26 April 2006
Risk Impact:
Systems Affected:


Spyware.ABSystemSpy is a spyware program that monitors user activity, logs keystrokes, and captures screenshots.

Antivirus Protection Dates

  • Initial Rapid Release version 02 October 2014 revision 022
  • Latest Rapid Release version 15 January 2018 revision 020
  • Initial Daily Certified version 13 April 2006
  • Latest Daily Certified version 15 January 2018 revision 024
  • Initial Weekly Certified release date 19 April 2006
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Spyware.ABSystemSpy is a spyware program that monitors user activity, logs keystrokes, and captures screenshots.

When Spyware.ABSystemSpy is first installed, it creates the following files:
%UserProfile%\Start Menu\Programs\SSystem v5.1.1 build 3\AB System Spy v5.1.1.lnk
%UserProfile%\Start Menu\Programs\SSystem v5.1.1 build 3\Install default settings.lnk
%UserProfile%\Start Menu\Programs\SSystem v5.1.1 build 3\License.lnk
%UserProfile%\Start Menu\Programs\SSystem v5.1.1 build 3\Read user manual.lnk
%UserProfile%\Start Menu\Programs\SSystem v5.1.1 build 3\Uninstall AB System Spy v5.1.1 build 3.lnk
%UserProfile%\Start Menu\Programs\SSystem v5.1.1 build 3\Visit Our Website.lnk
%ProgramFiles%\SSystem v5.1.1 build 3\abss.chm
%ProgramFiles%\SSystem v5.1.1 build 3\abss.url
%ProgramFiles%\SSystem v5.1.1 build 3\Administrator\log.htm
%ProgramFiles%\SSystem v5.1.1 build 3\Administrator\[RANDOM].jpg
%ProgramFiles%\SSystem v5.1.1 build 3\defaults.reg
%ProgramFiles%\SSystem v5.1.1 build 3\license.txt
%ProgramFiles%\SSystem v5.1.1 build 3\system.exe
%ProgramFiles%\SSystem v5.1.1 build 3\unins000.dat
%ProgramFiles%\SSystem v5.1.1 build 3\unins000.exe
%ProgramFiles%\AB System Spy v5.1.1 build 3\abss.chm
%ProgramFiles%\AB System Spy v5.1.1 build 3\abss.url
%ProgramFiles%\AB System Spy v5.1.1 build 3\Administrator\log.htm
%ProgramFiles%\AB System Spy v5.1.1 build 3\Administrator\[RANDOM].jpg
%ProgramFiles%\AB System Spy v5.1.1 build 3\defaults.reg
%ProgramFiles%\AB System Spy v5.1.1 build 3\ijl15.dll
%ProgramFiles%\AB System Spy v5.1.1 build 3\license.txt
%ProgramFiles%\AB System Spy v5.1.1 build 3\mswinsck.ocx
%ProgramFiles%\AB System Spy v5.1.1 build 3\sys.exe
%ProgramFiles%\AB System Spy v5.1.1 build 3\unins000.dat
%ProgramFiles%\AB System Spy v5.1.1 build 3\unins000.exe

The risk creates the following files, which may be used by legitimate applications:
%ProgramFiles%\SSystem v5.1.1 build 3\mswinsck.ocx
%ProgramFiles%\SSystem v5.1.1 build 3\ijl15.dll

The risk also creates the following folders:
%UserProfile%\Start Menu\Programs\SSystem v5.1.1 build 3
%ProgramFiles%\AB System Spy v5.1.1 build 3
%ProgramFiles%\SSystem v5.1.1 build 3
%ProgramFiles%\SSystem v5.1.1 build 3\Administrator (This folder may contain numerous randomly named .jpg files which are the images of the screenshots gathered by the risk.)

The risk then creates the following registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AB System Spy v5.1.1 build 3_is1
HKEY_ALL_USERS\Software\VB and VBA Program Settings\SSystem

The risk also creates numerous legitimate registry subkeys associated with the non-malicious components mentioned above that are installed by the risk.

Then the risk creates the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"abss" = "c:\program files\ssystem v5.1.1 build 3\system.exe"

The risk then monitors user activity on the compromised computer, logs keystrokes, and captures screenshots.