||||
Symantec.com > Security Response > Threats and Risks > Spyware.ElpowKeylogger
PRINT THIS PAGE

Spyware.ElpowKeylogger

Printer Friendly Page

Updated: February 13, 2007 11:46:33 AM
Type: Spyware
Publisher: Eltima Software
Risk Impact: High
File Names: elpow_spy.sys elpow_spyBLOB elpow_spyCLICKING elpow_spyIDLELOG elpow_spyINDEX elpow_spyKEYLOG
Systems Affected: Windows 2000, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


When Spyware.ElpowKeylogger is executed, it performs the following actions:
  1. Creates the following files:

    • %System%\drivers\elpow_spy.sys
    • %Windir%\Keyloggerelow_spy\elpow_log.exe
    • %Windir%\Keyloggerelow_spy\elpow_log.init
    • %Windir%\Keyloggerelow_spy\pk_manual.chm
    • %Windir%\Keyloggerelow_spy\unins000.exe
    • %Windir%\Keyloggerelow_spy\unins000.dat
    • %Windir%\Keyloggerelow_spy\web.flt
    • %Windir%\elpow_spyBLOB
    • %Windir%\elpow_spyCLICKING
    • %Windir%\elpow_spyIDLELOG
    • %Windir%\elpow_spyINDEX
    • %Windir%\elpow_spyKEYLOG
    • %Windir%\elpow_spyMAILLOG
    • %Windir%\elpow_spyOPTIONS
    • %Windir%\elpow_spyPASLOG
    • %Windir%\elpow_spySCREEN
    • %Windir%\elpow_spyWEBLOG

      Note:
    • %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
    • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.

  2. Creates the following registry subkeys to register it as a service:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\elpow_spy
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_ELPOW_SPY

  3. Adds the values:

    "ImagePath" = "\??\%System%\drivers\elpow_spy.sys"
    "Type" = "1"
    "Start" = "1"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\elpow_spy

    so that it starts as a service.
  4. Hides all the files and folders it created. It also hides the service and registry entries.
  5. Logs keystrokes, mouse clicks, passwords, web-activities, e-mail activities, screen shots, and idle status.

  6. If a password to Spyware.ElpowKeylogger, which has been decided by the user while installing, is input into any application, the window of Spyware.ElpowKeylogger appears displaying the logs. It also displays a button to uninstall the security risk.

Search by name
Example: W32.Beagle.AG@mm
Windows 7
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS