||||
Symantec.com > Security Response > Threats and Risks > Spyware.SpyLantern
PRINT THIS PAGE

Spyware.SpyLantern

Printer Friendly Page

Updated: February 13, 2007 11:44:07 AM
Type: Spyware
Version: 5.0
Publisher: Spydex, Inc.
Risk Impact: High
File Names: setup.exe
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP


When Spyware.SpyLantern is installed, it performs the following actions:
  1. Attempts to display web page at www.spy-lantern.com
  2. Creates the following files:
    • %UserProfile%\Start Menu\Programs\Spy Lantern Keylogger\Control Center.lnk
    • %UserProfile%\Start Menu\Programs\Spy Lantern Keylogger\Help.lnk
    • %UserProfile%\Start Menu\Programs\Spy Lantern Keylogger\Online.url
    • %UserProfile%\Start Menu\Programs\Spy Lantern Keylogger\Uninstall.lnk
    • %UserProfile%\Start Menu\Programs\Spy Lantern Keylogger\Viewer.lnk
    • %System%\[random_name].cfg
    • %System%\[random_name].chm
    • %System%\[random_name].exe
    • %System%\[random_name].sys - Detected as Trojan Horse
    • %System%\[random_name]a.dll
    • %System%\[random_name]cc.exe
    • %System%\[random_name]h.dll
    • %System%\[random_name]l.exe
    • %System%\[random_name]v.exe
    • %Windir%\key.lock

      Notes:
    • %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\<Current User> (Windows NT/2000/XP).
    • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt (Windows NT/2000).
    • %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

  3. Creates the following registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spy Lantern Keylogger
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\[random_name]Driver
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\[random_name]Srv
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[random_name]Driver
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[random_name]Srv
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Spy Lantern Keylogger

  4. Modifies the value:

    "AppInit_DLLs" = "[random_name]a.dll"

    in the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

  5. Logs keystrokes, captures screenshots, and monitors Internet activity.


Search by name
Example: W32.Beagle.AG@mm
Windows 7
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS