||||
Symantec.com > Security Response > Threats and Risks > Spyware.GuardMon
PRINT THIS PAGE

Spyware.GuardMon

Printer Friendly Page

Updated: February 13, 2007 11:44:22 AM
Type: Spyware
Version: 9.49
Publisher: Guardian Software
Risk Impact: High
File Names: GDMgr.exe; GDAdmin.exe; gsp.dll
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


The following are features of Spyware.GuardMon:

  • Logs keystrokes and records downloaded files.
  • Monitors Internet usage and Instant Messenger conversations.
  • Takes screenshots and records inbound and outbound e-mails.

When Spyware.GuardMon runs, it performs the following actions:
  1. Creates the following files:

    • %System%\gsp.dll
    • %System%\GDSys\gsp.dll
    • %System%\GDSys\GDMgr.exe
    • %System%\GDSys\GDH.dll
    • %System%\GDSys\GDAdmin.exe
    • %System%\GDSys\GDHelp.chm
    • %System%\GDSys\guardian.css
    • %System%\GDSys\INSTALL.LOG
    • %System%\GDSys\logo.jpeg
    • %System%\GDSys\*.dat
    • %System%\GDSys\*.CDX
    • %System%\GDSys\*.dbf
    • %System%\GDSys\*.FPT
    • %UserProfile%\Desktop\GuardianMonitor.lnk

      Note:
    • %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or %System% (Windows XP).
    • %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] (Windows NT/2000/XP).

  2. Creates the following legitimate files:

    • %System%\vbzip10.dll
    • %System%\GDSys\c4dll.dll
    • %System%\GDSys\dbghelp.dll
    • %System%\GDSys\dten600.dll
    • %System%\GDSys\dXTList.dll
    • %System%\GDSys\ExCalendar.dll
    • %System%\GDSys\ezAVI26.ocx
    • %System%\GDSys\eztoolslib.dll
    • %System%\GDSys\instlsp.exe
    • %System%\GDSys\ipworks5.dll
    • %System%\GDSys\ltkrn13n.dll
    • %System%\GDSys\msmask32.ocx
    • %System%\GDSys\mx50.ocx
    • %System%\GDSys\SmartUI2.ocx
    • %System%\GDSys\smtp50.ocx
    • %System%\GDSys\SpOrder.Dll
    • %System%\GDSys\SSubTmr6.dll
    • %System%\GDSys\strace.dll
    • %System%\GDSys\UNWISE.EXE
    • %System%\GDSys\vbalFlBr6.dll
    • %System%\GDSys\vbalTab6.ocx
    • %System%\GDSys\zlib-1.dll

  3. Adds the value:

    "GDMgr.exe" = "%System%\GDSys\gdmgr.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that the risk runs every time Windows starts.

  4. Creates the following registry keys:

    HKEY_CLASSES_ROOT\CLSID\{0E34D615-66A0-11D4-AB49-00105A6F87AB}
    HKEY_CLASSES_ROOT\CLSID\{1069D104-86D3-11D6-9671-0080C88B3613}
    HKEY_CLASSES_ROOT\CLSID\{1229B856-7540-4AF7-A53D-53B00FB8CF6B}
    HKEY_CLASSES_ROOT\CLSID\{26FA5DE7-1C96-11D3-9CA6-00500411B995}
    HKEY_CLASSES_ROOT\CLSID\{2FA89D86-DBFA-11D5-8A98-0010A404A3DE}
    HKEY_CLASSES_ROOT\CLSID\{2FA89D89-DBFA-11D5-8A98-0010A404A3DE}
    HKEY_CLASSES_ROOT\CLSID\{30F77321-0F25-4376-A36B-619A2FE01A1E}
    HKEY_CLASSES_ROOT\CLSID\{36A0E3F8-5BD1-4ED6-B6D1-4519A2FC6D23}
    HKEY_CLASSES_ROOT\CLSID\{388F3FB1-0699-4780-A20F-38215F9E9E0A}
    HKEY_CLASSES_ROOT\CLSID\{53337230-F789-11CE-86F8-0020AFD8C6DB}
    HKEY_CLASSES_ROOT\CLSID\{53337290-F789-11CE-86F8-0020AFD8C6DB}
    HKEY_CLASSES_ROOT\CLSID\{5F371410-C836-11D2-BEF8-525400DFB47A}
    HKEY_CLASSES_ROOT\CLSID\{64CCFDB7-6428-11D3-A957-00105A6F87AB}
    HKEY_CLASSES_ROOT\CLSID\{67725A52-856A-11D4-88AA-000000000000}
    HKEY_CLASSES_ROOT\CLSID\{697DF023-B24E-11D3-B57C-00105AA461D0}
    HKEY_CLASSES_ROOT\CLSID\{697DF025-B24E-11D3-B57C-00105AA461D0}
    HKEY_CLASSES_ROOT\CLSID\{697DF027-B24E-11D3-B57C-00105AA461D0}
    HKEY_CLASSES_ROOT\CLSID\{697DF029-B24E-11D3-B57C-00105AA461D0}
    HKEY_CLASSES_ROOT\CLSID\{697DF02B-B24E-11D3-B57C-00105AA461D0}
    HKEY_CLASSES_ROOT\CLSID\{697DF02D-B24E-11D3-B57C-00105AA461D0}
    HKEY_CLASSES_ROOT\CLSID\{6A4B26F5-14D0-11D3-9C9A-00500411B995}
    HKEY_CLASSES_ROOT\CLSID\{6B50EFC4-F324-11D2-9C6B-00500411B995}
    HKEY_CLASSES_ROOT\CLSID\{6E6520E9-13F1-11D3-9C98-00500411B995}
    HKEY_CLASSES_ROOT\CLSID\{718761A3-D732-11D2-8A16-00000E84DA63}
    HKEY_CLASSES_ROOT\CLSID\{718761A6-D732-11D2-8A16-00000E84DA63}
    HKEY_CLASSES_ROOT\CLSID\{718761AC-D732-11D2-8A16-00000E84DA63}
    HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}
    HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}
    HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}
    HKEY_CLASSES_ROOT\CLSID\{798CBE35-B27D-11D3-B57C-00105AA461D0}
    HKEY_CLASSES_ROOT\CLSID\{7C801DCD-ECC8-11D2-9C5C-00500411B995}
    HKEY_CLASSES_ROOT\CLSID\{821E26B4-5EFF-4E6B-BBCD-DA882450EC12}
    HKEY_CLASSES_ROOT\CLSID\{83730EE4-6C46-11CF-A524-0080C77A7786}
    HKEY_CLASSES_ROOT\CLSID\{8C11E411-860C-4BAE-A0F4-CBE8DAE6B84C}
    HKEY_CLASSES_ROOT\CLSID\{9E6A5B24-1FBC-42D9-870D-07D5C5738075}
    HKEY_CLASSES_ROOT\CLSID\{9E7C607F-B08A-419C-A0AC-DC8FFBBFF628}
    HKEY_CLASSES_ROOT\CLSID\{A967E5D2-B0E1-11D3-B57C-00105AA461D0}
    HKEY_CLASSES_ROOT\CLSID\{A967E5D6-B0E1-11D3-B57C-00105AA461D0}
    HKEY_CLASSES_ROOT\CLSID\{ADAF4D96-B410-468B-A151-727C261B597C}
    HKEY_CLASSES_ROOT\CLSID\{B726FB04-D35B-11D5-8A93-0010A404A3DE}
    HKEY_CLASSES_ROOT\CLSID\{B991F96F-2560-48DC-BFF2-8748909AA469}
    HKEY_CLASSES_ROOT\CLSID\{B9A1E668-FBFC-11D5-8AB3-0010A404A3DE}
    HKEY_CLASSES_ROOT\CLSID\{B9A1E676-FBFC-11D5-8AB3-0010A404A3DE}
    HKEY_CLASSES_ROOT\CLSID\{BF80B4E6-61ED-4A81-B9A1-568EF4031891}
    HKEY_CLASSES_ROOT\CLSID\{C0CCBD16-96AD-44F7-AF72-F31CB8DA98E7}
    HKEY_CLASSES_ROOT\CLSID\{C477619E-66B2-4EE9-A977-E6C3554E35B8}
    HKEY_CLASSES_ROOT\CLSID\{C932BA85-4374-101B-A56C-00AA003668DC}
    HKEY_CLASSES_ROOT\CLSID\{CF0B0896-FB17-11D5-8AB2-0010A404A3DE}
    HKEY_CLASSES_ROOT\CLSID\{D8F4D09C-3FD1-4479-ABA3-4F195C20050C}
    HKEY_CLASSES_ROOT\CLSID\{E38F2E7A-A621-11D3-9CBA-00500411B995}
    HKEY_CLASSES_ROOT\CLSID\{E5B91392-1DD4-4B12-8D8D-87577377F432}
    HKEY_CLASSES_ROOT\CLSID\{EA6DA0D5-1021-4F55-ACBA-D1D8BA7EAB2C}
    HKEY_CLASSES_ROOT\CLSID\{EE12598F-BD9F-4BAD-BB13-D49829A024FE}
    HKEY_CLASSES_ROOT\CLSID\{F4F59935-B6BE-11D5-8A79-0010A404A3DE}
    HKEY_CLASSES_ROOT\Interface\{0D6234F3-DBA2-11D1-B5DF-0060976089D0}
    HKEY_CLASSES_ROOT\Interface\{0E34D614-66A0-11D4-AB49-00105A6F87AB}
    HKEY_CLASSES_ROOT\Interface\{15D837F5-9E3B-425F-A5ED-9E3A6608345D}
    HKEY_CLASSES_ROOT\Interface\{26FA5DE6-1C96-11D3-9CA6-00500411B995}
    HKEY_CLASSES_ROOT\Interface\{2807F89C-466A-11D4-8E51-00104B385C7B}
    HKEY_CLASSES_ROOT\Interface\{2F7F4CA6-7AEC-40A5-B89E-9C47E0389C62}
    HKEY_CLASSES_ROOT\Interface\{3B6F9AFD-ACD2-4AA3-83F2-4394B4D5BC59}
    HKEY_CLASSES_ROOT\Interface\{43993820-12F6-48DD-B184-61CA99F668F0}
    HKEY_CLASSES_ROOT\Interface\{4A3CFA08-86AD-4FE3-A753-C7833899CF95}
    HKEY_CLASSES_ROOT\Interface\{4D6CC9A0-DF77-11CF-8E74-00A0C90F26F8}
    HKEY_CLASSES_ROOT\Interface\{509B754D-675F-47BC-976A-E1E7B596A65C}
    HKEY_CLASSES_ROOT\Interface\{53337231-F789-11CE-86F8-0020AFD8C6DB}
    HKEY_CLASSES_ROOT\Interface\{53337232-F789-11CE-86F8-0020AFD8C6DB}
    HKEY_CLASSES_ROOT\Interface\{53337291-F789-11CE-86F8-0020AFD8C6DB}
    HKEY_CLASSES_ROOT\Interface\{53337292-F789-11CE-86F8-0020AFD8C6DB}
    HKEY_CLASSES_ROOT\Interface\{5580BEC2-BFF6-49E6-B23E-FB08A286A2FA}
    HKEY_CLASSES_ROOT\Interface\{5D8C19B1-96B0-11D3-A9B0-00105A6F87AB}
    HKEY_CLASSES_ROOT\Interface\{5F37140F-C836-11D2-BEF8-525400DFB47A}
    HKEY_CLASSES_ROOT\Interface\{5F371412-C836-11D2-BEF8-525400DFB47A}
    HKEY_CLASSES_ROOT\Interface\{6110709D-73CA-4908-8327-67A9AB13FEDE}
    HKEY_CLASSES_ROOT\Interface\{64CCFDB6-6428-11D3-A957-00105A6F87AB}
    HKEY_CLASSES_ROOT\Interface\{6731E38F-875F-4DB6-8B4F-84C6B4AEBB5A}
    HKEY_CLASSES_ROOT\Interface\{67725A51-856A-11D4-88AA-000000000000}
    HKEY_CLASSES_ROOT\Interface\{67725A53-856A-11D4-88AA-000000000000}
    HKEY_CLASSES_ROOT\Interface\{697DF022-B24E-11D3-B57C-00105AA461D0}
    HKEY_CLASSES_ROOT\Interface\{697DF024-B24E-11D3-B57C-00105AA461D0}
    HKEY_CLASSES_ROOT\Interface\{697DF026-B24E-11D3-B57C-00105AA461D0}
    HKEY_CLASSES_ROOT\Interface\{697DF028-B24E-11D3-B57C-00105AA461D0}
    HKEY_CLASSES_ROOT\Interface\{697DF02A-B24E-11D3-B57C-00105AA461D0}
    HKEY_CLASSES_ROOT\Interface\{697DF02C-B24E-11D3-B57C-00105AA461D0}
    HKEY_CLASSES_ROOT\Interface\{6A4B26F4-14D0-11D3-9C9A-00500411B995}
    HKEY_CLASSES_ROOT\Interface\{6D615A9E-73D4-4FEF-A0DA-6973C26C17B2}
    HKEY_CLASSES_ROOT\Interface\{6E6520E8-13F1-11D3-9C98-00500411B995}
    HKEY_CLASSES_ROOT\Interface\{6E9E8634-7A0B-4978-8325-77AF3097A33B}
    HKEY_CLASSES_ROOT\Interface\{718761A2-D732-11D2-8A16-00000E84DA63}
    HKEY_CLASSES_ROOT\Interface\{718761A5-D732-11D2-8A16-00000E84DA63}
    HKEY_CLASSES_ROOT\Interface\{718761AA-D732-11D2-8A16-00000E84DA63}
    HKEY_CLASSES_ROOT\Interface\{718761AB-D732-11D2-8A16-00000E84DA63}
    HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}
    HKEY_CLASSES_ROOT\Interface\{71A27031-C7D8-11D2-BEF8-525400DFB47A}
    HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}
    HKEY_CLASSES_ROOT\Interface\{75699410-66A0-4A10-913F-2D568C06C423}
    HKEY_CLASSES_ROOT\Interface\{7667FC01-86E4-11D6-9671-0080C88B3613}
    HKEY_CLASSES_ROOT\Interface\{7667FC02-86E4-11D6-9671-0080C88B3613}
    HKEY_CLASSES_ROOT\Interface\{771F1A1D-135B-4A3D-91FF-578A237E2F80}
    HKEY_CLASSES_ROOT\Interface\{798CBE34-B27D-11D3-B57C-00105AA461D0}
    HKEY_CLASSES_ROOT\Interface\{7B68D430-6CF8-11D3-A969-00105A6F87AB}
    HKEY_CLASSES_ROOT\Interface\{7C801DCC-ECC8-11D2-9C5C-00500411B995}
    HKEY_CLASSES_ROOT\Interface\{7C801DCE-ECC8-11D2-9C5C-00500411B995}
    HKEY_CLASSES_ROOT\Interface\{86220F38-BF34-4D14-AFC6-743761B6D208}
    HKEY_CLASSES_ROOT\Interface\{8CFD8B20-4C17-11D4-8E5B-00104B385C7B}
    HKEY_CLASSES_ROOT\Interface\{94D298C8-B76D-11D3-AA25-00105A6F87AB}
    HKEY_CLASSES_ROOT\Interface\{97610CFA-445D-401C-9980-08B4EE632FFD}
    HKEY_CLASSES_ROOT\Interface\{A1166B10-8555-4F03-9880-9B57DF93E30A}
    HKEY_CLASSES_ROOT\Interface\{A8339491-4C15-451E-AD2A-AD00297E35D4}
    HKEY_CLASSES_ROOT\Interface\{A967E5D1-B0E1-11D3-B57C-00105AA461D0}
    HKEY_CLASSES_ROOT\Interface\{A967E5D5-B0E1-11D3-B57C-00105AA461D0}
    HKEY_CLASSES_ROOT\Interface\{AD660022-0E4F-47C1-AD80-4336BE54C9B3}
    HKEY_CLASSES_ROOT\Interface\{B118631B-198C-4762-940F-F3508D382A6F}
    HKEY_CLASSES_ROOT\Interface\{B182F6F1-5168-11D3-9D00-00500411B995}
    HKEY_CLASSES_ROOT\Interface\{B182F6F2-5168-11D3-9D00-00500411B995}
    HKEY_CLASSES_ROOT\Interface\{B182F6F3-5168-11D3-9D00-00500411B995}
    HKEY_CLASSES_ROOT\Interface\{B182F6F4-5168-11D3-9D00-00500411B995}
    HKEY_CLASSES_ROOT\Interface\{B182F6F5-5168-11D3-9D00-00500411B995}
    HKEY_CLASSES_ROOT\Interface\{B182F6F6-5168-11D3-9D00-00500411B995}
    HKEY_CLASSES_ROOT\Interface\{B182F6F7-5168-11D3-9D00-00500411B995}
    HKEY_CLASSES_ROOT\Interface\{B182F6F8-5168-11D3-9D00-00500411B995}
    HKEY_CLASSES_ROOT\Interface\{B182F6F9-5168-11D3-9D00-00500411B995}
    HKEY_CLASSES_ROOT\Interface\{B182F6FA-5168-11D3-9D00-00500411B995}
    HKEY_CLASSES_ROOT\Interface\{B182F6FB-5168-11D3-9D00-00500411B995}
    HKEY_CLASSES_ROOT\Interface\{B182F6FC-5168-11D3-9D00-00500411B995}
    HKEY_CLASSES_ROOT\Interface\{B726FB03-D35B-11D5-8A93-0010A404A3DE}
    HKEY_CLASSES_ROOT\Interface\{B726FB05-D35B-11D5-8A93-0010A404A3DE}
    HKEY_CLASSES_ROOT\Interface\{B9A1E675-FBFC-11D5-8AB3-0010A404A3DE}
    HKEY_CLASSES_ROOT\Interface\{B9A1E677-FBFC-11D5-8AB3-0010A404A3DE}
    HKEY_CLASSES_ROOT\Interface\{C43E24E5-E3D7-4234-9698-F6B86AA12C9A}
    HKEY_CLASSES_ROOT\Interface\{C932BA87-4374-101B-A56C-00AA003668DC}
    HKEY_CLASSES_ROOT\Interface\{CC73B3EA-A12E-4BB1-99D8-B2544B39F624}
    HKEY_CLASSES_ROOT\Interface\{E38F2E79-A621-11D3-9CBA-00500411B995}
    HKEY_CLASSES_ROOT\Interface\{E6FA0806-8CC5-11D6-9671-0080C88B3613}
    HKEY_CLASSES_ROOT\Interface\{E9C47A10-2FE8-424C-A95E-3FBD59C5A670}
    HKEY_CLASSES_ROOT\Interface\{EEC64AA4-FCBC-11D3-B06C-00500427A693}
    HKEY_CLASSES_ROOT\Interface\{EEC64AA5-FCBC-11D3-B06C-00500427A693}
    HKEY_CLASSES_ROOT\Interface\{EFF58FBD-1CB4-11D3-9CA6-00500411B995}
    HKEY_CLASSES_ROOT\Interface\{F0C3CE15-1CCB-11D3-9CA6-00500411B995}
    HKEY_CLASSES_ROOT\Interface\{F0C3CE17-1CCB-11D3-9CA6-00500411B995}
    HKEY_CLASSES_ROOT\Interface\{F4F59932-B6BE-11D5-8A79-0010A404A3DE}
    HKEY_CLASSES_ROOT\Interface\{F4F59936-B6BE-11D5-8A79-0010A404A3DE}
    HKEY_CLASSES_ROOT\Interface\{F56A10E4-BD0A-11D6-9672-0080C88B3613}
    HKEY_CLASSES_ROOT\Interface\{F56A10E6-BD0A-11D6-9672-0080C88B3613}
    HKEY_CLASSES_ROOT\Interface\{FF444601-881A-11D6-9671-0080C88B3613}
    HKEY_CLASSES_ROOT\TypeLib\{3333BD4C-938D-44B0-9F66-F32011B9779E}
    HKEY_CLASSES_ROOT\TypeLib\{53337233-F789-11CE-86F8-0020AFD8C6DB}
    HKEY_CLASSES_ROOT\TypeLib\{53337293-F789-11CE-86F8-0020AFD8C6DB}
    HKEY_CLASSES_ROOT\TypeLib\{5F37140E-C836-11D2-BEF8-525400DFB47A}
    HKEY_CLASSES_ROOT\TypeLib\{67725A45-856A-11D4-88AA-000000000000}
    HKEY_CLASSES_ROOT\TypeLib\{7187619F-D732-11D2-8A16-00000E84DA63}
    HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}
    HKEY_CLASSES_ROOT\TypeLib\{7C801DC0-ECC8-11D2-9C5C-00500411B995}
    HKEY_CLASSES_ROOT\TypeLib\{84F88E17-9508-403E-A0C1-BBF8CA57433B}
    HKEY_CLASSES_ROOT\TypeLib\{A967E5C4-B0E1-11D3-B57C-00105AA461D0}
    HKEY_CLASSES_ROOT\TypeLib\{C932BA88-4374-101B-A56C-00AA003668DC}
    HKEY_CLASSES_ROOT\TypeLib\{E4A05A59-6B1E-48AB-94A1-5CD4AD88CF6D}
    HKEY_CLASSES_ROOT\AVIPlay.ezAVIWnd
    HKEY_CLASSES_ROOT\AVIPlay.IWndSubClass
    HKEY_CLASSES_ROOT\Dten600.FileConverter
    HKEY_CLASSES_ROOT\Dten600.FileConverter.1
    HKEY_CLASSES_ROOT\Dten600.IndexJob
    HKEY_CLASSES_ROOT\Dten600.IndexJob.1
    HKEY_CLASSES_ROOT\dten600.JobErrorInfo
    HKEY_CLASSES_ROOT\dten600.JobErrorInfo.1
    HKEY_CLASSES_ROOT\Dten600.Options
    HKEY_CLASSES_ROOT\Dten600.Options.1
    HKEY_CLASSES_ROOT\Dten600.SearchJob
    HKEY_CLASSES_ROOT\Dten600.SearchJob.1
    HKEY_CLASSES_ROOT\Dten600.SearchReportJob
    HKEY_CLASSES_ROOT\Dten600.SearchReportJob.1
    HKEY_CLASSES_ROOT\Dten600.SearchResults
    HKEY_CLASSES_ROOT\Dten600.SearchResults.1
    HKEY_CLASSES_ROOT\Dten600.WordListBuilder
    HKEY_CLASSES_ROOT\Dten600.WordListBuilder.1
    HKEY_CLASSES_ROOT\dtSearchEngine6.SearchFilter
    HKEY_CLASSES_ROOT\dtSearchEngine6.SearchFilter.1
    HKEY_CLASSES_ROOT\dtSearchEngine6.Server
    HKEY_CLASSES_ROOT\dtSearchEngine6.Server.1
    HKEY_CLASSES_ROOT\ExCalendar.CalendarCombo
    HKEY_CLASSES_ROOT\ExCalendar.CalendarCombo.1
    HKEY_CLASSES_ROOT\ExCalendar.Event
    HKEY_CLASSES_ROOT\ExCalendar.Event.1
    HKEY_CLASSES_ROOT\ExCalendar.Events
    HKEY_CLASSES_ROOT\ExCalendar.Events.1
    HKEY_CLASSES_ROOT\Exontrol.Calendar
    HKEY_CLASSES_ROOT\Exontrol.Calendar.1
    HKEY_CLASSES_ROOT\EzToolsLib.BrowserList
    HKEY_CLASSES_ROOT\EzToolsLib.BrowserList.1
    HKEY_CLASSES_ROOT\EzToolsLib.HotButton
    HKEY_CLASSES_ROOT\EzToolsLib.HotButton.1
    HKEY_CLASSES_ROOT\EzToolsLib.HotLink
    HKEY_CLASSES_ROOT\EzToolsLib.HotLink.1
    HKEY_CLASSES_ROOT\EzToolsLib.HotList
    HKEY_CLASSES_ROOT\EzToolsLib.HotList.1
    HKEY_CLASSES_ROOT\EzToolsLib.HTMLComboBox
    HKEY_CLASSES_ROOT\EzToolsLib.HTMLComboBox.1
    HKEY_CLASSES_ROOT\EzToolsLib.MenuProp
    HKEY_CLASSES_ROOT\EzToolsLib.MenuProp.1
    HKEY_CLASSES_ROOT\EzToolsLib.PicturePathProp
    HKEY_CLASSES_ROOT\EzToolsLib.PicturePathProp.1
    HKEY_CLASSES_ROOT\EzToolsLib.ResProp
    HKEY_CLASSES_ROOT\EzToolsLib.ResProp.1
    HKEY_CLASSES_ROOT\EzToolsLib.TextProp
    HKEY_CLASSES_ROOT\EzToolsLib.TextProp.1
    HKEY_CLASSES_ROOT\EzToolsLib.WowCtl
    HKEY_CLASSES_ROOT\EzToolsLib.WowCtl.1
    HKEY_CLASSES_ROOT\IPWorks.MX
    HKEY_CLASSES_ROOT\IPWorks.SMTP
    HKEY_CLASSES_ROOT\IPWorks5.MX
    HKEY_CLASSES_ROOT\IPWorks5.SMTP
    HKEY_CLASSES_ROOT\MSMask.MaskEdBox
    HKEY_CLASSES_ROOT\MSMask.MaskEdBox.1
    HKEY_CLASSES_ROOT\SaxSmartUI.ListImage
    HKEY_CLASSES_ROOT\SaxSmartUI.ListImages
    HKEY_CLASSES_ROOT\SaxSmartUI.SmartItem
    HKEY_CLASSES_ROOT\SaxSmartUI.SmartItems
    HKEY_CLASSES_ROOT\SaxSmartUI.SmartUI
    HKEY_CLASSES_ROOT\SSubTimer6.CTimer
    HKEY_CLASSES_ROOT\SSubTimer6.GSubclass
    HKEY_CLASSES_ROOT\SSubTimer6.ISubclass
    HKEY_CLASSES_ROOT\TreeList.dxStrings
    HKEY_CLASSES_ROOT\TreeList.dxStrings.1
    HKEY_CLASSES_ROOT\TreeList.dxTreeList
    HKEY_CLASSES_ROOT\TreeList.dxTreeList.2
    HKEY_CLASSES_ROOT\TreeList.dxTreeLocalizer
    HKEY_CLASSES_ROOT\TreeList.dxTreeLocalizer.1
    HKEY_CLASSES_ROOT\TreeList.xATLBand
    HKEY_CLASSES_ROOT\TreeList.xATLBand.1
    HKEY_CLASSES_ROOT\TreeList.xATLColumn
    HKEY_CLASSES_ROOT\TreeList.xATLColumn.1
    HKEY_CLASSES_ROOT\TreeList.xATLOptions
    HKEY_CLASSES_ROOT\TreeList.xATLOptions.1
    HKEY_CLASSES_ROOT\TreeList.xATLRowStyle
    HKEY_CLASSES_ROOT\TreeList.xATLRowStyle.1
    HKEY_CLASSES_ROOT\TreeList.xATLTreeNode
    HKEY_CLASSES_ROOT\TreeList.xATLTreeNode.1
    HKEY_CLASSES_ROOT\TreeList.xTransferObject
    HKEY_CLASSES_ROOT\TreeList.xTransferObject.1
    HKEY_CLASSES_ROOT\vbalFolderBrowse6.cBrowseForFolder
    HKEY_CLASSES_ROOT\vbalFolderBrowse6.cCaptureBF
    HKEY_CLASSES_ROOT\vbalFolderBrowse6.ICaptureBF
    HKEY_CLASSES_ROOT\vbalTabStrip6.TabControl
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Guardian Software
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WS2IFSL
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WS2IFSL
  5. Installs itself as a Layered Service Provider so that it can monitor network traffic.

  6. Creates a service with the following attributes:

    Service Name: "WS2IFSL"
    Display Name: "Windows Socket 2.0 Non-IFS Service Provider Support Environment"
    Path to executable: "%System%\drivers\ws2ifsl.sys"
    Startup type: "Manual"

    Note: This is a legitimate service and is used by LSPs which do not use IFS (Installable File System) supported sockets.
  7. Runs in stealth mode so that the taskbar and desktop icons are hidden. The default hotkey combination to return the program from stealth mode is ALT+SHIFT+G although this is configurable. The program may also be password protected.

Search by name
Example: W32.Beagle.AG@mm
Windows 7
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS