||||
Symantec.com > Security Response > Threats and Risks > Spyware.PCTattletale
PRINT THIS PAGE

Spyware.PCTattletale

Printer Friendly Page

Updated: February 13, 2007 11:45:21 AM
Type: Spyware
Version: 7.9.49
Publisher: CyberSamurai
Risk Impact: High
File Names: pcttsetup.exe (installer) explorer.exe msn6mngr.exe Netlogon.exe svchost.exe Wincmd.exe WinL
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP


When Spyware.PCTattletale is installed, it performs the following actions:

  1. Creates the following files:

    • %UserProfile%\Desktop\PC Tattletale Instructions.lnk
    • %UserProfile%\Desktop\PC Tattletale.lnk
    • %UserProfile%\Start Menu\PC Tattletale.lnk
    • %ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe
    • %ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\IScript7.dll
    • %ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\ISRT.dll
    • %ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\IUser7.dll
    • %ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\objps7.dll
    • %ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\_ISRES1033.dll
    • %ProgramFiles%\InstallShield Installation Information\{0FFA260F-8A4D-4906-B572-6028A18DE3D5}\Setup.ilg
    • %ProgramFiles%\InstallShield Installation Information\{0FFA260F-8A4D-4906-B572-6028A18DE3D5}\setup.inx
    • %System%\comdlg32.ocx
    • %System%\CompControls.ocx
    • %System%\explorer32\alertopen.wav
    • %System%\explorer32\AutoUpdate.dll
    • %System%\explorer32\AutoUpdateClient.exe
    • %System%\explorer32\chattext.dll
    • %System%\explorer32\closewindow.wav
    • %System%\explorer32\explorer.chm
    • %System%\explorer32\explorer.exe ( Detected as Spyware.PCTattletale)
    • %System%\explorer32\goodbye.wav
    • %System%\explorer32\IdleTime.ocx
    • %System%\explorer32\msn6mngr.exe ( Detected as Spyware.PCTattletale)
    • %System%\explorer32\Netlogon.exe ( Detected as Spyware.PCTattletale)
    • %System%\explorer32\Recycle\capture[random_number].jpg
    • %System%\explorer32\Recycle\clipboard.log
    • %System%\explorer32\Recycle\Clipboard[random_number].txt
    • %System%\explorer32\Recycle\keys.log
    • %System%\explorer32\Recycle\keys[random_number].txt
    • %System%\explorer32\Recycle\NoChat.html
    • %System%\explorer32\Recycle\NoClipboard.htm
    • %System%\explorer32\Recycle\NoEmails.htm
    • %System%\explorer32\Recycle\NoHistory.htm
    • %System%\explorer32\Recycle\snapshot.bmp
    • %System%\explorer32\Recycle\upgradebrowser.htm
    • %System%\explorer32\Recycle\Windows.log
    • %System%\explorer32\rollopen.wav
    • %System%\explorer32\rollover.wav
    • %System%\explorer32\start.wav
    • %System%\explorer32\stop.wav
    • %System%\explorer32\svchost.exe ( Detected as Spyware.PCTattletale)
    • %System%\explorer32\Wincmd.exe ( Detected as Spyware.PCTattletale)
    • %System%\explorer32\WinLoad.exe ( Detected as Spyware.PCTattletale)
    • %System%\explorer32\WinSysMngr.exe ( Detected as Spyware.PCTattletale)
    • %System%\hand.cur
    • %System%\Instructions.htm
    • %System%\KbdMonitor.exp
    • %System%\KbdMonitor.lib
    • %System%\mscomct2.ocx
    • %System%\mscomctl.ocx
    • %System%\msinet.ocx
    • %System%\MSN32.dll
    • %System%\mswinsck.ocx
    • %System%\PCTT.exe ( Detected as Spyware.PCTattletale)
    • %System%\tabctl32.ocx
    • %System%\UninstallPCTT.exe
    • %System%\Unzip32.dll
    • %System%\WinLoad.exe ( Detected as Spyware.PCTattletale)
    • %System%\xwebpic10.ocx
    • %System%\zip32.dll
    • %Windir%\Downloaded Installations\{92024BEF-9763-4A4C-AC84-ADF312ADFCD5}\0x0409.ini
    • %Windir%\Downloaded Installations\{92024BEF-9763-4A4C-AC84-ADF312ADFCD5}\PC Tattletale.msi ( Detected as Spyware.PCTattletale)
    • %Windir%\$Directory

      Note:
    • %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
    • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt (Windows NT/2000).
    • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
    • %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] (Windows NT/2000/XP).

  2. Creates the following registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{107D7AD5-A620-4044-840A-7E97370F6DB3}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{231B4983-BB2D-11D4-9ED5-958F88DA5D51}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60157465-78CB-11D4-AAD4-EADAF6E7CC79}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D6A7949-37F7-4A15-A8FD-5FC01001517D}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B440EAE1-16A9-4175-BA5B-728C739EEDB5}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{123E4455-1BFD-4CAA-BCED-B0091518B167}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1EFB6594-857C-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1EFB6595-857C-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1EFB6597-857C-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1EFB6599-857C-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{20DD1B9B-87C4-11D1-8BE3-0000F8754DA1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{20DD1B9D-87C4-11D1-8BE3-0000F8754DA1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{231B4982-BB2D-11D4-9ED5-958F88DA5D51}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{231B4984-BB2D-11D4-9ED5-958F88DA5D51}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{232E4565-87C3-11D1-8BE3-0000F8754DA1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{232E4569-87C3-11D1-8BE3-0000F8754DA1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A4FCCB0-DFF1-11CF-8E74-00A0C90F26F8}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C247F21-8591-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C247F22-8591-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C247F24-8591-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C247F26-8591-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35053A20-8589-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35053A21-8589-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{58A8DC12-AD77-4C87-8EDF-5BA25A7AA806}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{60157461-78CB-11D4-AAD4-EADAF6E7CC79}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{60157463-78CB-11D4-AAD4-EADAF6E7CC79}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{603C7E7E-87C2-11D1-8BE3-0000F8754DA1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{603C7E7F-87C2-11D1-8BE3-0000F8754DA1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{61F57B42-4A29-49C3-A39A-A7D06E6E12CC}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66833FE4-8583-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66833FE5-8583-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66833FE7-8583-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66833FE9-8583-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66833FEB-8583-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66833FED-8583-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8A871932-A1F9-4CC2-A64E-D2F0D8AAB9F9}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E3867A1-8586-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E3867A2-8586-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E3867A4-8586-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E3867AA-8586-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A052B8F3-D083-4A19-83A3-73F068C034B6}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B09DE713-87C1-11D1-8BE3-0000F8754DA1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B09DE714-87C1-11D1-8BE3-0000F8754DA1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDC217C7-ED16-11CD-956C-0000C04E4C0A}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDD1F049-858B-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDD1F04A-858B-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDD1F04C-858B-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDD1F04E-858B-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDD1F050-858B-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDD1F051-858B-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDD1F053-858B-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDD1F055-858B-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C74190B4-8589-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C74190B5-8589-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C74190B7-8589-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C74190B8-8589-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C8A3DC00-8593-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD9DA660-8594-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD9DA662-8594-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD9DA664-8594-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD9DA665-8594-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F08DF952-8592-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F08DF953-8592-11D1-B16A-00C0F0283628}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FE387538-44A3-11D1-B5B7-0000C09000C4}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FE387539-44A3-11D1-B5B7-0000C09000C4}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1929DD27-96EA-49F2-916C-45491F3C3975}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{231B497E-BB2D-11D4-9ED5-958F88DA5D51}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3E4336C3-F5D4-4F53-9100-EA066A97FCC9}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60157460-78CB-11D4-AAD4-EADAF6E7CC79}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{86CF1D34-0C5F-11D2-A9FC-0000F8754DA1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8A8A8E22-758A-40B0-8064-0F3D07837FAE}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BDC217C8-ED16-11CD-956C-0000C04E4C0A}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.key
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoUpdate.clsUpdate
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chattext.chat_text
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CompControler.CompControl
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IdleTimeActiveXControl.IdleTime
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InetCtls.Inet
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InetCtls.Inet.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.Animation
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.Animation.2
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.DTPicker
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.DTPicker.2
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.FlatScrollBar
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.FlatScrollBar.2
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.MonthView
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.MonthView.2
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.UpDown
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComCtl2.UpDown.2
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.ImageComboCtl
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.ImageComboCtl.2
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.ImageListCtrl
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.ImageListCtrl.2
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl.2
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.ProgCtrl
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.ProgCtrl.2
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.SBarCtrl
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.SBarCtrl.2
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.Slider
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.Slider.2
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.TabStrip
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.TabStrip.2
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.Toolbar
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.Toolbar.2
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.TreeCtrl
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.TreeCtrl.2
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSWinsock.Winsock
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSWinsock.Winsock.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TabDlg.SSTab
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TabDlg.SSTab.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\xwebpic10.xwebpic
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPublisher\Certificates
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPublisher\CRLs
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPublisher\CTLs
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \00965022248C1D110ADD000A9C502477
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \07A7D4FBD98D1D111AD7000A9CA05BF0
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \09DC7BDDA131D1A409E11B9A577A5192
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \0D54F22226FBA8B4FADB41A3548906C2
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \13EE161CA9967C5479D493573F6205A4
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \2E8AC9B0E9894094189EA59912D1CCA3
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \39E9F6C570B40D842A0953B8A8C07ADB
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \3AEE34BABA5186A44A12B6DBFBA17AAC
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \5049D5BAE6004B74392C149224B28416
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \51799C1F87136324485141E00C6A942F
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \526705A04A9616D42B6005F6B4A3C825
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \535AAC914F48699489B746B6ADD9165A
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \6101D793267A2D119BE70006794CED42
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \7D77628069B703345B8F64FB8EE22104
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \830EE956C56E84D45A51DD1CDC6E26A3
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \87F4F881D989D614CAF36EC00C647D5E
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \88A9DC34B6BEEFF44B22357729AE5A80
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \8B1D70235E082D119BD50006794CED42
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \8DD7BDC5CAEF7C04B9AA20393F35B855
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \91E6512C39B0465449BA5314D057905E
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \A12DC6F64813FE14097F8D087FBE6534
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \A3906B67883373E4B92A4C4072D0FDDC
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \A45B49DECD972DF4892DD152ACF2E0E1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \A6B0E3CFB26F1D111B44000CF499B0B2
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \B101D793267A2D119BE70006794CED42
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \C12F23E87949C614289082A5A0B1BFCD
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \C258ABDFED824AB439D223A40F1DCEC0
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \C6D6E8663969C4142A4CDE91F63BDD38
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \DB28001FEA5A4F74888B1247849F55B7
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \E6B0E3CFB26F1D111B44000CF499B0B2
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \EF47266444B81DD46BEA5FC684159F30
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    \F7657FCA856BA7242AA70E8E3BA113D9
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall information
    \{0FFA260F-8A4D-4906-B572-6028A18DE3D5}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Welcome
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs
    HKEY_LOCAL_MACHINE\SOFTWARE\Explorer
    HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates
    HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPublisher\CRLs
    HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPublisher\CTLs
    HKEY_CURRENT_USER\Software\Microsoft\Visual Basic\6.0
    HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates
    HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs
    HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs

  3. Adds the values:

    "(default)" = ""
    "WinLoad" = "%System%\Winload.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that the risk runs every time Windows starts.

  4. Monitors user activity, logs keystrokes, and takes screenshots.


Search by name
Example: W32.Beagle.AG@mm
Limited Time Offers! Save up to 50%
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS