When Spyware.StealthKeylog is installed, it does the following:
- Creates the following files:
- %Windir%\ASK\ASK.dll
- %Windir%\ASK\ASK.exe
- %Windir%\ASK\help\Help.htm
- %Windir%\ASK\help\images\ASK[NUMBER].jpg (The spyware creates many files in this format.)
- %Windir%\ASK\help\images\bk.bmp
- %Windir%\ASK\help\images\Email[NUMBER].jpg (The spyware creates many files in this format.)
- %Windir%\ASK\help\images\poza.bmp
- %Windir%\ASK\help\images\style.css
- %Windir%\ASK\help\Info.htm
- %Windir%\ASK\Logs\AggregatedLog.xsl
- %Windir%\ASK\Logs\AllDayApplications.xsl
- %Windir%\ASK\Logs\AllDayClipboardMonitor.xsl
- %Windir%\ASK\Logs\AllDayFileMonitor.xsl
- %Windir%\ASK\Logs\AllDayKeyLogger.xsl
- %Windir%\ASK\Logs\AllDayMessenger.xsl
- %Windir%\ASK\Logs\AllDayPrinterMonitor.xsl
- %Windir%\ASK\Logs\AllDayScreenShot.xsl
- %Windir%\ASK\Logs\AllDayWeb.xsl
- %Windir%\ASK\Logs\Applications.xsl
- %Windir%\ASK\Logs\Applications_[DATE].xmm (The spyware creates many files in this format.)
- %Windir%\ASK\Logs\bk.bmp
- %Windir%\ASK\Logs\ClipboardMonitor.xsl
- %Windir%\ASK\Logs\ClipboardMonitor_[DATE].xmm (The spyware creates many files in this ormat.)
- %Windir%\ASK\Logs\Errors.txt
- %Windir%\ASK\Logs\FileMonitor.xsl
- %Windir%\ASK\Logs\FileMonitor_[DATE].xmm (The spyware creates many files in this format.)
- %Windir%\ASK\Logs\GlobalLog.xsl
- %Windir%\ASK\Logs\KeyLogger.xsl
- %Windir%\ASK\Logs\KeyLogger_[DATE].xmm (The spyware creates many files in this format.)
- %Windir%\ASK\Logs\Messenger.xsl
- %Windir%\ASK\Logs\pict_[TIME,DATE].jpg (The spyware creates many files in this format.)
- %Windir%\ASK\Logs\PrinterMonitor.xsl
- %Windir%\ASK\Logs\ScreenShot.xsl
- %Windir%\ASK\Logs\ScreenShot_[DATE].xmm (The spyware creates many files in this format.)
- %Windir%\ASK\Logs\Web.xsl
- %Windir%\ASK\ScrCap.exe
- %Windir%\ASK\SMTPSender.exe
- %Windir%\SKUninstaller.exe
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\Logs\SysAggregatedLog.xsl
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\Logs\SysAllDaySysApplications.xsl
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\Logs\SysAllDaySysClipboardMonitor.xsl
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\Logs\SysAllDaySysFileMonitor.xsl
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\Logs\SysAllDaySysKeyLogger.xsl
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\Logs\SysAllDaySysMessenger.xsl
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\Logs\SysAllDaySysPrinterMonitor.xsl
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\Logs\SysAllDaySysScreenShot.xsl
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\Logs\SysAllDaySysWeb.xsl
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\Logs\SysApplications.xsl
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\Logs\SysApplications_[DATE].xmm
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\Logs\SysClipboardMonitor.xsl
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\Logs\SysErrors.txt
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\Logs\SysFileMonitor.xsl
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\Logs\SysFileMonitor_[DATE].xmm
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\Logs\SysGlobalLog.xsl
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\Logs\SysKeyLogger.xsl
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\Logs\SysKeyLogger_[DATE].xmm
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\Logs\SysMessenger.xsl
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\Logs\Syspict_[TIME,DATE].jpg
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\Logs\SysPrinterMonitor.xsl
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\Logs\SysScreenShot.xsl
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\Logs\SysScreenShot_[DATE].xmm
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\Logs\SystemKeybk.bmp
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\Logs\SysWeb.xsl
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\Logs\TestEmail.xml
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\SysScrCap.exe
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\SysSMTPSender.exe
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\SystemKey.dll
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\SystemKey.exe
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\SystemKeyHelp.chm
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\SystemKeyUninstaller.exe
- %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\xcacls.exe
Note:
- %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
- %SystemDrive% is a variable that refers to the drive on which Windows is installed. By default, this is drive C.
- Adds some of the values:
"ASK" = "%System%\rundll32.exe %Windir%\ASK\ASK.dll rdl"
"SystemKey" = "%System%\rundll32.exe %SystemDrive%\Documents and Settings\All Users\Application Data\SystemKey\SystemKey.dll rdl"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
so that the risk runs every time Windows starts.
- Creates some of the following registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\ASK
HKEY_LOCAL_MACHINE\SOFTWARE\SystemKey
- Logs keystrokes and captures screenshots.
