Updated: February 13, 2007 11:44:36 AM
Type: Spyware
Publisher: imsurfsentinel.com
Risk Impact: High
File Names: aimb.exe
Systems Affected: Windows 2000, Windows 98, Windows CE, Windows Me, Windows NT, Windows Server 2003, Windows XP
When Spyware.IMSurfSentinel is installed it does the following:
- Creates the following files and folders:
- C:\Documents and Settings\All Users\Application Data\IMSurfSentinel
- C:\Documents and Settings\All Users\Start Menu\Programs\IMSurfSentinel\IMSurfSentinel.lnk
- C:\Documents and Settings\All Users\Start Menu\Programs\IMSurfSentinel\Uninstall IMSurfSentinel.lnk
- %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\IMSurfSentinel.lnk
- %UserProfile%\Desktop\IMSurfSentinel.lnk
- %ProgramFiles%\IMSurfSentinel\aimb.exe
- %ProgramFiles%\IMSurfSentinel\KeyHook.dll
- %ProgramFiles%\IMSurfSentinel\license.rtf
- %ProgramFiles%\IMSurfSentinel\MouseHook.dll
- %ProgramFiles%\IMSurfSentinel\unins000.dat
- %ProgramFiles%\IMSurfSentinel\unins000.exe
Note:
- %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
- %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] (Windows NT/2000/XP).
- Creates the following registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMSurfSentinel_is1
HKEY_CURRENT_USER\Software\AimGuard
HKEY_CURRENT_USER\IMSurfSentinel
- Adds the following value:
"aimb.exe" -h" = "C:\Program Files\IMSurfSentinel\aimb.exe" -h"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
so that the application runs when Windows starts.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
