This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects Spyware.PCParent communicating and requesting information from its controlling server.
Spyware.PCParent records screen shots on a computer at a set time interval.
When Spyware.PCParent is installed and run, it does the following:
1. Adds the value:
to the registry key:
so that the spyware runs each time that Windows is started.
Creates the files:
Note: %Windir% is a variable. By default, this is C:\Windows or C:\Winnt.
- Windows 2000
- Windows 95
- Windows 98
- Windows Me
- Windows NT
- Windows XP
The following instructions pertain to all Symantec antivirus products that support security risk detection.
1. Update the definitions.
2. Uninstall the security risk.
3. Run the scan.
4. Delete any values added to the registry.