AlphaOne Technology Support Forums
Welcome, Guest. Please login or register.
December 02, 2008, 09:23:27 AM

Login with username, password and session length
Search:     Advanced search
1733 Posts in 827 Topics by 4756 Members
Latest Member: Uobeley
* Home Help Search Login Register
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Spyware Alerts  |  Topic: Spyware.TrustyHound 0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Spyware.TrustyHound  (Read 713 times)
Brad
SysAdmin
Tech Team
Hero Member
********
Offline Offline

Posts: 391



View Profile
Spyware.TrustyHound
« on: June 06, 2005, 01:35:20 AM »
Behavior
Spyware.TrustyHound provides a search engine in the system tray and sends system information to a predetermined server.

Symptoms
Files are detected as Spyware.TrustyHound.

Transmission
Spyware.TrustyHound must be manually installed on your system.

technical details

When Spyware.TrustyHound is installed, it performs the following actions:

   1. Creates the following files:

      %ProgramFiles%\TrustyHound-TS\TrustyHound-TS.exe
      %ProgramFiles%\TrustyHound-TB\TRUSTYHOUND-TS-installer.exe
      %ProgramFiles%\TrustyHound-TB\tb[2 random characters]\TRUSTYHOUND-TS-installer.exe

      Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

   2. Creates the following non malicious files:

          * %ProgramFiles%\TrustyHound-TS\cardfountain.html
          * %ProgramFiles%\TrustyHound-TS\cardfountain.ico
          * %ProgramFiles%\TrustyHound-TS\free-stuff-directory.html
          * %ProgramFiles%\TrustyHound-TS\free-stuff-directory.ico
          * %ProgramFiles%\TrustyHound-TS\funflirts.html
          * %ProgramFiles%\TrustyHound-TS\funflirts.ico
          * %ProgramFiles%\TrustyHound-TS\image-search.html
          * %ProgramFiles%\TrustyHound-TS\image-search.ico
          * %ProgramFiles%\TrustyHound-TS\unins000.dat
          * %ProgramFiles%\TrustyHound-TS\unins000.exe
          * %ProgramFiles%\TrustyHound-TS\web-search.html
          * %ProgramFiles%\TrustyHound-TS\web-search.ico
          * %ProgramFiles%\TrustyHound-TB\autofill_plugin.dll
          * %ProgramFiles%\TrustyHound-TB\whiteList_plugin.dll
          * %ProgramFiles%\TrustyHound-TB\msvcp60.dll
          * %ProgramFiles%\TrustyHound-TB\msvcrt.dll
          * %ProgramFiles%\TrustyHound-TB\autofill.cfg
          * %ProgramFiles%\TrustyHound-TB\b246.LOG
          * %ProgramFiles%\TrustyHound-TB\basis.xml
          * %ProgramFiles%\TrustyHound-TB\icons.bmp
          * %ProgramFiles%\TrustyHound-TB\local-bubble.html
          * %ProgramFiles%\TrustyHound-TB\toolbar-search-over.bmp
          * %ProgramFiles%\TrustyHound-TB\toolbar.crc
          * %ProgramFiles%\TrustyHound-TB\toolbar-search.bmp
          * %ProgramFiles%\TrustyHound-TB\toolbar.dll
          * %ProgramFiles%\TrustyHound-TB\version.txt
          * %ProgramFiles%\TrustyHound-TB\websearch-over.bmp
          * %ProgramFiles%\TrustyHound-TB\websearch.bmp

   3. Creates the following files:

          * %Temp%\NS025T
          * %Temp%\TrustyHound-TS.exe
          * %Temp%\~DF2A78.Tmp
          * %UserProfile%\Desktop\CardFountain Greetings.lnk
          * %UserProfile%\Desktop\Free Stuff Directory.lnk
          * %UserProfile%\Desktop\FunFlirts Online Dating.lnk
          * %UserProfile%\Desktop\TrustyHound Image Search.lnk
          * %UserProfile%\Desktop\TrustyHound Web Search.lnk
          * %UserProfile%\Start Menu\CardFountain Greetings.lnk
          * %UserProfile%\Start Menu\Free Stuff Directory.lnk
          * %UserProfile%\Start Menu\FunFlirts Online Dating.lnk
          * %UserProfile%\Start Menu\TrustyHound Image Search.lnk
          * %UserProfile%\Start Menu\TrustyHound Web Search.lnk
          * %UserProfile%\Start Menu\Programs\TrustyHound-TS\CardFountain Greetings.lnk
          * %UserProfile%\Start Menu\Programs\TrustyHound-TS\Free Stuff Directory.lnk
          * %UserProfile%\Start Menu\Programs\TrustyHound-TS\FunFlirts Online Dating.lnk
          * %UserProfile%\Start Menu\Programs\TrustyHound-TS\TrustyHound Image Search.lnk
          * %UserProfile%\Start Menu\Programs\TrustyHound-TS\TrustyHound Web Search.lnk
          * %UserProfile%\Start Menu\Programs\TrustyHound-TS\TrustyHound-TS Companion.lnk

            Notes:
          * %Temp% is a variable that refers to the Windows temporary folder. By default, this is C:\Windows\TEMP (Windows 95/98/Me/XP) or C:\WINNT\Temp (Windows NT/2000).
          * %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\<Current User> (Windows NT/2000/XP).

   4. Adds the value:

      "TrustyHound-TS" = "%ProgramFiles%\TrustyHound-TS\TrustyHound-TS.exe"

      to the registry subkey:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

      so that the risk runs every time Windows starts.

   5. Adds the registry subkey:

      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TrustyHound-TS ( Companion Tools )_is1

      so that Spyware.TrustyHound can be uninstalled.

   6. Displays an icon in the system tray that can be used to access a meta search engine. When the search engine is used, system information is sent to a predetermined server.

ReMOVAL INSTRUCTIONS
See: http://securityresponse.symantec.com/avcenter/venc/data/spyware.trustyhound.html
Logged
Mambo Hosting Resources
Pages: [1] Go Up Print 
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Spyware Alerts  |  Topic: Spyware.TrustyHound « previous next »
Jump to:  

Powered by MySQL Powered by PHP AlphaOne Technology Support Forums | Powered by SMF 1.0.7.
© 2001-2005, Lewis Media. All Rights Reserved. 		Valid XHTML 1.0! Valid CSS!