TSPY_INFOSTEA.BO
Windows 2000, Windows XP, Windows Server 2003
![](/vinfo/imgFiles/legend.jpg)
Threat Type: Spyware
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
This spyware may be unknowingly downloaded by a user while visiting malicious websites.
It may be injected into processes running in memory.
It requires its main component to successfully perform its intended routine.
TECHNICAL DETAILS
132608 bytes
DLL
ACProtect
Yes
09 May 2011
Modifies system registry
Arrival Details
This spyware may be unknowingly downloaded by a user while visiting malicious websites.
Installation
This spyware may be injected into processes running in memory.
Autostart Technique
This spyware adds the following registry entries to enable its automatic execution at every system startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{DA550A83-5E5C-41F7-B6C0-A6D729B7B677}\InprocServer32
default = {malware path and filename}
Other System Modifications
This spyware adds the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{DA550A83-5E5C-41F7-B6C0-A6D729B7B677}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{D6915A2B-1C5B-4AE4-BD44-724EF848B9DF}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{AFDCF934-5A5C-4C3C-8C7C-1521DBCE14FD}
It also creates the following registry entry(ies) as part of its installation routine:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
FlashVideo.clsFlashVideo
default = FlashVideo.clsFlashVideo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
FlashVideo.clsFlashVideo\Clsid
default = {DA550A83-5E5C-41F7-B6C0-A6D729B7B677}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{AFDCF934-5A5C-4C3C-8C7C-1521DBCE14FD}\1.0\
0\win32
default = {malware path and filename}
Other Details
This spyware requires its main component to successfully perform its intended routine.