||||
Symantec.com > Security Response > Threats and Risks > Spyware.SpyKeySpy
PRINT THIS PAGE

Spyware.SpyKeySpy

Printer Friendly Page

Updated: February 13, 2007 11:45:01 AM
Type: Spyware
Version: 1.1
Publisher: SoftArtStudio
Risk Impact: High
File Names: setup_spykeyspy.exe sks32proc.exe sks32serv.dll sks32hdrv.dll
Systems Affected: Windows 2000, Windows 98, Windows CE, Windows Me, Windows NT, Windows Server 2003, Windows XP


When Spyware.SpyKeySpy is installed, it does the following:
  1. Creates the following files and folders:

  • %UserProfile%\Desktop\SpyKeySpy.lnk
  • %UserProfile%\Start Menu\Programs\SpyKeySpy\Help.lnk
  • %UserProfile%\Start Menu\Programs\SpyKeySpy\Homepage.lnk
  • %UserProfile%\Start Menu\Programs\SpyKeySpy\Readme.lnk
  • %UserProfile%\Start Menu\Programs\SpyKeySpy\SpyKeySpy.lnk
  • %UserProfile%\Start Menu\Programs\SpyKeySpy\Uninstall SpyKeySpy.lnk
  • %ProgramFiles%\sks32\Data\k_13_06_2005.ekf
  • %ProgramFiles%\sks32\Home_page.url
  • %ProgramFiles%\sks32\INSTALL.LOG
  • %ProgramFiles%\sks32\Readme.txt
  • %ProgramFiles%\sks32\sks32hdrv.dll (Spyware.SpyKeySpy) - hides sks32proc.exe process from taskmanager
  • %ProgramFiles%\sks32\sks32proc.exe (Spyware.SpyKeySpy)
  • %ProgramFiles%\sks32\SpyKeySpy.chm
  • %ProgramFiles%\sks32\UNWISE.EXE
  • %Windir%\system32\sks32serv.dll (Spyware.SpyKeySpy)

    Note:
  • %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] (Windows NT/2000/XP).
  • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
  • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt (Windows NT/2000).

  1. Creates the following registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyKeySpy
    HKEY_LOCAL_MACHINE\SOFTWARE\SoftArtStudio\sks32_11
    HKEY_LOCAL_MACHINE\SOFTWARE\UDShellR32
    HKEY_LOCAL_MACHINE\SOFTWARE\Wise Solutions\Wise Installation System\Repair\C:/Program Files/sks32/INSTALL.LOG
  2. Adds the value:

    "sks-32" = "%ProgramFiles%\sks32\SKS32P~1.EXE"

    to the following registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that the risk runs every time windows starts.


Search by name
Example: W32.Beagle.AG@mm
Windows 7
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS