ProSpy 1.9 Fix-07
Released 18 years, 7 months ago. February 2006
Copyright © MegaSecurity
By ?
Informations
| From | Turkey |
| Author | ? |
| Family | ProSpy |
| Category | Information Stealer |
| Version | ProSpy 1.9 Fix-07 |
| Released Date | Feb 2006, 18 years, 7 months ago. |
Additional Information
Server:
dropped file:
c:\WINDOWS\_msn.exe Size: 7,680 bytes
c:\WINDOWS\_pnc.dat Size: 182 bytes
c:\WINDOWS\dxdiag.exe Size: 324,096 bytes
c:\WINDOWS\system32\_dxdiag.exe Size: 324,096 bytes
c:\WINDOWS\system32\_fps.dat Size: 0 bytes
c:\WINDOWS\system32\_fps.exe Size: 15,795 bytes
c:\WINDOWS\system32\_icq.dll Size: 7,168 bytes
c:\WINDOWS\system32\_key.dll Size: 24,576 bytes
c:\WINDOWS\system32\_mps.dat Size: 0 bytes
c:\WINDOWS\system32\_mps.exe Size: 14,259 bytes
c:\WINDOWS\system32\_pnc.dat Size: 182 bytes
c:\WINDOWS\system32\_pnc.exe Size: 7,680 bytes
added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BTT9AE78-87RT-11dW-2944-FF034297} "StubPath"
data: C:\WINDOWS\System32\_dxdiag.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run "Microsoft DirectX Diagnostic Tool"
data: C:\WINDOWS\dxdiag.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR"
old data: 00, 00, 00, 00
new data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
old data: Explorer.exe
new data: Explorer.exe C:\WINDOWS\dxdiag.exe
HKEY_LOCAL_MACHINE\SOFTWARE\mirabilis\icq\DefaultPrefs
HKEY_LOCAL_MACHINE\SOFTWARE\Miranda
HKEY_LOCAL_MACHINE\SOFTWARE\Ghisler
tested on Windows XP
September 14, 2006If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.