Spyware.HSLABLogger

Printer Friendly Page

Updated: February 13, 2007 11:44:11 AM

Type: Spyware

Version: 3.2

Publisher: Handy Software Lab

Risk Impact: Medium

File Names: hslab-logger.exe la.exe logger.exe

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

When Spyware.HSLABLogger is installed, it performs the following actions:

Creates the following files:
- %UserProfile%\Start Menu\Programs\Handy Software Lab\HSLAB Logger\Check for Updates.lnk
- %UserProfile%\Start Menu\Programs\Handy Software Lab\HSLAB Logger\HSLAB Customer Care Center.lnk
- %UserProfile%\Start Menu\Programs\Handy Software Lab\HSLAB Logger\HSLAB END-USER LICENSE AGREEMENT.lnk
- %UserProfile%\Start Menu\Programs\Handy Software Lab\HSLAB Logger\HSLAB Home Page.lnk
- %UserProfile%\Start Menu\Programs\Handy Software Lab\HSLAB Logger\HSLAB Logger Administrator.lnk
- %UserProfile%\Start Menu\Programs\Handy Software Lab\HSLAB Logger\HSLAB Logger Help.lnk
- %UserProfile%\Start Menu\Programs\Handy Software Lab\HSLAB Logger\Make a suggestion....lnk
- %UserProfile%\Start Menu\Programs\Handy Software Lab\HSLAB Logger\Register online.lnk
- %UserProfile%\Start Menu\Programs\Handy Software Lab\HSLAB Logger\Report a Bug.lnk
- %UserProfile%\Desktop\hslab-logger.exe
- %ProgramFiles%\Common Files\HSLAB\Shared\CloseProduct.dll
- %ProgramFiles%\Common Files\HSLAB\Shared\dwGlobe.avi
- %ProgramFiles%\Common Files\HSLAB\Shared\hscc.exe
- %ProgramFiles%\Common Files\HSLAB\Shared\killdll.dll
- %ProgramFiles%\Common Files\HSLAB\Shared\kpr.exe
- %ProgramFiles%\Common Files\HSLAB\Shared\UnCl.exe
- %ProgramFiles%\HSLAB\HSLAB Logger\help.chm
- %ProgramFiles%\HSLAB\HSLAB Logger\hslab.url
- %ProgramFiles%\HSLAB\HSLAB Logger\la.exe
- %ProgramFiles%\HSLAB\HSLAB Logger\License.txt
- %ProgramFiles%\HSLAB\HSLAB Logger\logger.exe
- %ProgramFiles%\HSLAB\HSLAB Logger\logger.xml
- %ProgramFiles%\HSLAB\HSLAB Logger\ReadMe.txt
- %ProgramFiles%\HSLAB\HSLAB Logger\register.url
- %ProgramFiles%\HSLAB\HSLAB Logger\unins000.dat
- %ProgramFiles%\HSLAB\HSLAB Logger\unins000.exe
  
  Notes:
- %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\<Current User> (Windows NT/2000/XP).
- %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
Creates the following registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44D0E7B9-1615-48BF-99B9-EF50ADAC8943} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9E85E5B-A066-4A7C-DA9B-07BF9D0291DD} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FBFF3C64-19E5-7555-4CCF-D68F45A4AA43} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EFE1AD22-9A07-47FF-AFC5-E5042F1DA5C4} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSLAB Logger HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RFC1156Agent HKEY_LOCAL_MACHINE\SOFTWARE\ASProtect HKEY_LOCAL_MACHINE\SOFTWARE\HSLAB\HSLAB Logger HKEY_LOCAL_MACHINE\SOFTWARE\HSLAB\Software\PRODUCTS\HSLAB Customer Care Center HKEY_LOCAL_MACHINE\SOFTWARE\HSLAB\Software\PRODUCTS\HSLAB Logger HKEY_CURRENT_USER\Software\ASProtect HKEY_CURRENT_USER\Software\HSLAB\HSLAB Logger HKEY_CURRENT_USER\Software\HSLAB\Software\ImagesPaths HKEY_CURRENT_USER\Software\HSLAB\Software\PRODUCTS\HSLAB Customer Care Center HKEY_CURRENT_USER\Software\HSLAB\Software\PRODUCTS\HSLAB Logger HKEY_CURRENT_USER\Software\HSLAB\Software\PRODUCTS\PID
Adds the value:

"HSLAB Logger" = "%ProgramFiles%\HSLAB\HSLAB Logger\logger.exe"
to the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runso that the risk runs every time Windows starts.
Adds the values:

"logger.exe" = "[random_value]" "la.exe" = "[random_value]"
to the registry subkey:

HKEY_CURRENT_USER\Software\HSLAB\Software\PRODUCTS\PID
Adds the values:

"logger.exe" = "%ProgramFiles%\HSLAB\HSLAB Logger\logger.exe" "la.exe" = "%ProgramFiles%\HSLAB\HSLAB Logger\la.exe"

to the registry subkey:

HKEY_CURRENT_USER\Software\HSLAB\Software\ImagesPaths
Logs user activity and Internet activity.
May email the gathered information to a predetermined email address.

Removal

Summary

Search Threats

Search by name

_{Example: W32.Beagle.AG@mm}