||||
Symantec.com > Security Response > Threats and Risks > Spyware.InlookExpress
PRINT THIS PAGE

Spyware.InlookExpress

Printer Friendly Page

Updated: February 13, 2007 11:44:39 AM
Type: Spyware
Version: 2.0
Publisher: Cinar Software
Risk Impact: High
File Names: inlookexpresssetup.exe svchost.exe final.exe IEControl2.exe
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP


When Spyware.InlookExpress is installed, it performs the following actions:
  1. Creates the following files:

    • %Windir%\inlook.exe
    • %Windir%\is-QV2PM.exe
    • %Windir%\is-QV2PM.lst
    • %Windir%\sds20.oca
    • C:\sds20\final.exe ( viral )
    • C:\sds20\IEControl2.exe ( viral )
    • C:\sds20\ijl11.dll
    • C:\sds20\remie20.exe
    • C:\sds20\settings.dat
    • C:\sds20\svchost.exe ( viral )
    • C:\sds20\svchost32.exe
    • C:\sds20\TheHook.dll

      Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt (Windows NT/2000).

  2. Creates the following registry key:

    • HKEY_LOCAL_MACHINE\SOFTWARE\sds

  3. Adds the value:

    "sds20" = "C:\sds20\svchost.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that the risk runs every time Windows starts.

  4. Logs keystrokes and captures screenshots.

Search by name
Example: W32.Beagle.AG@mm
Windows 7
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS