1. Symantec/
  2. Security Response/
  3. Spyware.IamBigBrother

Spyware.IamBigBrother

Updated:
February 7, 2007 8:47:43 PM
Type:
Spyware
Name:
IamBigBrother
Version:
9.0
Publisher:
InternetSafetySoftware.com
Risk Impact:
Medium
Systems Affected:
Windows
Spyware.IamBigBrother must be manually installed. The file name of the retail version may vary. The demo version of Spyware.IamBigBrother is distributed as the following file:
brother90demo.exe

Once executed, it creates the following files:
  • dlhost.exe
  • cpanel.exe
  • nl.exe
  • asycfilt.dll
  • comcat.dll
  • comdlg32.ocx
  • ctl3d32.dll
  • dartftp.dll
  • dartsock.dll
  • encodex.dll
  • ijl15.dll
  • ijl15.lib
  • ijl15l.lib
  • marbryObj.dll
  • mailcontrol.ocx
  • mimex.dll
  • winl.dll
  • IRIMG1.JPG
  • IRIMG2.JPG
  • bigbrotherbox.gif
  • box_kidcontrol.gif
  • dmm.dll
  • header_main_iambb.gif
  • help.htm
  • help_top.gif
  • iambb_screen.gif
  • ma.exe
  • spoolsv.exe
  • tutorial.gif
  • tutorial_1.gif
  • tutorial_2.gif
  • tutorial_3.gif
  • uninstall.dat
  • uninstall.xml
  • %System%\DOM.dll
  • %System%\DartFtp.dll
  • %System%\DartSock.dll
  • %System%\EncodeX.dll
  • %System%\MSCOMCT2.OCX
  • %System%\MSFLXGRD.OCX
  • %System%\MSINET.OCX
  • %System%\MabryObj.dll
  • %System%\MailControl.ocx
  • %System%\MimeX.dll
  • %System%\RICHTX32.OCX
  • %System%\SmtpX.DLL
  • %System%\comdlg32.ocx
  • %System%\csXImage.ocx
  • %Windir%\cp.exe

The security risk then creates the following registry entries so that it runs every time Windows starts:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"Windows System Tray" = "[PATH TO SECURITY RISK]\dlhost.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"Windows Service Manager" = "[PATH TO SECURITY RISK]\spoolsv.exe"

It also creates the following registry subkeys:
HKEY_Classes_Root\CLSID\{39fda070-61ba-11d2-ad84-00105a17b608}\InprocServer32
HKEY_Classes_Root\CLSID\{39fda070-61ba-11d2-ad84-00105a17b608}\ToolboxBitmap32
HKEY_Classes_Root\CLSID\{a1eedaa7-c4d8-11d2-ad9c-00105a17b608}\InprocServer32
HKEY_Classes_Root\CLSID\{a1eedaa7-c4d8-11d2-ad9c-00105a17b608}\ToolboxBitmap32
HKEY_Classes_Root\CLSID\{ca4fc24b-c65c-11d1-aa6f-000000000000}InprocServer32\
HKEY_Classes_Root\CLSID\{ca4fc24b-c65c-11d1-aa6f-000000000000}\ToolboxBitmap32
HKEY_Classes_Root\CLSID\{ddd136ce-517b-11d2-ad03-00105a17b608}InprocServer32
HKEY_Classes_Root\CLSID\{ddd136ce-517b-11d2-ad03-00105a17b608}\ToolboxBitmap32
HKEY_Classes_Root\CLSID\{4f99a075-5227-11d2-ad06-00105a17b608}InprocServer32
HKEY_Classes_Root\CLSID\{4f99a075-5227-11d2-ad06-00105a17b608}\ToolboxBitmap32
HKEY_Classes_Root\CLSID\{371d0743-7a57-11d2-ad5a-00105a17b608}InprocServer32
HKEY_Classes_Root\CLSID\{371d0743-7a57-11d2-ad5a-00105a17b608}\ToolboxBitmap32
HKEY_Classes_Root\CLSID\{e9d55102-9683-11d2-ba68-0040053687fe}InprocServer32
HKEY_Classes_Root\CLSID\{e9d55102-9683-11d2-ba68-0040053687fe}\ToolboxBitmap32
HKEY_Classes_Root\CLSID\{0c1f87ae-ae62-11d3-911c-00105a17b608}InprocServer32
HKEY_Classes_Root\CLSID\{0c1f87ae-ae62-11d3-911c-00105a17b608}\ToolboxBitmap32
HKEY_Classes_Root\CLSID\{b22fe43c-d1e8-432a-a862-9f83d5f04732}InprocServer32
HKEY_Classes_Root\CLSID\{b22fe43c-d1e8-432a-a862-9f83d5f04732}\ToolboxBitmap32

The security risk allows the user installing it to configure the installation Path and Log Files Path.
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube