1. /
  2. Security Response/
  3. Spyware.HTEmployeeMon

Spyware.HTEmployeeMon

Updated:
November 5, 2012 4:37:43 PM
Type:
Spyware
Name:
HT Employee Monitor
Publisher:
Hidetools.com
Risk Impact:
Medium
Systems Affected:
Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
This program must be manually installed.

When the program is executed, it creates the following folders:
  • %ProgramFiles%\HEM
  • %UserProfile%\Start Menu\Programs\HT Employee Monitor

Next, it creates the following registry entry so that it executes whenever Windows starts:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"wmime" = "%Program Files%\HEM\wmime.exe /STARTUP"


It then creates the following files:
  • %ProgramFiles%\HEM\help.chm
  • %ProgramFiles%\HEM\ijl15.dll
  • %ProgramFiles%\HEM\setalc.exe
  • %ProgramFiles%\HEM\uninstall.exe
  • %ProgramFiles%\HEM\wmime.exe
  • %UserProfile%\Start Menu\Programs\HT Employee Monitor\HT Employee Monitor Help.lnk
  • %UserProfile%\Start Menu\Programs\HT Employee Monitor\HT Employee Monitor.lnk

Next, it creates the following registry subkeys:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Hidetools
  • HKEY_LOCAL_MACHINE\SOFTWARE\Hidetools\Common Data
  • HKEY_LOCAL_MACHINE\SOFTWARE\HT
  • HKEY_LOCAL_MACHINE\SOFTWARE\HT\Common Data

The spyware program may then record the following information:
  • Event and application logging
  • Keystrokes
  • Screenshots
  • Websites visited

The program may then send the recorded information to a remote location.
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver