Hacktool.Spytector

[Brad]

Behavior
Hacktool.Spytector is a hack tool used to generate customizable spyware that has the ability to log keystrokes.

Symptoms
One or more files are detected as Hacktool.Spytector.

Transmission
The file must be manually executed to install this program.

technical details
File names: Spytector.exe

When Hacktool.Spytector is executed, it performs the following actions:

   1. Creates the folder %ProgramFiles%\Spytector

      Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

   2. Creates the following files in the folder %ProgramFile%\Spytector:

          * Spytector.exe
          * Help.chm
          * ReadMe.txt
          * License.html
          * Spytector Purchase

   3. Creates the following registry subkeys:

      HKEY_CURRENT_USER\Software\Spytector\1.2.5
      HKEY_LOCAL_MACHINE\Windows\CurrentVersion\Uninstall\Spytector\1.2.5

   4. Displays a dialog box that is used to create customizable spyware. Customizable features of the spyware include:

          * Server name (Filename)
          * Logfile name
          * Startup key (GUID)
          * Log delivery method (Email, FTP, or Browser.)
          * Adding password
          * Automatic uninstallation
          * Keylogger filter
          * Icon

REMOVAL INSTRUCTIONS
See: http://securityresponse.symantec.com/avcenter/venc/data/hacktool.spytector.html

To delete the value from the registry
   1. Click Start > Run.
   2. Type regedit

      Then click OK.

      Note: If the registry editor fails to open the risk may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.

   3. Navigate to and delete the following subkeys:

      HKEY_CURRENT_USER\Software\Spytector\1.2.5
      HKEY_LOCAL_MACHINE\Windows\CurrentVersion\Uninstall\Spytector\1.2.5

   4. Exit the Registry Editor.