1. Symantec/
  2. Security Response/
  3. Spyware.HTEmployeeMon

Spyware.HTEmployeeMon

Updated:
November 5, 2012 4:37:43 PM
Type:
Spyware
Name:
HT Employee Monitor
Publisher:
Hidetools.com
Risk Impact:
Medium
Systems Affected:
Windows
This program must be manually installed.

When the program is executed, it creates the following folders:
  • %ProgramFiles%\HEM
  • %UserProfile%\Start Menu\Programs\HT Employee Monitor

Next, it creates the following registry entry so that it executes whenever Windows starts:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"wmime" = "%Program Files%\HEM\wmime.exe /STARTUP"


It then creates the following files:
  • %ProgramFiles%\HEM\help.chm
  • %ProgramFiles%\HEM\ijl15.dll
  • %ProgramFiles%\HEM\setalc.exe
  • %ProgramFiles%\HEM\uninstall.exe
  • %ProgramFiles%\HEM\wmime.exe
  • %UserProfile%\Start Menu\Programs\HT Employee Monitor\HT Employee Monitor Help.lnk
  • %UserProfile%\Start Menu\Programs\HT Employee Monitor\HT Employee Monitor.lnk

Next, it creates the following registry subkeys:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Hidetools
  • HKEY_LOCAL_MACHINE\SOFTWARE\Hidetools\Common Data
  • HKEY_LOCAL_MACHINE\SOFTWARE\HT
  • HKEY_LOCAL_MACHINE\SOFTWARE\HT\Common Data

The spyware program may then record the following information:
  • Event and application logging
  • Keystrokes
  • Screenshots
  • Websites visited

The program may then send the recorded information to a remote location.
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube