||||
Symantec.com > Security Response > Threats and Risks > Spyware.SpyArsenalLog
PRINT THIS PAGE

Spyware.SpyArsenalLog

Printer Friendly Page

Updated: February 13, 2007 11:45:53 AM
Type: Spyware
Version: 1.52
Publisher: SpyArsenal.com
Risk Impact: High
File Names: SpyArsenal-AIM-Logger-setup.exe csvde.dll csvdea.exe rva.exe
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP


When Spyware.EliteKeylogger is installed, it does the following:

  1. Creates the following files:

    • %UserProfile%\Desktop\SpyArsenal AIM Logger.lnk
    • %UserProfile%\Start Menu\Programs\SpyArsenal AIM Logger\Links\Download lastest version.lnk
    • %UserProfile%\Start Menu\Programs\SpyArsenal AIM Logger\Links\Mail to support.lnk
    • %UserProfile%\Start Menu\Programs\SpyArsenal AIM Logger\Links\Program's home page.lnk
    • %UserProfile%\Start Menu\Programs\SpyArsenal AIM Logger\SpyArsenal AIM Logger.lnk
    • %System%\CatRoot2\tmp.edb
    • %System%\csvdea\csvde.dll (detected as Spyware.GoldenKeylog)
    • %System%\csvdea\csvdea.dll
    • %System%\csvdea\csvdea.exe (detected as Spyware.SpyArsenalLog)
    • %System%\csvdea\file_id.diz
    • %System%\csvdea\license.txt
    • %System%\csvdea\Links\Download lastest version.url
    • %System%\csvdea\Links\Mail to support.url
    • %System%\csvdea\Links\Program's home page.url
    • %System%\csvdea\Links\Registration.url
    • %System%\csvdea\rva.exe (detected as Spyware.SpyArsenalLog)
    • %System%\csvdea\Uninstall.exe

      Note:
    • %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).
    • %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

  2. Creates the following registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyArsenal-AIM-Logger
    HKEY_LOCAL_MACHINE\SOFTWARE\KMiNT21\SpyArsenal-AIM-Logger
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\NetCfgLockHolder
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSSdk21
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PSSDK21
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\MS_NDISWANBH
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\NetCfgLockHolder
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSSdk21

  3. Adds the value:

    "csvdea" = "%System%\csvdea\csvdea.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that it runs every time Windows starts.

  4. Records online chat conversations and saves them to %System%\csvdea.rep. The logs can then be sent to a predefined email address.


Search by name
Example: W32.Beagle.AG@mm
Limited Time Offers! Save up to 50%
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS