Spyware.ABCKeylogger

Updated: February 13, 2007 11:39:41 AM

Type: Spyware

Version: 1.1

Publisher: Jan ten Hove

Risk Impact: High

File Names: Abckey.dll,Keylogger.exe

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Spyware.ABCKeylogger run, it does the following:

Creates the following files:
- %System%\msado20.tlb (Microsoft ActiveX Data Objects 2.0 Library)
- %System%\richtx32.ocx (Microsoft Rich text library)
- %ProgramFiles%\JthABCKeylogger\abckey.dll (Hook file, detected as Spyware.ABCKeylogger)
- %ProgramFiles%\JthABCKeylogger\forgotpass.exe (A password recovery utility)
- %ProgramFiles%\JthABCKeylogger\keylogger.exe (The main program, detected as Spyware.ABCKeylogger)
- %ProgramFiles%\JthABCKeylogger\terms of agreements.txt (The EULA)
- %ProgramFiles%\JthABCKeylogger\uninstall.exe (The uninstaller)
- %ProgramFiles%\JthABCKeylogger\uninstall.ini (The uninstaller configuration file)
- %ProgramFiles%\JthABCKeylogger\logopt.akl (An options file)
  
  Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
Adds the value:

"ABC"="%ProgramFiles%\JthABCKeylogger\keylogger.exe"

to the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runso that the Spyware runs when you start Windows.
Creates the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\JthAbcKeyloggerso that ABCKeylogger can be uninstalled.

Summary

Search Threats

Search by name

_{Example: W32.Beagle.AG@mm}