Systweak Spyware Library
Systweak Spyware Library text
More than 21875 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Monitoring.aim-logger Analysis Report
Threat Submitted On: 8/29/2007 7:59:16 AM
Threat Analysed On: 8/29/2007 12:59:16 PM
Threat Updated On: 1/27/2011 3:12:45 PM
Type : Monitoring
Symptoms of aim-logger
  • Capture the activities performed by the user on a system
  • Captured information is sent to the intruder.
  • The intruder can access the compromised machine at real-time.
Information
Alias : Monitoring.aim-logger
Md5 Hash : [725f3b281656fe145b551214931c58bb]
File Size : (1199570 bytes)

Technical Details

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Note:
Delete the following Files to remove Infection
File: mail to support.lnk
Path : %userprofile%\start menu\programs\spyarsenal aim logger\links

Md5Hash :a955c75fc7db89774e3bc740ede55e96 ( 1795 bytes)
File: spyarsenal aim logger.lnk
Path : %userprofile%\start menu\programs\spyarsenal aim logger

Md5Hash :3c5cf9a829c0f852e3cd62d4d06014b9 ( 1640 bytes)
File: admparsea.dll
Path : %windir%\system32

Md5Hash :71eccbb29080bdb1f29d48fe9de53653 ( 1024 bytes)
File: aimlogger.chm
Path : %windir%\system32\csvdea

Md5Hash :acf870beeaba5f5ece141717f11e467d ( 31929 bytes)
File: csvde.dll
Path : %windir%\system32\csvdea

Md5Hash :56b2ff77ab2f677432be5adaba2b93dc ( 52736 bytes)
File: csvdea.exe
Path : %windir%\system32\csvdea

Md5Hash :a7b8a3c4476b05ff046ad9142e1f5814 ( 1210368 bytes)
File: download lastest version.url
Path : %windir%\system32\csvdea\links

Md5Hash :38b369d8992bf1d8525ea70a1c997298 ( 63 bytes)
File: program's home page.url
Path : %windir%\system32\csvdea\links

Md5Hash :2117df2ae7addf4b5d93edc80b44d2a7 ( 66 bytes)
File: rva.exe
Path : %windir%\system32\csvdea

Md5Hash :01ed740d281167f3e948ceb8b6c061a7 ( 629573 bytes)
File: [randomname].exe
Path : %workingdir%

Md5Hash :725f3b281656fe145b551214931c58bb ( 1199570 bytes)
The following Registry Values are added to the provided Registry Keys :-
Note:
Delete the added Values from the Key to remove Infection
|__ Value Added :
csvdea = "%windir%\system32\csvdea\csvdea.exe"
Creates the following child process(s) on execution:

%windir%\system32\csvdea\csvdea.exe

services.exe

Creates the Following MUTEX(s) on user's System:-
csvdea.exe
c:-windows-system32-csvdea-

NOTE:

1. %userprofile% Refers to the windows current user's profile folder. By default it is 'C:\Documents and Settings\[user]'
2. %windir% Refers to the windows root folder. By default it is 'C:\Windows'
3. %workingdir% Refers to the current directory in which user is working.

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more spywarelib.com recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.


Microsoft Gold Certified Partner

© Systweak Inc., 1999-2011 All rights reserved.