||||
Symantec.com > Security Response > Threats and Risks > Spyware.KGBSpy
PRINT THIS PAGE

Spyware.KGBSpy

Printer Friendly Page

Updated: February 13, 2007 11:44:20 AM
Type: Spyware
Version: 3.83
Publisher: ReFog Software
Risk Impact: Medium
File Names: Systems.exe
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows XP


When Spyware.KGBSpy is installed, it does the following:
  1. Adds the value:

    "systems.exe" = "%ProgramFiles%\KGB Spy\Systems.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that the risk runs every time Windows starts.

    Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

  2. Adds the following registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
    KGB Spy
    HKEY_CURRENT_USER\Software\KGB Spy
    HKEY_CLASSES_ROOT\keyfile
    HKEY_CLASSES_ROOT\.key
    HKEY_LOCAL_MACHINE\SOFTWARE\ReFog Software
    HKEY_CURRENT_USER\Software\ASProtect\SpecData
    HKEY_CURRENT_USER\Software\ReFog Software\Keyboard Spectator Pro

  3. Creates the following files and folders:

    • %ProgramFiles%\KGB Spy\Systems.exe (detected as Spyware.KGBSpy).
    • %ProgramFiles%\KGB Spy\systemdll.dll (detected as Hacktool.Keylogger).
    • %ProgramFiles%\KGB Spy\uninstall.ini (Uninstall information).
    • %ProgramFiles%\KGB Spy\uninstall.exe (The uninstaller).
    • %ProgramFiles%\KGB Spy\Help.chm (The spyware help file).
    • %ProgramFiles%\KGB Spy\Readme.txt (Readme file).
    • %ProgramFiles%\KGB Spy\License.txt (The end user license).
    • %ProgramFiles%\KGB Spy\*.lng (messages for specific languages)
    • %ProgramFiles%\KGB Spy\Lang.txt (configuration file)
    • %ProgramFiles%\KGB Spy\FILE_ID.DIZ (text file)
    • %ProgramFiles%\KGB Spy\VisitHomepage.url (URL shortcut)
    • %ProgramFiles%\KGB Spy\BuyOnline.url (URL shortcut)
    • C:\Documents and Settings\All Users\Application Data\KSP (The data storage folder for logfile).
    • C:\Documents and Settings\All Users\Start Menu\Programs\KGB Spy
    • %UserProfile%\Desktop\KGB Spy.lnk (The shorcut file to Systems.exe).
    • %System%\ci0-cabinet.dll (legitimate .dll)

      Notes:
    • %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\<Current User> (Windows NT/2000/XP).
    • %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).


Search by name
Example: W32.Beagle.AG@mm
Limited Time Offers! Save up to 50%
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS