||||
Symantec.com > Security Response > Threats and Risks > Trackware.Energyplus
PRINT THIS PAGE

Trackware.Energyplus

Printer Friendly Page

Updated: February 13, 2007 11:48:48 AM
Type: Trackware
Infection Length: 41,384 bytes
Publisher: http://www.energyplugin.com
Risk Impact: Medium
File Names: E-nrgyPlus.exe,dmm.exe
Systems Affected: Windows 2000, Windows 3.x, Windows 95, Windows 98, Windows CE, Windows Me, Windows NT, Windows XP


When Trackware.Energyplus is executed, it performs the following actions:
  1. Creates the following files:

    • %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\E-nrgyPlus\E-nrgyPlus.lnk
    • %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\E-nrgyPlus\homepage.lnk
    • %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\E-nrgyPlus\UnInstall.lnk
    • %ProgramFiles%\E-nrgyPlus\E-nrgyPlus.exe

      Note:
    • %SystemDrive% is a variable that refers to the drive on which Windows is installed. By default, this is drive C.
    • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

  2. Creates the following registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dial

  3. Adds the values:

    "E-nrgyPlus" = "|"
    "dial" = "|"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform

  4. Adds the value:

    "E-nrgyPlus" = "C:\Program Files\E-nrgyPlus\E-nrgyPlus.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that it runs everytime Windows starts.

  5. Monitors Internet activity, including URLs visited.

  6. Monitors popular search and e-commerce Web sites, including the following:

    [http://]www.yahoo.com
    [http://]www.xanga.com
    [http://]www.tripod.com
    [http://]www.monster.com
    [http://]www.icq.com
    [http://]www.mlb.com
    [http://]www.microsoft.com
    [http://]www.mapquest.com
    [http://]www.lycos.com
    [http://]www.nba.com
    [http://]www.netscape.com
    [http://]www.nytimes.com
    [http://]www.ebay.com
    [http://]www.alexa.com
    [http://]www.cnn.com
    [http://]www.apple.com
    [http://]www.amazon.com
    [http://]www.alibaba.com
  7. Sends the following system information to the author:

    • Operating System Version and Service Pack information
    • Whether a modem is installed or not
    • Type of Internet connection

Search by name
Example: W32.Beagle.AG@mm
Limited Time Offers! Save up to 50%
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS