODSPConfig"="%ProgramFiles%\ODSP\ODSPConfig.exe"

    to the registry key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

    so that the Spyware runs when you start Windows.


Search by name
Example: W32.Beagle.AG@mm
Windows 7
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS