TSPY_KEYLOG.EV
Windows 2000, Windows XP, Windows Server 2003
![](/vinfo/imgFiles/legend.jpg)
Threat Type: Spyware
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It executes the dropped file(s). As a result, malicious routines of the dropped files are exhibited on the affected system.
It deletes itself after execution.
TECHNICAL DETAILS
Arrival Details
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
This spyware drops the following files:
- %System Root%\Documents and Settings\All Users\Application Data\winsvcfs.DLL
(Note: %System Root% is the root folder, which is usually C:\. It is also where the operating system is located.)
Dropping Routine
This spyware executes the dropped file(s). As a result, malicious routines of the dropped files are exhibited on the affected system.
Other Details
This spyware deletes itself after execution.