Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.



12 October 2006
Risk Impact:
Systems Affected:


Spyware.ScreenView is a spyware program that monitors user activity on computers in a local area network.

Antivirus Protection Dates

  • Initial Rapid Release version 02 October 2014 revision 022
  • Latest Rapid Release version 07 April 2017 revision 004
  • Initial Daily Certified version 12 October 2006
  • Latest Daily Certified version 07 April 2017 revision 008
  • Initial Weekly Certified release date 18 October 2006
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Spyware.ScreenView is a spyware program that monitors user activity on computers in a local area network.

When the risk is executed, it may create the following files:
%UserProfile%\Start Menu\Programs\ScreenView\ScreenView.LNK

The risk then creates the following registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ScreenView.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST6UNST #1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\ScreenView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SvrMgr.exe
HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\ScreenView

The risk creates the following registry entry so that it is executed every time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"ScreenView" = "%ProgramFiles%\ScreenView\ScreenView"

The risk also creates the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\"svrmgr.exe" = "1"

The risk contains a client component, which is installed on the computers to be monitored. A server component then monitors the client components and may allow the following actions to be performed on the monitored computers:
Capture screenshots
Log keystrokes
Execute and terminate programs