AlphaOne Technology Support Forums
Welcome, Guest. Please login or register.
January 08, 2009, 03:24:06 AM

Login with username, password and session length
Search:     Advanced search
1733 Posts in 827 Topics by 5342 Members
Latest Member: hikslyypro
* Home Help Search Login Register
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Spyware Alerts  |  Topic: Spyware.HiddenRecorder 0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Spyware.HiddenRecorder  (Read 625 times)
Brad
SysAdmin
Tech Team
Hero Member
********
Offline Offline

Posts: 391



View Profile
Spyware.HiddenRecorder
« on: June 16, 2005, 11:57:07 PM »
Behavior
Spyware.HiddenRecorder periodically takes screenshots of the computer.

Symptoms
Files are detected as Spyware.HiddenRecorder.

Transmission
Spyware.HiddenRecorder must be manually installed.

technical details
File names:
HR.exe
hr_setup.exe

When Spyware.HiddenRecorder is installed, it does the following:

   1. Creates the following files:

          * %UserProfile%\Desktop\hr_setup.exe
          * %ProgramFiles%\Oleansoft\HR\Archive\Readme.txt
          * %ProgramFiles%\Oleansoft\HR\HR.EXE
          * %ProgramFiles%\Oleansoft\HR\HRHELP.CHM
          * %ProgramFiles%\Oleansoft\HR\License.txt
          * %ProgramFiles%\Oleansoft\HR\Uninstal.exe
          * %Windir%\system\Winhr15.dll
          * %Windir%\hrdir.ini

            Note:
          * %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
          * %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] (Windows NT/2000/XP).
          * %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

   2. Creates the following registry key:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hidden Recorder

   3. Adds the value:

      "HR" = "C:\Program Files\Oleansoft\HR\Hr.exe"

      to the registry subkey:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

      to ensure the programs runs on windows startup.

REMOVAL INSTRUCTIONS
See: http://securityresponse.symantec.com/avcenter/venc/data/spyware.hiddenrecorder.html

To delete the value from the registry
   1. Click Start > Run.
   2. Type regedit

      Then click OK.

      Note: If the registry editor fails to open the risk may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.

   3. Navigate to and delete the following subkey:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hidden Recorder

   4. Navigate to the subkey:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

   5. In the right pane, delete the value:

      "HR" = "C:\Program Files\Oleansoft\HR\Hr.exe"

   6. Exit the Registry Editor.
Logged
Mambo Hosting Resources
Pages: [1] Go Up Print 
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Spyware Alerts  |  Topic: Spyware.HiddenRecorder « previous next »
Jump to:  

Powered by MySQL Powered by PHP AlphaOne Technology Support Forums | Powered by SMF 1.0.7.
© 2001-2005, Lewis Media. All Rights Reserved. 		Valid XHTML 1.0! Valid CSS!