SPYWARE_TRAK_ACESPY
MonitoringTool:Win32/SnoopIt, MonitoringTool:Win32/ThePCDetective, Backdoor:Win32/Pasur!rts(Microsoft), Win32/Monitor.SniperSpy application, Win32/PCDetective.C application, Win32/Optix.Pro.13 trojan(Eset)
Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)
Malware-Typ:
Spyware
Zerstrerisch?:
Nein
Verschlsselt?:
In the wild::
Ja
Technische Details
Installation
Schleust folgende Komponentendateien ein:
- %Program Files%\Retina-X Studios\AceSpy\contlist.ndx
- %Program Files%\Retina-X Studios\AceSpy\keylist.ndx
- %Program Files%\Retina-X Studios\AceSpy\LOGS\acecache\_ace03202013.log
- %Program Files%\Retina-X Studios\AceSpy\LOGS\appcache\_app03202013.log
- %Program Files%\Retina-X Studios\AceSpy\LOGS\eventcache\_event03202013.log
- %Program Files%\Retina-X Studios\AceSpy\LOGS\keycache\key20130320055357.log
- %Program Files%\Retina-X Studios\AceSpy\LOGS\keycache\KeyLog03202013.log
- %Program Files%\Retina-X Studios\AceSpy\LOGS\scrcache\scr03202013055355.jpg
- %Program Files%\Retina-X Studios\AceSpy\LOGS\scrcache\scrlog03202013.log
- %Program Files%\Retina-X Studios\AceSpy\LOGS\wincache\app03202013.log
- %Program Files%\Retina-X Studios\AceSpy\urlfname.ndx
- %Program Files%\Retina-X Studios\AceSpy\userlist.ndx
- %Program Files%\Retina-X Studios\AceSpy\winlist.ndx
(Hinweis: %Program Files%ist der Standardordner 'Programme', normalerweise C:\Programme.)
Erstellt die folgenden Ordner:
- {All User's Profile}\Start Menu\Programs\AceSpy
- %Program Files%\Retina-X Studios
- %Program Files%\Retina-X Studios\AceSpy
- %Program Files%\Retina-X Studios\AceSpy\LOGS
- %Program Files%\Retina-X Studios\AceSpy\LOGS\acecache
- %Program Files%\Retina-X Studios\AceSpy\LOGS\appcache
- %Program Files%\Retina-X Studios\AceSpy\LOGS\clipcache
- %Program Files%\Retina-X Studios\AceSpy\LOGS\emailcache
- %Program Files%\Retina-X Studios\AceSpy\LOGS\eventcache
- %Program Files%\Retina-X Studios\AceSpy\LOGS\iecache
- %Program Files%\Retina-X Studios\AceSpy\LOGS\keycache
- %Program Files%\Retina-X Studios\AceSpy\LOGS\msgcache
- %Program Files%\Retina-X Studios\AceSpy\LOGS\prncache
- %Program Files%\Retina-X Studios\AceSpy\LOGS\recentcache
- %Program Files%\Retina-X Studios\AceSpy\LOGS\scrcache
- %Program Files%\Retina-X Studios\AceSpy\LOGS\taskcache
- %Program Files%\Retina-X Studios\AceSpy\LOGS\wincache
(Hinweis: %Program Files%ist der Standardordner 'Programme', normalerweise C:\Programme.)
Andere Systemänderungen
Fügt die folgenden Registrierungsschlüssel hinzu:
HKEY_CURRENT_USER\Software\VnSI4H Softwares
HKEY_CURRENT_USER\Software\VnSI4H Softwares\
StealthAPIs
HKEY_LOCAL_MACHINE\SOFTWARE\RXS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\mchInjDrv
Fügt die folgenden Registrierungseinträge hinzu:
HKEY_LOCAL_MACHINE\SOFTWARE\RXS
thePassword = "{password}"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\mchInjDrv
ImagePath = "\??\%User Temp%\mc2B.tmp"