1. Symantec/
  2. Security Response/
  3. Spyware.InvisibleKey.C

Spyware.InvisibleKey.C

Updated:
February 13, 2007 11:40:40 AM
Type:
Spyware
Version:
1.25
Publisher:
SpyPatrol
Risk Impact:
High
File Names:
web.dll,ik.dll,nvsr32.exe
Systems Affected:
Windows

When Spyware.InvisibleKey.C is executed, it performs the following:
  1. Creates the following files:
    • %ProgramFiles%\Invisible Keylogger\web.dat (log file for Web use)
    • %ProgramFiles%\Invisible Keylogger\lview.exe (log file viewer)
    • %ProgramFiles%\Invisible Keylogger\nvsr32.exe (keylogger itself, detected as Spyware.InvisibleKey.C)
    • %ProgramFiles%\Invisible Keylogger\ik.dll (keyboard hook, detected as Spyware.InvisibleKey.C)
    • %ProgramFiles%\Invisible Keylogger\web.dll (IE browser helper object for monitoring Internet use, many keyloggers use this, and it may be detected as Spyware.Perfect)
    • %ProgramFiles%\Invisible Keylogger\scrshots\*.jpg (JPEG screen captures)

      Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

  2. Creates the following registry keys:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\IK
    HKEY_CLASSES_ROOT\BPK.IESpy.1
    HKEY_CLASSES_ROOT\BPK.IESpy
    HKEY_CLASSES_ROOT\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951F}
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951F}
    HKEY_CLASSES_ROOT\TypeLib\{1E1B2879-88FF-11D3-8D96-D7ACAC95951F}
    HKEY_CLASSES_ROOT\Interface\{1E1B2879-88FF-11D3-8D96-D7ACAC95951F}
    HKEY_LOCAL_MACHINE\Software\SpyPatrol Internet Surveillance
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Invisible Keylogger 1.1

  3. Adds the value:

    "BPK"="%ProgramFiles%\Invisible Keylogger\nvsr32.exe"

    to the registry key:

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that the Spyware runs every time Windows starts.

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube