||||
Symantec.com > Security Response > Threats and Risks > Spyware.AceScreenSpy
PRINT THIS PAGE

Spyware.AceScreenSpy

Printer Friendly Page

Updated: February 13, 2007 11:41:11 AM
Type: Spyware
Version: 5.0
Publisher: Caltronix
Risk Impact: High
File Names: winacsr.exe
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


When Spyware.AceScreenSpy is executed, it performs the following actions:

  1. Creates the following files:
    • %System%\comctl32.ocx (Microsoft library)
    • %System%\comdlg32.ocx (Microsoft library)
    • %System%\ijl15.dll (intel JPEG library)
    • %System%\SmartMenuXP.dll (generic VB libraries for visual basic)
    • %System%\SmartMenuXP.ocx (generic VB libraries for visual basic)
    • %System%\tabctl32.ocx (Microsoft OLE library)
    • %System%\txappdlg.ocx (generic VB form library)
    • %Windir%\vbSkinner\3679.bmp (button image file)
    • %ProgramFiles%\ScreenSpy\lic.txt (license agreement)
    • %ProgramFiles%\ScreenSpy\spy.ico
    • %ProgramFiles%\ScreenSpy\winacsr.exe (the screenlogger, detected as Spyware.AceScreenSpy)
    • %ProgramFiles%\ScreenSpy\unins000.dat
    • %ProgramFiles%\ScreenSpy\unins000.exe
    • %ProgramFiles%\ScreenSpy\uninstall.ico
    • %ProgramFiles%\ScreenSpy\data\*.* (various configuration files , plain text)
    • %ProgramFiles%\ScreenSpy\help\Ace-ScreenSpy.chm

      Notes:
      • %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
      • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP)or C:\Winnt (Windows NT/2000).
      • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

  2. Creates registry entries for several generic and Microsoft/Intel libraries.

    The following registry entries are directly associated with Spyware.AceScreenSpy:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ace ScreenSpy 5.0_is1
    HKEY_CURRENT_USER\Software\VB and VBA Program Settings\vbSkinner Pro\%ProgramFiles%\ScreenSpy\Winacsr.exe\Skin
    HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Ace-ScreenSpy

  3. Adds the value:

    "Winacsr"="%ProgramFiles%\ScreenSpy\Winacsr.exe"

    to the registry key:

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that the Spyware runs every time Windows starts.

Search by name
Example: W32.Beagle.AG@mm
Limited Time Offers! Save up to 50%
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS