Spyware.QuickKeylogger

Printer Friendly Page

Updated: February 13, 2007 11:44:49 AM

Type: Spyware

Version: 2.1

Publisher: WideStep

Risk Impact: High

File Names: qk_setup.exe qlib.dll qpanel.exe qutils.dll svchost.exe

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Spyware.QuickKeylogger is installed, it performs the following actions:

Creates the following files:
- %UserProfile%\Local Settings\Temp\Quick Keylogger Log.htm
- %UserProfile%\Local Settings\Temp\readme.htm
- %System%\MSIDLLSI.DAT
- %System%\svchost.exe
- %System%\launchinie.dll
- %System%\qlib.dll
- %System%\qpanel.exe
- %System%\qutils.dll
- %Windir%\ddemal.bin
  
  Notes:
- %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] (Windows NT/2000/XP).
- %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
- %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt (Windows NT/2000)
Creates the following registry subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4BEF2011-88FB-0546-1BD1-FCD02B406654} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8809076-71C2-4B90-8DD6-6BF107F4F029} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7EBC9879-80A3-4F7C-8962-CB66B7D25F19} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D1008EEB-37BC-4E5C-8A18-F30A111D98DF} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EEA8E1E1-81D8-4AB9-B796-58C5A057A022} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AC348A2D-469C-4346-A115-4CB9F1EC5FEB} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LaunchInIE.Launch HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LaunchInIE.Launch.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RFC1156Agent HKEY_LOCAL_MACHINE\SOFTWARE\RockinFewl\LaunchinIE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVCHOST HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SVCHOST
Adds the values:

"{R7C0DB872A3F777C0}" = "[RISK GENERATED VALUE]" "{K7C0DB872A3F777C0}" = "[RISK GENERATED VALUE]" "{I566CAE8832A7BB26}" = "[RISK GENERATED VALUE]" "{0566CAE8832A7BB26}" = "[RISK GENERATED VALUE]"
to the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\LicensesNote: These registry entries may be used by legitimate programs.
Adds the value:

"TrapPollTimeMilliSecs" = "3A98"

to the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters
Modifies the value:

"Window_Placement" = "[RISK GENERATED VALUE]"

in the registry subkey:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Logs keystrokes and application activities.

Removal

Summary

Search Threats

Search by name

_{Example: W32.Beagle.AG@mm}