Hacktool.AnyWeb

Printer Friendly Page

Updated: February 13, 2007 11:43:10 AM

Type: Hack Tool

Version: 2.70

Publisher: T.E.C Solution Ltd.

Risk Impact: High

File Names: any@web.exe WebChk.exe WebDumpII.exe WebSrvMan.exe WebView.exe

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

When Hacktool.AnyWeb is installed, the following actions are performed:

Creates the following files:
- %UserProfile%\Start Menu\Programs\Any@Web for Windows(Demo)\Any@Web Help.lnk
- %UserProfile%\Start Menu\Programs\Any@Web for Windows(Demo)\Any@Web Viewer.lnk
- %UserProfile%\Start Menu\Programs\Any@Web for Windows(Demo)\Capture Engine Manager.lnk
- %UserProfile%\Desktop\any@web.exe
- %ProgramFiles%\anyatweb.com\Any@Web\CJ609Lib.dll
- %ProgramFiles%\anyatweb.com\Any@Web\mimepp_core.dll
- %ProgramFiles%\anyatweb.com\Any@Web\Repository\hosts.txt
- %ProgramFiles%\anyatweb.com\Any@Web\Tips.txt
- %ProgramFiles%\anyatweb.com\Any@Web\WebChk.exe
- %ProgramFiles%\anyatweb.com\Any@Web\WebDumpII.exe
- %ProgramFiles%\anyatweb.com\Any@Web\WebSrvMan.exe
- %ProgramFiles%\anyatweb.com\Any@Web\WebView.exe
- %Windir%\Help\Any@Web.chm
- %System%\drivers\awnpf.sys
- %System%\AWPacket.dll
- %System%\AWPCAP.dll
  
  Note:
- %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\<Current User> (Windows NT/2000/XP).
- %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
- %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
- %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
Creates the registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\5090D4CAB86C40C43BCF54B762E082E2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5090D4CAB86C40C3BCF54B762E082E2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC4D0905-C68B-4C04-B3FC-457B260E282E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8F42F721E53A0094788190F757794944 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA94B1AAE0773514F8D4E595AF47BE33 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C74C32F453C955648B4B6310650F5276 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB401708209A16F49A777E69AEDD54A4 HKEY_LOCAL_MACHINE\SOFTWARE\anyatweb.com HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebDumpII HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AWNPF HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AWNPF HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AWNPF HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebDumpII
Adds the value:

"C:\Documents and Settings\All Users\Start Menu\Programs\Any@Web for Windows\" = ""

to the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

so that the Spyware runs when you start Windows.
Adds the value:

"C:\WINDOWS\Installer\{AC4D0905-C68B-4C04-B3FC-457B260E282E}\" = ""

to the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

so that the Spyware runs when you start Windows.
Adds the value:

"637849FE43D8CC74C9DE1847D64C911B\5090D4CAB86C40C43BCF54B762E082E2" = "C:\Program Files\anyatweb.com\Any@Web\WebView.exe"

to the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

so that the Spyware runs when you start Windows.
Monitors network activity, logs emails, file transfer information, and chat messages.

Removal

Summary

Search Threats

Search by name

_{Example: W32.Beagle.AG@mm}