||||
Symantec.com > Security Response > Threats and Risks > Spyware.SpyloPCMonitor
PRINT THIS PAGE

Spyware.SpyloPCMonitor

Printer Friendly Page

Updated: February 13, 2007 11:44:52 AM
Type: Spyware
Version: 2.20
Publisher: Sontrex Software
Risk Impact: High
File Names: SETUP.EXE HOOK.DLL SPYLO.EXE WSYS.EXE WSYSSRV.EXE
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP


When Spyware.SpyloPCMonitor is installed, it performs the following actions:
  1. Creates the following files:

    • %UserProfile%\Start Menu\Programs\Spylo PC Monitor\Get Full version.lnk
    • %UserProfile%\Start Menu\Programs\Spylo PC Monitor\Spylo Commander.lnk
    • %UserProfile%\Start Menu\Programs\Spylo PC Monitor\Spylo Manual.lnk
    • %UserProfile%\Start Menu\Programs\Spylo PC Monitor\Spylo Monitor.lnk
    • %UserProfile%\Start Menu\Programs\Spylo PC Monitor\Visit homepage.lnk
    • %System%\fiohdd.sys
    • %System%\iobge12.sys
    • %System%\rgl40.sys
    • %System%\rtdk.sys
    • %System%\stslog.sys
    • %System%\[computer_name]_smonact.flg
    • %Windir%\SPCMon\DEFKILL.DAT
    • %Windir%\SPCMon\DESCRIPT.ION
    • %Windir%\SPCMon\HELP.CHM
    • %Windir%\SPCMon\HOMEPAGE.URL
    • %Windir%\SPCMon\HOOK.DLL
    • %Windir%\SPCMon\INSTALL.LOG
    • %Windir%\SPCMon\LICENSE.TXT
    • %Windir%\SPCMon\README.TXT
    • %Windir%\SPCMon\REGISTER.URL
    • %Windir%\SPCMon\SPYLO.EXE
    • %Windir%\SPCMon\SQL.GID
    • %Windir%\SPCMon\Uninstall.exe
    • %Windir%\SPCMon\WHATSNEW.TXT
    • %Windir%\SPCMon\WSYS.DLL
    • %Windir%\SPCMon\WSYS.EXE
    • %Windir%\SPCMon\WSYSSRV.EXE

      Notes:
    • %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
    • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt (Windows NT/2000).
    • %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] (Windows NT/2000/XP).

  2. Creates the following registry key:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Spylo PC Monitor

  3. Adds the value:

    "wsys.exe" = "%Windir%\SPCMon\wsys.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that the risk runs every time Windows starts.

  4. Monitors user activity, logs keystrokes, and takes screenshots.

  5. Ends the processes of anti-spyware programs.

Search by name
Example: W32.Beagle.AG@mm
Limited Time Offers! Save up to 50%
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS