Spyware.PrivateEye

Updated: February 13, 2007 11:45:07 AM

Type: Spyware

Publisher: vir-tec.com

Risk Impact: High

File Names: pit.exe

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

When Spyware.PrivateEye is installed, it performs the following actions:

Creates the following files:
- %UserProfile%\Start Menu\Programs\Private Eye 2004\Private Eye 2004 on the Web.lnk
- %UserProfile%\Start Menu\Programs\Private Eye 2004\Private Eye 2004.lnk
- %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Private Eye 2004.lnk
- %UserProfile%\Desktop\pit.exe
- %UserProfile%\Desktop\Private Eye 2004.lnk
- C:\Private Eye 2004\dat.bin
- C:\Private Eye 2004\help.chm
- C:\Private Eye 2004\pit.exe
- C:\Private Eye 2004\pit.url
- C:\Private Eye 2004\symantec\Screen\[date]\[date_time].jpg
- C:\Private Eye 2004\unins000.dat
- C:\Private Eye 2004\unins000.exe
  
  Note: %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] (Windows NT/2000/XP).
Creates the following registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Private Eye 2004_is1 HKEY_LOCAL_MACHINE\SOFTWARE\Integrated Reality HKEY_CURRENT_USER\Software\Integrated Reality
Adds the value:

"000" = "C:\Private Eye 2004\pit.exe"

to the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runso that the risk runs every time Windows starts.
Monitors user activity, logs keystrokes, and captures screenshots.

Summary

Search Threats

Search by name

_{Example: W32.Beagle.AG@mm}