||||
Symantec.com > Security Response > Threats and Risks > Spyware.AllInOne
PRINT THIS PAGE

Spyware.AllInOne

Printer Friendly Page

Updated: February 13, 2007 11:43:18 AM
Type: Spyware
Publisher: www.allinonespy.com
Risk Impact: Medium
File Names: all-in-one-spy.exe allinonespy.exe run.exe runwin95.exe inject.dll applog.dll inetlog.dll key
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


When the installation file for Spyware.AllInOne (all-in-one-spy.exe) runs, it performs the following actions:

  1. May creates the following files:

    • %DocumentsandSettings%\All Users\Start Menu\Programs\All-In-One Spy\All-In-One Spy help.lnk
    • %DocumentsandSettings%\All Users\Start Menu\Programs\All-In-One Spy\All-In-One Spy on the Web.lnk
    • %DocumentsandSettings%\All Users\Start Menu\Programs\All-In-One Spy\All-In-One Spy.lnk
    • %DocumentsandSettings%\All Users\Start Menu\Programs\All-In-One Spy\Uninstall All-In-One Spy.lnk
    • %Userprofile%\Desktop\All-In-One Spy.lnk
    • %ProgramFiles%\All-In-One Spy\allinonespy.chm
    • %ProgramFiles%\All-In-One Spy\allinonespy.exe
    • %ProgramFiles%\All-In-One Spy\allinonespy.url
    • %ProgramFiles%\All-In-One Spy\buttons\applications_white.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\applications_white_over.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\applications_yellow.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\applications_yellow_over.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\blocking_white.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\blocking_yellow.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\blocking_yellow_over.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\bottom.gif
    • %ProgramFiles%\All-In-One Spy\buttons\clear_white.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\clear_yellow.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\clear_yellow_over.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\disabled.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\dont_white.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\dont_yellow.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\dont_yellow_over.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\enabled.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\internet_white.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\internet_white_over.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\internet_yellow.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\internet_yellow_over.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\keylogger_white.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\keylogger_white_over.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\keylogger_yellow.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\keylogger_yellow_over.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\left.gif
    • %ProgramFiles%\All-In-One Spy\buttons\open_white.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\open_yellow.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\open_yellow_over.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\right.gif
    • %ProgramFiles%\All-In-One Spy\buttons\save_white.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\save_yellow.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\save_yellow_over.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\screenshots_white.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\screenshots_white_over.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\screenshots_yellow.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\screenshots_yellow_over.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\settings_white.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\settings_yellow.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\settings_yellow_over.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\sound_white.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\sound_white_over.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\sound_yellow.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\sound_yellow_over.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\spy_white.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\spy_yellow.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\spy_yellow_over.bmp
    • %ProgramFiles%\All-In-One Spy\buttons\top.gif
    • %ProgramFiles%\All-In-One Spy\inject.dll
    • %ProgramFiles%\All-In-One Spy\keylogger.html
    • %ProgramFiles%\All-In-One Spy\lnk\all-in-one spy
    • %ProgramFiles%\All-In-One Spy\lnk\All-In-One Spy.lnk
    • %ProgramFiles%\All-In-One Spy\lnk\all-in-one spy\All-In-One Spy help.lnk
    • %ProgramFiles%\All-In-One Spy\lnk\all-in-one spy\All-In-One Spy on the Web.lnk
    • %ProgramFiles%\All-In-One Spy\lnk\all-in-one spy\All-In-One Spy.lnk
    • %ProgramFiles%\All-In-One Spy\lnk\all-in-one spy\Uninstall All-In-One Spy.lnk
    • %ProgramFiles%\All-In-One Spy\run.exe
    • %ProgramFiles%\All-In-One Spy\runwin95.exe
    • %ProgramFiles%\All-In-One Spy\saved
    • %ProgramFiles%\All-In-One Spy\settings.ini
    • %ProgramFiles%\All-In-One Spy\sound.jpg
    • %ProgramFiles%\All-In-One Spy\start.html
    • %ProgramFiles%\All-In-One Spy\template.wav
    • %ProgramFiles%\All-In-One Spy\unins000.dat
    • %ProgramFiles%\All-In-One Spy\unins000.exe
    • %ProgramFiles%\All-In-One Spy\win95.html
    • %System%\applog.dll
    • %System%\inetlog.dll
    • %System%\keylogger.dll
    • %System%\log.dll
    • %System%\remotelog.dll
    • %System%\screenlog.dll
    • %System%\soundlog.dll
    • %Userprofile%\All Users\Start Menu\Programs\Relytec
    • %Userprofile%\All Users\Start Menu\Programs\Relytec\All In One.lnk
    • %Userprofile%\All Users\Start Menu\Programs\Relytec\Purchase All In One.lnk
    • %Userprofile%\All Users\Start Menu\Programs\Relytec\Visit All In One site.lnk
    • %ProgramFiles%\Relytec\CSRSS.EXE
    • %ProgramFiles%\Relytec\CSRSS.EXE.manifest
    • %ProgramFiles%\Relytec\unins000.dat
    • %ProgramFiles%\Relytec\unins000.exe
    • %System%\KEY.DLL
    • %System%\ereg.ocx
    • %System%\rgcvt32.dll
    • %System%\base.exe

      Notes:
    • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
    • %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
    • %DocumentsandSettings% is a variable that refers to the Documents and Settings folder. By default, this is C:\Documents and Settings.
    • %Userprofile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\<Current User> (Windows NT/2000/XP).

  2. Adds the values:

    "HideMenu" = "0"
    "NeedPassword" = "0"
    "Password" = ""
    "ShowRun" = "1"
    "Startup" = "0"

    to the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\SpyControl
  3. Adds the values:

    "Active" = "0"
    "InstallPath" = "[INSTALLATION PATH]"

    to the registry key:

    HKEY_CURRENT_USERS\Software\SpyControl
  4. Adds the values:

    "CSRSS" = "C:\Program Files\Relytec\CSRSS.exe"

    to the registry key:

    HKEY_CURRENT_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


Search by name
Example: W32.Beagle.AG@mm
Limited Time Offers! Save up to 50%
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS