1. Symantec/
  2. Security Response/
  3. Spyware.MSNPAnalyzer

Spyware.MSNPAnalyzer

Updated:
May 10, 2006 6:22:34 PM
Type:
Spyware
Risk Impact:
Medium
Systems Affected:
Windows
Spyware.MSNPAnalyzer is a program that through the packet sniffing library WinPCap will intercept, decrypt, and log all network activity made by Microsoft Messenger.

Once executed, the security risk creates the following folders:
C:\Documents and Settings\All Users\Start Menu\Programs\MSN Protocol Analyzer
C:\Program Files\MSN Protocol Analyzer

It then creates the following files:
C:\Documents and Settings\All Users\Start Menu\Programs\MSN Protocol Analyzer\MSN Protocol Analyzer.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\MSN Protocol Analyzer\Read Me First.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\MSN Protocol Analyzer\Uninstall MSN Protocol Analyzer.lnk
C:\Program Files\MSN Protocol Analyzer\MSNPAnal.exe
C:\Program Files\MSN Protocol Analyzer\ReadMe.txt
C:\Program Files\MSN Protocol Analyzer\unins000.dat
C:\Program Files\MSN Protocol Analyzer\unins000.exe
C:\Program Files\MSN Protocol Analyzer\WinPcap_3_1.exe
C:\Documents and Settings\Administrator\Desktop\MSN Protocol Analyzer.lnk

The security risk creates the following registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1
HKEY_CURRENT_USER\Software\MSNPAnal
HKEY_CURRENT_USER\Software\MSNPAnal\MSN Protocol Analyzer v0.9
HKEY_CURRENT_USER\Software\MSNPAnal\MSN Protocol Analyzer v0.9\Option
HKEY_CURRENT_USER\Software\MSNPAnal\MSN Protocol Analyzer v0.9\Recent File List
HKEY_CURRENT_USER\Software\MSNPAnal\MSN Protocol Analyzer v0.9\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0E575EA-D916-43F0-01BF-7882E98DF4FA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0A329291-6AE1-C4ED-1607-9F9216DDD4DC}

It creates the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"DisplayName" = "MSN Protocol Analyzer v0.9"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"HelpLink" = "http://www.NextSecurity.NET/"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"Inno Setup: App Path" = "C:\Program Files\MSN Protocol Analyzer"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"Inno Setup: Deselected Tasks" = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"Inno Setup: Icon Group" = "MSN Protocol Analyzer"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"Inno Setup: Selected Tasks" = "desktopicon"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"Inno Setup: Setup Version" = "5.1.6"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"Inno Setup: User" = "Administrator"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"InstallLocation" = "C:\Program Files\MSN Protocol Analyzer\"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"NoModify" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"NoRepair" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"Publisher" = "NextSecurity.NET"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"QuietUninstallString" = ""C:\Program Files\MSN ProtocolAnalyzer\unins000.exe" /SILENT"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"URLInfoAbout" = "http://www.NextSecurity.NET/"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"URLUpdateInfo" = "http://www.NextSecurity.NET/"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Protocol Analyzer_is1\"UninstallString" = "C:\Program Files\MSN Protocol Analyzer\unins000.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"MSN Protocol Analyzer v0.9"="C:\Program Files\MSN Protocol Analyzer\MSNPAnal.exe"

This security risk relies on WinPcap application and may create the following files on request:
%ProgramFiles%\WinPcap\daemon_mgm.exe
%ProgramFiles%\WinPcap\INSTALL.LOG
%ProgramFiles%\WinPcap\npf_mgm.exe
%ProgramFiles%\WinPcap\rpcapd.exe
%ProgramFiles%\WinPcap\Uninstall.exe
%System%\drivers\npf.sys
%System%\packet.dll
%System%\pthreadVC.dll
%System%\wpcap.dll
%System%\_packet.dlluninstall

It also creates the following log file:
C:\ssniffer_excep.txt
Summary| Technical Details

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube