Updated: February 13, 2007 11:43:45 AM
Type: Spyware
Risk Impact: High
File Names:
miamore32.dll
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
When Spyware.Vipsearcher is installed, it performs the following actions:
- Creates the following registry entries:
HKEY_CLASSES_ROOT\CLSID\{1559C6FD-8BDE-476E-98C7-871E59193FCE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1559C6FD-8BDE-476E-98C7-871E59193FCE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lindow
- Attempts to access the following web sites:
- http://[domain removed].net/inf/gl.php
- http://[domain removed].com/gtest/miamore32.php
and saves files as the following:
- %Windir%\qwe.log
- %Windir%\qw.log
These files contain encrypted URL that is used by Spyware.Vipsearcher.
Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
- Monitors user's web browsing pattern and stores them in following registry entry:
HKEY_CURRENT_USERS\Software\Microsoft\lindow
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
