AlphaOne Technology Support Forums
Welcome, Guest. Please login or register.
December 02, 2008, 09:46:17 AM

Login with username, password and session length
Search:     Advanced search
1733 Posts in 827 Topics by 4756 Members
Latest Member: Uobeley
* Home Help Search Login Register
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Spyware Alerts  |  Topic: Spyware.SpyLantern 0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Spyware.SpyLantern  (Read 725 times)
Brad
SysAdmin
Tech Team
Hero Member
********
Offline Offline

Posts: 391



View Profile
Spyware.SpyLantern
« on: June 06, 2005, 01:25:16 AM »
Behavior
Spyware.SpyLantern logs keystrokes, captures screenshots, and monitors Internet activity. The gathered information can be sent to a predetermined email address.

Symptoms
Your Symantec program detects Spyware.SpyLantern.

Transmission
Spyware.SpyLantern must be manually installed.

technical details
File names:
setup.exe

When Spyware.SpyLantern is installed, it performs the following actions:

   1. Attempts to display web page at www.spy-lantern.com
   2. Creates the following files:
          * %UserProfile%\Start Menu\Programs\Spy Lantern Keylogger\Control Center.lnk
          * %UserProfile%\Start Menu\Programs\Spy Lantern Keylogger\Help.lnk
          * %UserProfile%\Start Menu\Programs\Spy Lantern Keylogger\Online.url
          * %UserProfile%\Start Menu\Programs\Spy Lantern Keylogger\Uninstall.lnk
          * %UserProfile%\Start Menu\Programs\Spy Lantern Keylogger\Viewer.lnk
          * %System%\[random_name].cfg
          * %System%\[random_name].chm
          * %System%\[random_name].exe
          * %System%\[random_name].sys - Detected as Trojan Horse
          * %System%\[random_name]a.dll
          * %System%\[random_name]cc.exe
          * %System%\[random_name]h.dll
          * %System%\[random_name]l.exe
          * %System%\[random_name]v.exe
          * %Windir%\key.lock

            Notes:
          * %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\<Current User> (Windows NT/2000/XP).
          * %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt (Windows NT/2000).
          * %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

   3. Creates the following registry keys:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spy Lantern Keylogger
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\[random_name]Driver
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\[random_name]Srv
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[random_name]Driver
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[random_name]Srv
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Spy Lantern Keylogger

   4. Modifies the value:

      "AppInit_DLLs" = "[random_name]a.dll"

      in the registry subkey:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

   5. Logs keystrokes, captures screenshots, and monitors Internet activity.

REMOVAL INSTRUCTIONS
See: http://securityresponse.symantec.com/avcenter/venc/data/spyware.spylantern.html
Logged
Mambo Hosting Resources
Pages: [1] Go Up Print 
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Spyware Alerts  |  Topic: Spyware.SpyLantern « previous next »
Jump to:  

Powered by MySQL Powered by PHP AlphaOne Technology Support Forums | Powered by SMF 1.0.7.
© 2001-2005, Lewis Media. All Rights Reserved. 		Valid XHTML 1.0! Valid CSS!