Updated: February 13, 2007 11:43:59 AM
Type: Spyware
Risk Impact: Low
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
When Spyware.TrustyHound is installed, it performs the following actions:
- Creates the following files:
%ProgramFiles%\TrustyHound-TS\TrustyHound-TS.exe
%ProgramFiles%\TrustyHound-TB\TRUSTYHOUND-TS-installer.exe
%ProgramFiles%\TrustyHound-TB\tb[2 random characters]\TRUSTYHOUND-TS-installer.exe
Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
- Creates the following non malicious files:
- %ProgramFiles%\TrustyHound-TS\cardfountain.html
- %ProgramFiles%\TrustyHound-TS\cardfountain.ico
- %ProgramFiles%\TrustyHound-TS\free-stuff-directory.html
- %ProgramFiles%\TrustyHound-TS\free-stuff-directory.ico
- %ProgramFiles%\TrustyHound-TS\funflirts.html
- %ProgramFiles%\TrustyHound-TS\funflirts.ico
- %ProgramFiles%\TrustyHound-TS\image-search.html
- %ProgramFiles%\TrustyHound-TS\image-search.ico
- %ProgramFiles%\TrustyHound-TS\unins000.dat
- %ProgramFiles%\TrustyHound-TS\unins000.exe
- %ProgramFiles%\TrustyHound-TS\web-search.html
- %ProgramFiles%\TrustyHound-TS\web-search.ico
- %ProgramFiles%\TrustyHound-TB\autofill_plugin.dll
- %ProgramFiles%\TrustyHound-TB\whiteList_plugin.dll
- %ProgramFiles%\TrustyHound-TB\msvcp60.dll
- %ProgramFiles%\TrustyHound-TB\msvcrt.dll
- %ProgramFiles%\TrustyHound-TB\autofill.cfg
- %ProgramFiles%\TrustyHound-TB\b246.LOG
- %ProgramFiles%\TrustyHound-TB\basis.xml
- %ProgramFiles%\TrustyHound-TB\icons.bmp
- %ProgramFiles%\TrustyHound-TB\local-bubble.html
- %ProgramFiles%\TrustyHound-TB\toolbar-search-over.bmp
- %ProgramFiles%\TrustyHound-TB\toolbar.crc
- %ProgramFiles%\TrustyHound-TB\toolbar-search.bmp
- %ProgramFiles%\TrustyHound-TB\toolbar.dll
- %ProgramFiles%\TrustyHound-TB\version.txt
- %ProgramFiles%\TrustyHound-TB\websearch-over.bmp
- %ProgramFiles%\TrustyHound-TB\websearch.bmp
- Creates the following files:
- %Temp%\NS025T
- %Temp%\TrustyHound-TS.exe
- %Temp%\~DF2A78.Tmp
- %UserProfile%\Desktop\CardFountain Greetings.lnk
- %UserProfile%\Desktop\Free Stuff Directory.lnk
- %UserProfile%\Desktop\FunFlirts Online Dating.lnk
- %UserProfile%\Desktop\TrustyHound Image Search.lnk
- %UserProfile%\Desktop\TrustyHound Web Search.lnk
- %UserProfile%\Start Menu\CardFountain Greetings.lnk
- %UserProfile%\Start Menu\Free Stuff Directory.lnk
- %UserProfile%\Start Menu\FunFlirts Online Dating.lnk
- %UserProfile%\Start Menu\TrustyHound Image Search.lnk
- %UserProfile%\Start Menu\TrustyHound Web Search.lnk
- %UserProfile%\Start Menu\Programs\TrustyHound-TS\CardFountain Greetings.lnk
- %UserProfile%\Start Menu\Programs\TrustyHound-TS\Free Stuff Directory.lnk
- %UserProfile%\Start Menu\Programs\TrustyHound-TS\FunFlirts Online Dating.lnk
- %UserProfile%\Start Menu\Programs\TrustyHound-TS\TrustyHound Image Search.lnk
- %UserProfile%\Start Menu\Programs\TrustyHound-TS\TrustyHound Web Search.lnk
- %UserProfile%\Start Menu\Programs\TrustyHound-TS\TrustyHound-TS Companion.lnk
Notes:
- %Temp% is a variable that refers to the Windows temporary folder. By default, this is C:\Windows\TEMP (Windows 95/98/Me/XP) or C:\WINNT\Temp (Windows NT/2000).
- %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\<Current User> (Windows NT/2000/XP).
- Adds the value:
"TrustyHound-TS" = "%ProgramFiles%\TrustyHound-TS\TrustyHound-TS.exe"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
so that the risk runs every time Windows starts.
- Adds the registry subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TrustyHound-TS ( Companion Tools )_is1
so that Spyware.TrustyHound can be uninstalled.
- Displays an icon in the system tray that can be used to access a meta search engine. When the search engine is used, system information is sent to a predetermined server.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
