Spyware.Wiretap

Printer Friendly Page

Updated: February 13, 2007 11:44:34 AM

Type: Spyware

Version: 4.0

Publisher: www.wiretappro.com

Risk Impact: High

File Names: wiretappro.exe iun6002.exe scvhost.exe ShellExecuteHook.dll Hook.dll

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Spyware.Wiretap is executed, it performs the following actions:

Creates the following folders:
- %ProgramFiles%\Wiretap Professional
- C:\Documents and Settings\All Users\Start Menu\Programs\Wiretap Professional
  
  Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files
Creates the following files:
- %ProgramFiles%\Wiretap Professional\scvhost.exe
- %ProgramFiles%\Wiretap Professional\ShellExecuteHook.dll
- %ProgramFiles%\Wiretap Professional\Hook.dll
- %ProgramFiles%\Wiretap Professional\irunin.ini
- %ProgramFiles%\Wiretap Professional\irunin.dat
- %ProgramFiles%\Wiretap Professional\irunin.lng
- %ProgramFiles%\Wiretap Professional\irunin.bmp
- %ProgramFiles%\Wiretap Professional\aide.htm
- %ProgramFiles%\Wiretap Professional\ayuda.htm
- %ProgramFiles%\Wiretap Professional\config.xml
- %ProgramFiles%\Wiretap Professional\config.~xml
- %ProgramFiles%\Wiretap Professional\help.htm
- %ProgramFiles%\Wiretap Professional\hilfe.htm
- %ProgramFiles%\Wiretap Professional\Languages\English.lng
- %ProgramFiles%\Wiretap Professional\Languages\French.lng
- %ProgramFiles%\Wiretap Professional\Languages\German.lng
- %ProgramFiles%\Wiretap Professional\Languages\Spanish.lng
- %ProgramFiles%\Wiretap Professional\Help\English\RD.gif
- %ProgramFiles%\Wiretap Professional\Help\English\get_flash_player.gif
- %ProgramFiles%\Wiretap Professional\Help\English\help.css
- %ProgramFiles%\Wiretap Professional\Help\English\helpcontents.css
- %ProgramFiles%\Wiretap Professional\Help\English\left.htm
- %ProgramFiles%\Wiretap Professional\Help\English\main.htm
- %ProgramFiles%\Wiretap Professional\Help\English\nic.gif
- %Windir%\iun6002.exe
- C:\Documents and Settings\All Users\Start Menu\Programs\Wiretap Professional\Uninstall Wiretap Professional.lnk
- C:\Documents and Settings\All Users\Start Menu\Programs\Wiretap Professional\Wiretap Help File.lnk
- C:\Documents and Settings\All Users\Start Menu\Programs\Wiretap Professional\Wiretap Professional.lnk
  
  Note:%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
Adds the following registry subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\scvhost.exe HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{935FA400-243D-11D3-B06E-857B2AE2BE64} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShellExecuteHook.TShellExecuteHook HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wtp_is1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{935FA400-243D-11D3-B06E-857B2AE2BE64}
Adds the value:
"scvhost" = "%ProgramFiles%\Wiretap Professional\scvhost.exe"

to the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runso that the risk runs every time Windows starts.
Monitors keystrokes, passwords, documents viewed, Web sites visited, and Instant Messenger conversations.

Removal

Summary

Search Threats

Search by name

_{Example: W32.Beagle.AG@mm}