Spyware.MSNPAnalyzer

Printer Friendly Page

Updated: May 10, 2006 6:22:34 PM
Type: Spyware
Risk Impact: Medium
Systems Affected: Windows

Behavior

Spyware.MSNPAnalyzer is a program that monitors and logs all Microsoft Messenger activity.

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version February 01, 2015 revision 020
  • Initial Daily Certified version May 08, 2006
  • Latest Daily Certified version December 12, 2011 revision 018
  • Initial Weekly Certified release date May 10, 2006

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Updated: May 10, 2006 6:22:34 PM
Type: Spyware
Risk Impact: Medium
Systems Affected: Windows

Spyware.MSNPAnalyzer is a program that through the packet sniffing library WinPCap will intercept, decrypt, and log all network activity made by Microsoft Messenger.

Once executed, the security risk creates the following folders:
C:\Documents and Settings\All Users\Start Menu\Programs\MSN Protocol Analyzer
C:\Program Files\MSN Protocol Analyzer

It then creates the following files:
C:\Documents and Settings\All Users\Start Menu\Programs\MSN Protocol Analyzer\MSN Protocol Analyzer.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\MSN Protocol Analyzer\Read Me First.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\MSN Protocol Analyzer\Uninstall MSN Protocol Analyzer.lnk
C:\Program Files\MSN Protocol Analyzer\MSNPAnal.exe
C:\Program Files\MSN Protocol Analyzer\ReadMe.txt
C:\Program Files\MSN Protocol Analyzer\unins000.dat
C:\Program Files\MSN Protocol Analyzer\unins000.exe
C:\Program Files\MSN Protocol Analyzer\WinPcap_3_1.exe
C:\Documents and Settings\Administrator\Desktop\MSN Protocol Analyzer.lnk

The security risk creates the following registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1
HKEY_CURRENT_USER\Software\MSNPAnal
HKEY_CURRENT_USER\Software\MSNPAnal\MSN Protocol Analyzer v0.9
HKEY_CURRENT_USER\Software\MSNPAnal\MSN Protocol Analyzer v0.9\Option
HKEY_CURRENT_USER\Software\MSNPAnal\MSN Protocol Analyzer v0.9\Recent File List
HKEY_CURRENT_USER\Software\MSNPAnal\MSN Protocol Analyzer v0.9\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0E575EA-D916-43F0-01BF-7882E98DF4FA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0A329291-6AE1-C4ED-1607-9F9216DDD4DC}

It creates the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"DisplayName" = "MSN Protocol Analyzer v0.9"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"HelpLink" = "http://www.NextSecurity.NET/ "
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"Inno Setup: App Path" = "C:\Program Files\MSN Protocol Analyzer"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"Inno Setup: Deselected Tasks" = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"Inno Setup: Icon Group" = "MSN Protocol Analyzer"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"Inno Setup: Selected Tasks" = "desktopicon"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"Inno Setup: Setup Version" = "5.1.6"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"Inno Setup: User" = "Administrator"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"InstallLocation" = "C:\Program Files\MSN Protocol Analyzer\"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"NoModify" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"NoRepair" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"Publisher" = "NextSecurity.NET"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"QuietUninstallString" = ""C:\Program Files\MSN ProtocolAnalyzer\unins000.exe" /SILENT"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"URLInfoAbout" = "http://www.NextSecurity.NET/ "
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"URLUpdateInfo" = "http://www.NextSecurity.NET/ "
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"UninstallString" = "C:\Program Files\MSN Protocol Analyzer\unins000.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"MSN Protocol Analyzer v0.9"="C:\Program Files\MSN Protocol Analyzer\MSNPAnal.exe"

This security risk relies on WinPcap application and may create the following files on request:
%ProgramFiles%\WinPcap\daemon_mgm.exe
%ProgramFiles%\WinPcap\INSTALL.LOG
%ProgramFiles%\WinPcap\npf_mgm.exe
%ProgramFiles%\WinPcap\rpcapd.exe
%ProgramFiles%\WinPcap\Uninstall.exe
%System%\drivers\npf.sys
%System%\packet.dll
%System%\pthreadVC.dll
%System%\wpcap.dll
%System%\_packet.dlluninstall

It also creates the following log file:
C:\ssniffer_excep.txt