Behavior
Spyware.WebSurfWatch is a spyware program that monitors and records Web sites visited in Internet Explorer or AOL browsers.
Symptoms
Your Symantec program detects Spyware.WebSurfWatch.
Transmission
This security risk must be manually installed.
technical details
File names: wswarc.exe; WSW.exe; WIND0WS.exe
When Spyware.WebSurfWatch is executed, it performs the following actions:
1. Creates the file C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WIND0WS.EXE
so that the risk runs every time user logs on.
2. Creates the following files:
* %UserProfile%\Desktop\Web Surfer Watcher.lnk
* %UserProfile%\Local Settings\Temp\MSVBVM60.DLL
* %UserProfile%\Local Settings\Temp\Setup.exe
* %ProgramFiles%\SWIS\Pointer.html
* %ProgramFiles%\SWIS\SWIS.txt
* %ProgramFiles%\SWIS\WSW.exe
* %Windir%\system32\WSWRI.DAT
* %Windir%\RSR2B.EXE
* %Windir%\winwm.rws
* %Windir%\zxcvrsv.ini
* %SystemDrive%\NumberReport.txt
Notes:
* %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] (Windows NT/2000/XP)
* %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
* %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt (Windows NT/2000).
* %SystemDrive% is a variable that refers to the drive on which Windows is installed. By default, this is drive C.
3. Monitors and records all the websites visited using Internet Explorer or AOL browser to a log file.
REMOVAL INSTRUCTIONSSee:
http://securityresponse.symantec.com/avcenter/venc/data/spyware.websurfwatch.html
AlphaOne Technology Support Forums
Author
Logged
