||||
Symantec.com > Security Response > Threats and Risks > Spyware.Ashlt
PRINT THIS PAGE

Spyware.Ashlt

Printer Friendly Page

Updated: February 13, 2007 11:39:45 AM
Type: Spyware
Risk Impact: High
File Names: Ashlt.exe
Systems Affected: Windows 2000, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


When Spyware.Ashlt is executed, it performs the following actions:

  1. Copies itself as %Windir%\Ashlt.exe.

    Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.

  2. Adds the following value:

    "ASHLT"="%Windir%\Ashlt.exe"

    to the following registry key so that Ashlt.exe runs when you start Windows:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

  3. Adds multiple values to the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\ASHLT

  4. Contacts a different server and sends out local gathered information.



Search by name
Example: W32.Beagle.AG@mm
Limited Time Offers! Save up to 50%
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS