Spyware.MobileSpy

Printer Friendly Page

Updated: May 02, 2007 8:00:08 PM
Type: Spyware
Name: Mobile Spy
Publisher: Retina-X Studios
Risk Impact: Medium

Behavior

Spyware.MobileSpy is a spyware program that records SMS message and phone information and sends this information to a predetermined remote location.

This security risk must be manually installed.

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version April 30, 2018 revision 020
  • Initial Daily Certified version May 03, 2007
  • Latest Daily Certified version April 30, 2018 revision 032
  • Initial Weekly Certified release date May 09, 2007

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Updated: May 02, 2007 8:00:08 PM
Type: Spyware
Name: Mobile Spy
Publisher: Retina-X Studios
Risk Impact: Medium

Once installed on the mobile device, the security risk adds the following folders:

  • \Windows\AppMgr\Retina-X Studios Smartphone
  • \Program Files\Smartphone


Next, it creates the following files:
  • \Windows\AppMgr\Retina-X Studios Smartphone\4001.tmp
  • \Program Files\Smartphone\OpenNETCF.Net.dll
  • \Program Files\Smartphone\OpenNETCF.dll
  • \Program Files\Smartphone\Smartphone.exe
  • \Program Files\Smartphone\hsmsutil.dll
  • \Program Files\Smartphone\smarphone.log
  • \Windows\StartUp\Primary output from Smartphone.lnk
  • Smartphone.exe
  • hsmsutil.dll
  • MobileSpy.CAB

The program then creates the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Apps\Retina-X Studios Smartphone\"Instl" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Apps\Retina-X Studios Smartphone\"InstallDir" = "\Program Files\Smartphone"
HKEY_LOCAL_MACHINE\SOFTWARE\Apps\Retina-X Studios Smartphone\"InstlDir" = "\Program Files\Smartphone"
HKEY_LOCAL_MACHINE\SECURITY\AppInstall\Retina-X Studios Smartphone\ExecutableFiles\"\Program Files\Smartphone\Smartphone.exe" = ""
HKEY_LOCAL_MACHINE\SECURITY\AppInstall\Retina-X Studios Smartphone\ExecutableFiles\"InstallDir" = "\Program Files\Smartphone"
HKEY_LOCAL_MACHINE\SECURITY\AppInstall\Retina-X Studios Smartphone\ExecutableFiles\"Role" = "003e700"
HKEY_LOCAL_MACHINE\SECURITY\AppInstall\Retina-X Studios Smartphone\ExecutableFiles\"Uninstall" = "\Windows\AppMgr\Retina-X Studios Smartphone\4001.tmp"
HKEY_LOCAL_MACHINE\SOFTWARE\RetinaxStudios\"Autologin" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\RetinaxStudios\"Password" = [PASSWORD FOR ACCOUNT]
HKEY_LOCAL_MACHINE\SOFTWARE\RetinaxStudios\"Username" = [USERNAME FOR ACCOUNT]
HKEY_LOCAL_MACHINE\SOFTWARE\RetinaxStudios\"RememberUser" = 1
HKEY_LOCAL_MACHINE\SOFTWARE\RetinaxStudios\"ReportTime" = "1"

The mobile device may then be configured to record the following SMS messaging information:
  • Sender's Number
  • Recipient's Number
  • Date & Time
  • Message Contents
The mobile device may also be configured to record the following Phone call details:
  • Number Dialed
  • Number of Caller
  • Date & Time
  • Call Direction


The program establishes a HTTP connection every 30 minutes, and sends the gathered data to the following locations:
  • [http://]www.mobile-spy.com/webapi/sms[REMOVED]
  • [http://]www.mobile-spy.com/webapi/logi[REMOVED]
  • [http://]www.mobile-spy.com/webapi/callsl[REMOVED]

Updated: May 02, 2007 8:00:08 PM
Type: Spyware
Name: Mobile Spy
Publisher: Retina-X Studios
Risk Impact: Medium

Install a file manager program on the device.

  1. Enable the option to view the files in the system folder.
  2. Delete the following malicious files:

    Smartphone.exe
    hsmsutil.dll
    MobileSpy.CAB
    \Windows\StartUp\Primary output from Smartphone.lnk

  3. Navigate to and delete the following folders:

    \Windows\AppMgr\Retina-X Studios Smartphone
    \Program Files\Smartphone

  4. Navigate to and delete the following registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Apps\Retina-X Studios Smartphone
    HKEY_LOCAL_MACHINE\Security\AppInstall\Retina-X Studios Smartphone\ExecutableFiles
    HKEY_LOCAL_MACHINE\SOFTWARE\RetinaxStudios

  5. Exit the file manager.