||||
Symantec.com > Security Response > Threats and Risks > Spyware.StingKeyLogger
PRINT THIS PAGE

Spyware.StingKeyLogger

Printer Friendly Page

Updated: February 13, 2007 11:43:43 AM
Type: Spyware
Publisher: SRC Technologies
Risk Impact: Medium
File Names: svchost.exe StingWare KeyLogger.msi keylogger.exe
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP


When Spyware.StingKeyLogger is installed, it performs the following actions:

  1. Creates the following files:

    • %UserProfile%\Start Menu\Programs\StingWare\KeyLogger Support.lnk
    • %UserProfile%\Start Menu\Programs\StingWare\KeyLogger.lnk
    • %UserProfile%\Start Menu\Programs\StingWare\Uninstall.lnk
    • %ProgramFiles%\StingWare\KeyLogger Support.url
    • %ProgramFiles%\StingWare\stng.dat
    • %ProgramFiles%\StingWare\svchost.exe
    • %ProgramFiles%\{36B40193-4F10-4D8C-96D7-8544CCC6F704}\StingWare KeyLogger.msi
    • %Windir%\Installer\cefbfc.msi
    • %Windir%\Installer\{76E2367E-9311-47FC-A83E-7375099675C5}\NewShortcut1_76E2367E931147FCA83E7375099675C5_5.exe
    • %Windir%\WSD.DLL
    • %System%\msadodc.ocx -- This is a legitimate component needed for some applications written in Visual Basic. It may be used by other applications on your computer.

      Notes:
    • %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\<Current User> (Windows NT/2000/XP).
    • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
    • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt (Windows NT/2000).
    • %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

  2. Creates the following registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\StingWare
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76E2367E-9311-47FC-A83E-7375099675C5}

  3. Adds the value:

    "C:\Program Files\StingWare\" = ""

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
  4. Adds the value:

    "C:\Documents and Settings\All Users\Start Menu\Programs\StingWare\" = ""

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
  5. Adds the value:

    "WinAppLog" = ""C:\Program Files\StingWare\svchost.exe" /h"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that Spyware.StingKeyLogger runs every time Windows starts.
  6. Logs keystrokes silently.


Search by name
Example: W32.Beagle.AG@mm
Limited Time Offers! Save up to 50%
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS