SpywareNo

SpywareNo

Found: 
2005-07-06
Known system changes: 

Created Files

  • %System%\mswinup32.dll
  • %Windir%\desktop.html
  • %Windir%\bg.gif
  • %Windir%\adw.htm
  • %Temp%\~df4659.tmp
  • %StartupPrograms%\spysheriff\spysheriff.lnk
  • %Desktop%\spywareno.lnk
  • %Desktop%\spytrooper.lnk
  • %Desktop%\spysheriff.lnk
  • %ApplicationData%\install.dat
  • %System%\mswinxml.dll
  • %System%\winlfl32.dll
  • %Windir%\back.gif
  • %Windir%\buy-btn.gif
  • %Windir%\download-btn.gif
  • %Desktop%\pesttrap.lnk
  • %ProgramFiles%\secure32.htm
  • %System%\secure32.htm

Created Folders

  • %ProgramFiles%\pesttrap
  • %StartupPrograms%\spywareno
  • %StartupPrograms%\spytrooper
  • %StartupPrograms%\spysheriff
  • %StartMenu%\spysheriff
  • %StartMenu%\programs\spytrooper
  • %StartMenu%\programs\spysheriff
  • %ProgramFiles%\spywareno
  • %ProgramFiles%\spytrooper
  • %ProgramFiles%\spysheriff
  • %Desktop%\spysheriff
  • %StartupPrograms%\pesttrap

Registry Entries

  • Key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
  • Value: Windows installer
  • Data:
  • Key: HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components
  • Value: GeneralFlags
  • Data: 0
  • Key: HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
  • Value: {9EAC0102-5E61-2312-BC2D-4D54434D5443}
  • Data:
  • Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\search toolbar
  • Value:
  • Data:
  • Key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
  • Value: Wallpaper
  • Data:
  • Key: HKEY_CURRENT_USER\software\sno
  • Value:
  • Data:
  • Key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
  • Value: SNInstall
  • Data:
  • Key: HKEY_CURRENT_USER\software\microsoft\internet explorer\explorer bars\{c4ee31f3-4768-11d2-be5c-00a0c9a83da1}\filesnamedmru
  • Value: 002
  • Data:
  • Key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
  • Value: PestTrap
  • Data:
  • Key: HKEY_CURRENT_USER\software\pesttrap
  • Value:
  • Data:
  • Key: HKEY_CURRENT_USER\software\sno2
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\typelib\{a9100647-b9dc-4014-b817-0fc2b4da1954}
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\interface\{c769f1ab-f79e-4986-a93d-0a1bd73a87c2}
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\interface\{93930cac-9c69-4dd2-96f0-8e03d9acaf41}
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\interface\{546a077b-f185-4ee4-b404-8a1c91a68811}
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\clsid\{a313f723-15e1-42d7-9e62-a40f345cd1c6}
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\clsid\{8d64d793-202c-4875-804a-8e5d7f9961c5}
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\clsid\{70d9476c-395a-49a0-ac06-92036f4e8d37}
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\winapi32.intelinks
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\winapi32.mybaner
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\winapi32.mybho
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\clsid\{b439d5eb-0a61-4ed9-8c8f-ec4148bb23f7}
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\clsid\{c619394d-ae6f-4497-b49d-78fd76f9c986}
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\clsid\{e9320efc-c75c-432c-8c51-86618c6f3952}
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\interface\{22ee8551-9a23-453b-9781-fe1779b648fc}
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\interface\{719bf238-e903-4772-bdb0-7da94e827825}
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\interface\{b82fb09b-a4f6-4fc2-8c42-e203c1b826a3}
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\typelib\{c64e8dda-443e-47d7-bffe-b23524dbfe05}
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\clsid\{06cc1b18-42fa-41b8-91a9-d3e3a848c7a8}
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\clsid\{ec935945-f1fd-4ee4-9115-fb32ce93f34f}
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\clsid\{f6b66174-7e95-46db-b22f-e437a57d05ba}
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\interface\{81f45473-c33c-4c63-ac30-711766cc1cfb}
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\interface\{b7fa6355-91e2-47e1-9ccb-4a77bd13b990}
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\interface\{cfe4b6ac-5ce3-4432-a7a1-0fe11110c3b6}
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\typelib\{d00648ac-d6ca-463b-bf40-3292bbba31fd}
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\balloon.application
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\clsid\{1ca7dbaf-b066-4554-977e-5cebb7fa59c8}
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\clsid\{786c369d-409a-456f-a13c-971eada850c6}
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\clsid\{9eac0102-5e61-2312-bc2d-4d54434d5443}
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\tubby.toolbandobj
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\tubby.toolbandobj.1
  • Value:
  • Data:
  • Key: HKEY_CLASSES_ROOT\typelib\{9eac0102-5e61-2312-bc2b-4d54434d5443}
  • Value:
  • Data:
  • Key: HKEY_CURRENT_USER\software\spywareno
  • Value:
  • Data:
  • Key: HKEY_CURRENT_USER\software\spytrooper
  • Value:
  • Data:
  • Key: HKEY_CURRENT_USER\software\spysheriffpolicies "process security"
  • Value: Process Security
  • Data:
  • Key: HKEY_CURRENT_USER\software\spysheriff
  • Value:
  • Data:
  • Key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
  • Value: SpywareNo
  • Data:
  • Key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
  • Value: SpySheriff
  • Data:
  • Key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
  • Value: SpyTrooper
  • Data:
  • Key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\sessioninfo\0000000000009611
  • Value:
  • Data:
  • Key: HKEY_CURRENT_USER\software\mtc mtc
  • Value:
  • Data:
  • Key: HKEY_CURRENT_USER\software\pesttrap\process security\policies\allowed
  • Value: C:\Program Files\PestTrap\PestTrap.exe
  • Data:
  • Key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer
  • Value: ClassicShell
  • Data: 0
  • Key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer
  • Value: ForceActiveDesktopOn
  • Data: 1
  • Key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer
  • Value: NoActiveDesktop
  • Data: 0
  • Key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer
  • Value: NoDeletingComponents
  • Data: 0
  • Key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\activedesktop
  • Value: NoAddingComponents
  • Data: 0
  • Key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\activedesktop
  • Value: NoChangingWallpaper
  • Data: 0
  • Key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\activedesktop
  • Value: NoComponents
  • Data: 0
  • Key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\activedesktop
  • Value: NoEditingComponents
  • Data: 0
  • Key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\activedesktop
  • Value: NoHTMLWallPaper
  • Data: 0
  • Key: HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\general
  • Value: ComponentsPositioned
  • Data: 2
  • Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spywareno!
  • Value:
  • Data:
  • Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spytrooper
  • Value:
  • Data:
  • Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spysheriff
  • Value:
  • Data:
  • Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spy sheriff
  • Value:
  • Data:
  • Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{a313f723-15e1-42d7-9e62-a40f345cd1c6}
  • Value:
  • Data:
  • Key: HKEY_LOCAL_MACHINE\software\microsoft\eventsystem\{26c409cc-ae86-11d1-b616-00805fc79216}\subscriptions\{fe3b9e2e-8063-4592-b1cc-cf0b21a9821e}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
  • Value: Active
  • Data:
  • Key: HKEY_LOCAL_MACHINE\software\microsoft\eventsystem\{26c409cc-ae86-11d1-b616-00805fc79216}\subscriptions\{c16d6dbb-a3b5-40a2-a32b-298fe369a388}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
  • Value: Active
  • Data:
  • Key: HKEY_LOCAL_MACHINE\software\microsoft\eventsystem\{26c409cc-ae86-11d1-b616-00805fc79216}\subscriptions\{99fe3dca-f335-4c28-9f49-6e674c70db93}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
  • Value: Active
  • Data:
  • Key: HKEY_LOCAL_MACHINE\software\microsoft\eventsystem\{26c409cc-ae86-11d1-b616-00805fc79216}\subscriptions\{845c7a97-5dc9-4338-8a00-494cc5469d58}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
  • Value: Active
  • Data:
  • Key: HKEY_LOCAL_MACHINE\software\microsoft\eventsystem\{26c409cc-ae86-11d1-b616-00805fc79216}\subscriptions\{82a1aeb0-6ba9-40c6-8e90-d11e60ae73fe}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
  • Value: Active
  • Data:
  • Key: HKEY_LOCAL_MACHINE\software\microsoft\eventsystem\{26c409cc-ae86-11d1-b616-00805fc79216}\subscriptions\{72ab74e7-bf1a-4a6e-9d0c-92756996d16a}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
  • Value: Active
  • Data:
  • Key: HKEY_LOCAL_MACHINE\software\microsoft\eventsystem\{26c409cc-ae86-11d1-b616-00805fc79216}\subscriptions\{58ed8800-6ada-4052-b12c-99bbe4578607}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
  • Value: Active
  • Data:
  • Key: HKEY_LOCAL_MACHINE\software\microsoft\eventsystem\{26c409cc-ae86-11d1-b616-00805fc79216}\subscriptions\{4be1fae0-8475-43a1-87c5-a93046818f12}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
  • Value: Active
  • Data:
  • Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{b439d5eb-0a61-4ed9-8c8f-ec4148bb23f7}
  • Value:
  • Data:
  • Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pesttrap
  • Value:
  • Data:
  • Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spy trooper
  • Value:
  • Data:
  • Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9eac0102-5e61-2312-bc2d-4d54434d5443}
  • Value:
  • Data:
  • Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
  • Value: {786C369D-409A-456f-A13C-971EADA850C6}
  • Data:
  • Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
  • Value: FHAPage
  • Data:
  • Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pest trap
  • Value:
  • Data:
  • Key: HKEY_CURRENT_USER\control panel\desktop
  • Value: WallpaperStyle
  • Data: 2
  • Key: HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\general
  • Value: WallpaperStyle
  • Data: 2
  • Key: HKEY_LOCAL_MACHINE\software\microsoft\wbem\transports\decoupled\server
  • Value: CreationTime
  • Data:
  • Key: HKEY_LOCAL_MACHINE\software\microsoft\wbem\transports\decoupled\server
  • Value: MarshaledProxy
  • Data:
  • Key: HKEY_LOCAL_MACHINE\software\microsoft\wbem\transports\decoupled\server
  • Value: ProcessIdentifier
  • Data:
  • Key: HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\desktop\general
  • Value: WallpaperFileTime
  • Data:
  • Key: HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\desktop\general
  • Value: WallpaperLocalFileTime
  • Data: