ViRobot

Security Info

  • Security Center
    • Malicious program
  • Security Dictionary
  • Security Service
  • Free Download!!

Threats DB

Monitor.007SpySoft.1246154

Aliases  [Kaspersky Lab] not-a-virus:Monitor.Win32.007SpySoft.308
Typical Symptoms  malicious action,Auto-execution on rebooting
Discovered  [korea] 2009-01-09
 [Foreign] 0000-00-00
Type  Monitor ActiveField  
Damage/Distribution
Origin  others Encryption  NO
Target of infection  Webpage,Execution
Scan engine needed
2009-1-9 [Able to detect & repair]
  • Free trial download
Description

[Monitor.007SpySoft.1246154] is a monitoring program that shows the user information of installed system.

This program monitors below five items and it saves as each file and image.

 - Keystrokes Log
 - WebSites Log
 - Application Log
 - Screenshots Log
 - File/FolderS Log

Settings of [007 Spy Software]


1. Keyboard stroke monitoring





2. Website connection monitoring

 



3. Application usage monitoring




4. Screen monitoring









5. File/Folder copy or delete monitoring





[Monitor.007SpySoft.1246154] is using various normal Windows system file and registry so, you should be very careful when you delete it.


< URL >
http://www.(   )-software.com/spy_software.htm

< Files >
[Monitor.007SpySoft.1246154] generates following files.
(Program folder)\Common Files\Microsoft Shared\DAO\ssdata\Apps.dat
(Program folder)\Common Files\Microsoft Shared\DAO\ssdata\kys.dat
(Program folder)\Common Files\Microsoft Shared\DAO\ssdata\lgstat.ini
(Program folder)\Common Files\Microsoft Shared\DAO\ssdata\scr.dat
(Program folder)\Common Files\Microsoft Shared\DAO\svchost.exe
(System folder)\COMCTL32.OCX
(System folder?)\ijl11pro.DLL
(System folder)\MSINET.OCX
(System folder)\VB5STKIT.DLL
(Windows folder)\winhelp.ini

< Registry >
[Monitor.007SpySoft.1246154] generates following files.
HKLM\SOFTWARE\Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}
HKLM\SOFTWARE\Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}
HKLM\SOFTWARE\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}
HKLM\SOFTWARE\Classes\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}
HKLM\SOFTWARE\Classes\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}
HKLM\SOFTWARE\Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}
HKLM\SOFTWARE\Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}
HKLM\SOFTWARE\Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}
HKLM\SOFTWARE\Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}
HKLM\SOFTWARE\Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}
HKLM\SOFTWARE\Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}
HKLM\SOFTWARE\Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}
HKLM\SOFTWARE\Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}
HKLM\SOFTWARE\Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}
HKLM\SOFTWARE\Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}
HKLM\SOFTWARE\Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}
HKLM\SOFTWARE\Classes\Interface\{0713E451-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E791-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8A0-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8A1-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8A3-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8A4-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8A5-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8A7-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8AE-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8AF-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8B0-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8B1-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8D0-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8D1-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E944-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E953-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}
HKLM\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}
HKLM\SOFTWARE\Classes\Interface\{2C787A50-E01C-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{2C787A52-E01C-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{373FF7F1-EB8B-11CD-8820-08002B2F4F5A}
HKLM\SOFTWARE\Classes\Interface\{373FF7F2-EB8B-11CD-8820-08002B2F4F5A}
HKLM\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}
HKLM\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}
HKLM\SOFTWARE\Classes\Interface\{58DA8D8B-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{58DA8D8C-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{58DA8D90-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{58DA8D91-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{58DA8D94-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{58DA8D95-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{612A8625-0FB3-11CE-8747-524153480004}
HKLM\SOFTWARE\Classes\Interface\{612A8626-0FB3-11CE-8747-524153480004}
HKLM\SOFTWARE\Classes\Interface\{6B7E6390-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{6B7E6391-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{6E1B5150-DB62-11D0-A0D8-0080C7E7B78D}
HKLM\SOFTWARE\Classes\Interface\{7791BA40-E020-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{7791BA42-E020-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{7791BA50-E020-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{7791BA52-E020-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{7791BA60-E020-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{7791BA62-E020-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{8556BCD0-E01E-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{8556BCD2-E01E-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{9ED94441-E5E8-101B-B9B5-444553540000}
HKLM\SOFTWARE\Classes\Interface\{9ED94442-E5E8-101B-B9B5-444553540000}
HKLM\SOFTWARE\Classes\Interface\{BF877890-E026-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{BF877892-E026-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{BF877894-E026-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{BF877896-E026-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{E6E17E80-DF38-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{E6E17E82-DF38-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{E6E17E84-DF38-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{E6E17E86-DF38-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{E6E17E88-DF38-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{E6E17E8A-DF38-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{E6E17E8C-DF38-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{E6E17E8E-DF38-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{EC0AB1C0-6CAB-11CF-8998-00AA00688B10}
HKLM\SOFTWARE\Classes\Interface\{F4D83600-895E-11D0-B0A6-000000000000}
HKLM\SOFTWARE\Classes\Interface\{F4D83601-895E-11D0-B0A6-000000000000}
HKLM\SOFTWARE\Classes\Interface\{F4D83602-895E-11D0-B0A6-000000000000}
HKLM\SOFTWARE\Classes\Interface\{F4D83603-895E-11D0-B0A6-000000000000}
HKLM\SOFTWARE\Classes\Interface\{F4D83604-895E-11D0-B0A6-000000000000}
HKLM\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}
HKLM\SOFTWARE\Classes\TypeLib\{6B7E6392-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\COMCTL.ImageListCtrl
HKLM\SOFTWARE\Classes\COMCTL.ImageListCtrl.1
HKLM\SOFTWARE\Classes\COMCTL.ListViewCtrl
HKLM\SOFTWARE\Classes\COMCTL.ListViewCtrl.1
HKLM\SOFTWARE\Classes\COMCTL.ProgCtrl
HKLM\SOFTWARE\Classes\COMCTL.ProgCtrl.1
HKLM\SOFTWARE\Classes\COMCTL.SBarCtrl
HKLM\SOFTWARE\Classes\COMCTL.SBarCtrl.1
HKLM\SOFTWARE\Classes\COMCTL.Slider
HKLM\SOFTWARE\Classes\COMCTL.Slider.1
HKLM\SOFTWARE\Classes\COMCTL.TabStrip
HKLM\SOFTWARE\Classes\COMCTL.TabStrip.1
HKLM\SOFTWARE\Classes\COMCTL.Toolbar
HKLM\SOFTWARE\Classes\COMCTL.Toolbar.1
HKLM\SOFTWARE\Classes\COMCTL.TreeCtrl
HKLM\SOFTWARE\Classes\COMCTL.TreeCtrl.1
HKLM\SOFTWARE\Classes\InetCtls.Inet
HKLM\SOFTWARE\Classes\InetCtls.Inet.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows LSASS Service: "(program folder)\Common Files\Microsoft Shared\DAO\svchost.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\system32\ijl11pro.DLL: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\system32\VB5STKIT.DLL: 0x00000001


Removal Instructions

[How to repair]


1. If you are WinXP/ME users, please be inactivate System Recovery Function.
The reason why being inactivate of the system recovery is to clean the virus completely.
You can refer to MS technical documents(Q263455) for more details.


2. Update the engine module for the latest one.
To repair this virus, you need to update the engine for the latest one.


a. ViRobot products users
-Download the latest engine files via our website (www.hauri.net)


b. Non-ViRobot products users
- Use the LiveCall (Free Scan) via the website (http://www.livecall.co.kr)
- Use the trial version of ViRobot products (30days only)


3. How to scan the virus.


a. Run your ViRobot, and choose all files in scan option.
- ViRobot Desktop 5.x : [Tools] -> [Configuration] -> [Spyware/Adware Scan] : Check all files
- LiveCall (Free Scan) : [Advanced Scan] : Check


b. Repair all viruses detected.


List
Copyright 2008 @ HAURI Inc. All rights reserved. SiteMap