1. Symantec/
  2. Security Response/
  3. Spyware.STAR

Spyware.STAR

Updated:
February 13, 2007 11:38:15 AM
Type:
Spyware
Version:
4.6
Publisher:
Stealth Activity Reporter
Risk Impact:
High
File Names:
wsys.exe wsys.dll LoggerConfugurator.exe RemoteUnInstaller.exe ReportManager.exe
Systems Affected:
Windows


Spyware.STAR is distributed in WinZip file format, with the name star.zip, containing the following files
    • setup.exe
    • Data.CAB

When setup.exe is executed, it does the following:
  1. Creates the following files:
    • wsys.exe: This is the main spyware file. Detected as Spyware.STAR.
    • wsys.dll: Detected as Spyware.STAR.
    • DecodeScreenShots.exe
    • LoggerConfigurator.exe: Detected as Spyware.STAR.
    • RemoteUnInstaller.exe: Detected as Spyware.STAR.
    • ReportManager.exe: Detected as Spyware.STAR.
    • Uninstall.exe

  2. Allows the person installing it to configure the installation Path, and the Log Files Path.
    • The default <installation path> is "%ProgramFiles%\STAR\"
    • The default <log files path> is "%ProgramFiles%\STAR\"

      Notes: %ProgramFiles% is a variable that refers to the path to the program files folder. By default, this is "C:\Program Files\."

  3. Adds the value:

    "wsys" = "<installation path>\wsys.exe"

    to the following registry key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

    so that the spyware runs when you start Windows.

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube