Spyware.Intruder

Spyware.Intruder

Updated:
26 April 2006
Risk Impact:
Medium
Systems Affected:
Windows

Behavior

Spyware.Intruder is a spyware program that monitors and records keystrokes entered along with the computer name and the name of the user logged in when the keystrokes were recorded. It also records applications used and Web sites visited.

Antivirus Protection Dates

  • Initial Rapid Release version 02 October 2014 revision 022
  • Latest Rapid Release version 02 October 2014 revision 022
  • Initial Daily Certified version 23 March 2006
  • Latest Daily Certified version 28 September 2010 revision 036
  • Initial Weekly Certified release date 29 March 2006
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Spyware.Intruder is a spyware program that monitors and records keystrokes entered along with the computer name and the name of the user logged in when the keystrokes were recorded. It also records applications used and Web sites visited.

When Spyware.Intruder is executed, it creates the following files:
%Windir%\system\WINSERVINT32.DLL
%Windir%\system\WINSERVINTP32.DLL
%System%\windowsintd.exe

The security risk then creates the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Currency" = "%System%\windowsintd.exe"

The security risk also creates the following registry subkeys:
HKEY_CLASSES_ROOT\Installer\Features\8DA4D6C4E32D9C7418C6BE77FFD700A9
HKEY_CLASSES_ROOT\Installer\Products\8DA4D6C4E32D9C7418C6BE77FFD700A9
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\1AF3548CD9B0C874BB90DA5F92CE973E
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1AF3548CD9B0C874BB90DA5F92CE973E
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8DA4D6C4E32D9C7418C6BE77FFD700A9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4C6D4AD8-D23E-47C9-816C-EB77FF7D009A}

The risk also creates the following legitimate dlls:
C:\WINDOWS\system32\comdlg32.ocx
C:\WINDOWS\system32\mscomctl.ocx
C:\WINDOWS\system32\msflxgrd.ocx
C:\WINDOWS\system32\mswinsck.ocx
C:\WINDOWS\system32\nView.dll
C:\WINDOWS\system32\Richtx32.ocx
`