Updated: February 13, 2007 11:41:00 AM
Type: Spyware
Version: 2.00.0007
Publisher: ShareStar Inc
Risk Impact: High
File Names: Winrsm.exe,getyahoo.dll
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
When Spyware.Realspy is executed, it performs the following actions:
- Adds the value:
"Real Spy Monitor"="PROGRAMFILES\Real Spy Monitor\Winrsm.exe"
to the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
so that the Spyware.RealSpy runs every time Windows starts.
Note: This value is added if loading at windows boot time option is enabled.
- Creates the following directories:
- %PROGRAMFILES%\Real Spy Monitor (installation directory)
- %WINDOWS%\RSM (to store the log files)
Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
- Adds additional registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveSkin4.Skin
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveSkin4.Skin.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveSkin4.SkinLabel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveSkin4.SkinLabel.1
HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Real Spy Monitor_is1
- Logs the following information:
- Logs websites visited
- Keystrokes typed
- Programs executed
- Screen snapshots
- Files
- Documents accessed by installing hooks
- Does not uninstall itself cleanly.
Note: The registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run is not removed, and the file winrsm.exe is not deleted.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
