AlphaOne Technology Support Forums
Welcome, Guest. Please login or register.
December 02, 2008, 09:51:59 AM

Login with username, password and session length
Search:     Advanced search
1733 Posts in 827 Topics by 4756 Members
Latest Member: Uobeley
* Home Help Search Login Register
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Spyware Alerts  |  Topic: Spyware.StingKeyLogger 0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Spyware.StingKeyLogger  (Read 666 times)
Brad
SysAdmin
Tech Team
Hero Member
********
Offline Offline

Posts: 391



View Profile
Spyware.StingKeyLogger
« on: June 06, 2005, 01:33:35 AM »
Behavior
Spyware.StingKeyLogger is a spyware program that logs keystrokes.

Symptoms
Your Symantec program detects Spyware.StingKeyLogger.

Transmission
The file must be manually executed to install this program.

technical details
File names:
svchost.exe
StingWare KeyLogger.msi
keylogger.exe

When Spyware.StingKeyLogger is installed, it performs the following actions:


   1. Creates the following files:

          * %UserProfile%\Start Menu\Programs\StingWare\KeyLogger Support.lnk
          * %UserProfile%\Start Menu\Programs\StingWare\KeyLogger.lnk
          * %UserProfile%\Start Menu\Programs\StingWare\Uninstall.lnk
          * %ProgramFiles%\StingWare\KeyLogger Support.url
          * %ProgramFiles%\StingWare\stng.dat
          * %ProgramFiles%\StingWare\svchost.exe
          * %ProgramFiles%\{36B40193-4F10-4D8C-96D7-8544CCC6F704}\StingWare KeyLogger.msi
          * %Windir%\Installer\cefbfc.msi
          * %Windir%\Installer\{76E2367E-9311-47FC-A83E-7375099675C5}\NewShortcut1_76E2367E931147FCA83E7375099675C5_5.exe
          * %Windir%\WSD.DLL
          * %System%\msadodc.ocx -- This is a legitimate component needed for some applications written in Visual Basic. It may be used by other applications on your computer.

            Notes:
          * %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\<Current User> (Windows NT/2000/XP).
          * %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
          * %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt (Windows NT/2000).
          * %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

   2. Creates the following registry keys:

      HKEY_LOCAL_MACHINE\SOFTWARE\StingWare
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76E2367E-9311-47FC-A83E-7375099675C5}

   3. Adds the value:

      "C:\Program Files\StingWare\" = ""

      to the registry subkey:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

   4. Adds the value:

      "C:\Documents and Settings\All Users\Start Menu\Programs\StingWare\" = ""

      to the registry subkey:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

   5. Adds the value:

      "WinAppLog" = ""C:\Program Files\StingWare\svchost.exe" /h"

      to the registry subkey:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

      so that Spyware.StingKeyLogger runs every time Windows starts.

   6. Logs keystrokes silently.

REMOVAL INSTRUCTIONS
See: http://securityresponse.symantec.com/avcenter/venc/data/spyware.stingkeylogger.html
Logged
Mambo Hosting Resources
Pages: [1] Go Up Print 
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Spyware Alerts  |  Topic: Spyware.StingKeyLogger « previous next »
Jump to:  

Powered by MySQL Powered by PHP AlphaOne Technology Support Forums | Powered by SMF 1.0.7.
© 2001-2005, Lewis Media. All Rights Reserved. 		Valid XHTML 1.0! Valid CSS!