Updated: February 13, 2007 11:45:38 AM
Type: Spyware
Version: 4.56
Publisher: KMiNT21 Software
Risk Impact: High
File Names:
personal-inspector-setup.exe
rView.exe
svcmon.dll
svcmon.exe
svcmonh.dll
svcmoni.d
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
When Spyware.PersonInspect is installed, it performs the following actions:
- Creates the following files:
- %UserProfile%\Desktop\personal-inspector-setup.exe
- %UserProfile%\Start Menu\Programs\Personal Inspector\Links\Download lastest version.lnk
- %UserProfile%\Start Menu\Programs\Personal Inspector\Links\Mail to support.lnk
- %UserProfile%\Start Menu\Programs\Personal Inspector\Links\Program's home page.lnk
- %UserProfile%\Start Menu\Programs\Personal Inspector\Links\Registration.lnk
- %UserProfile%\Start Menu\Programs\Personal Inspector\Personal Inspector.lnk
- %UserProfile%\Start Menu\Programs\Personal Inspector\Uninstall.lnk
- %UserProfile%\Start Menu\Programs\Personal Inspector\View Report.lnk
- %System%\PIN\Icons\TrayIcon00.ico
- %System%\PIN\Icons\TrayIcon02.ico
- %System%\PIN\Icons\TrayIcon03.ico
- %System%\PIN\Icons\TrayIcon04.ico
- %System%\PIN\Icons\TrayIcon06.ico
- %System%\PIN\Icons\TrayIcon07.ico
- %System%\PIN\Icons\TrayIcon09.ico
- %System%\PIN\Icons\TrayIcon10.ico
- %System%\PIN\Icons\TrayIcon11.ico
- %System%\PIN\Icons\TrayIcon12.ico
- %System%\PIN\Icons\TrayIcon13.ico
- %System%\PIN\Icons\TrayIcon15.ico
- %System%\PIN\license.txt
- %System%\PIN\Links\Download lastest version.url
- %System%\PIN\Links\Mail to support.url
- %System%\PIN\Links\Program's home page.url
- %System%\PIN\Links\Registration.url
- %System%\PIN\RegDll.bat
- %System%\PIN\rView.exe
- %System%\PIN\svcmon.cfg
- %System%\PIN\svcmon.dll
- %System%\PIN\svcmon.exe
- %System%\PIN\svcmon.rep
- %System%\PIN\svcmonh.dll
- %System%\PIN\svcmoni.dll
- %System%\PIN\Uninstall.exe
- %System%\PIN\UnRegDll.bat
- %System%\system.pi
Note:
- %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).
- %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
- Creates the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85DDD882-701E-401B-8A7D-D51227048214}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{34EC10B9-2B39-4CF5-B1D1-84D1138D0CD5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\
{CF9CAB33-968A-4227-AFEB-A7877C496D8B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Iewatcher.ViewSource
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Iewatcher.ViewSource.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Browser Helper Objects
\{85DDD882-701E-401B-8A7D-D51227048214}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
Personal-Inspector
HKEY_LOCAL_MACHINE\SOFTWARE\KMiNT21\PersonalInspector
- Adds the value:
"svcmon" = "%System%\PIN\svcmon.exe"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
so that the risk runs every time Windows starts.
- Adds the following values:
"Local machine" = "[random_value]"
"Remote machine" = "[random_value]"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE
- Monitors Internet activity, logs key strokes, and takes screenshots.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
