WinSniffer

When the program is executed, it creates the following files:

• %UserProfile%\Start Menu\Win Sniffer\Win Sniffer 1.22.lnk
• %UserProfile%\Start Menu\Win Sniffer\Win Sniffer Help.lnk
• %ProgramFiles%\WinSniffer\Ctl3dv2.dll
• %ProgramFiles%\WinSniffer\Inetwh16.dll
• %ProgramFiles%\WinSniffer\INETWH32.dll
• %ProgramFiles%\WinSniffer\INSTALL.LOG
• %ProgramFiles%\WinSniffer\msvcrt.dll
• %ProgramFiles%\WinSniffer\msvcrt.dll\mfc42.dll
• %ProgramFiles%\WinSniffer\Pcandis3.vxd
• %ProgramFiles%\WinSniffer\Pcandis4.sys
• %ProgramFiles%\WinSniffer\Pcandis5.sys
• %ProgramFiles%\WinSniffer\Setbrows.exe
• %ProgramFiles%\WinSniffer\UNWISE.EXE
• %ProgramFiles%\WinSniffer\W32N50.dll
• %ProgramFiles%\WinSniffer\ws.ico
• %ProgramFiles%\WinSniffer\WSMDI.cnt
• %ProgramFiles%\WinSniffer\Wsmdi.hlp

The program also creates the following file, which is the WinSniffer main program:
%ProgramFiles%\WinSniffer\WSMDI.exe

Next, the program creates the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win Sniffer 1.2\"DisplayName" = "Win Sniffer 1.2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win Sniffer 1.2\"UninstallString" = "%ProgramFiles%\WINSNI~1\UNWISE.EXE %ProgramFiles%\WINSNI~1\INSTALL.LOG"

The program then monitors incoming and outgoing network traffic and decodes FTP, POP3, HTTP, ICQ, SMTP, Telnet, IMAP, and NNTP usernames and passwords.

Summary