Spyware.Spy-Guard

Printer Friendly Page

Updated: February 16, 2006 7:55:42 AM
Type: Spyware
Risk Impact: High
Systems Affected: Windows

Behavior

Spyware.Spy-Guard is a spyware program that logs keystrokes and monitors user activity, such as Web sites visited. It can also block specific sites.

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version February 01, 2015 revision 020
  • Initial Daily Certified version February 16, 2006
  • Latest Daily Certified version January 26, 2015 revision 023
  • Initial Weekly Certified release date February 15, 2006

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Writeup By: SpyGuard

Updated: February 16, 2006 7:55:42 AM
Type: Spyware
Risk Impact: High
Systems Affected: Windows

Spyware.Spy-Guard is a spyware program that logs keystrokes and monitors user activity, such as Web sites visited. It can also block specific sites.

When Spyware.Spy-Guard is installed, it creates the following files:
%CurrentFolder%\MSFLXGRD.OCX (This is a non-malicious component that may be used by other applications.)
%CurrentFolder%\TABCTL32.ocx (This is a non-malicious component that may be used by other applications.)
%CurrentFolder%\MSSTDFMT.DLL (This is a non-malicious component that may be used by other applications.)
%CurrentFolder%\MSVBVM60.DLL (This is a non-malicious component that may be used by other applications.)
%CurrentFolder%\STDFTFR.DLL (This is a non-malicious component that may be used by other applications.)
%CurrentFolder%\STDOLE2.TLB (This is a non-malicious component that may be used by other applications.)
%CurrentFolder%\svcmon.exe
%CurrentFolder%\setup.bat
%CurrentFolder%\Installation.txt
%CurrentFolder%\license_condition d'utilisation.txt
%System%\esys.dll
%System%\Flxgdfr.dll (This is a non-malicious component that may be used by other applications.)
%System%\Msflxgrd.ocx (This is a non-malicious component that may be used by other applications.)
%System%\Msstdfmt.dll (This is a non-malicious component that may be used by other applications.)
%System%\stdftfr.dll (This is a non-malicious component that may be used by other applications.)
%System%\Tabctfr.dll (This is a non-malicious component that may be used by other applications.)
%System%\Tabctl32.ocx (This is a non-malicious component that may be used by other applications.)
%System%\Vb6fr.dll (This is a non-malicious component that may be used by other applications.)
%System%\Vb6stkit.dll (This is a non-malicious component that may be used by other applications.)

The risk then creates the following folders:
%CurrentFolder%\win_95_98
%CurrentFolder%\win2000
%CurrentFolder%\win_me
%CurrentFolder%\win_xp

Next, the risk creates the following registry entry, so that it runs every time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"svcmon" = "%CurrentFolder%\svcmon.exe"

The risk also creates numerous legitimate registry entries associated with the non-malicious components mentioned above that are installed by it.

The risk then logs keystrokes and monitors user activity, such as Web sites visited.

This risk also has the functionality to block access to specific Web sites.

Writeup By: SpyGuard