Spyware.SniperSpy

Spyware.SniperSpy

Updated:
15 June 2006
Risk Impact:
High
Systems Affected:
Windows

Behavior

Spyware.SniperSpy is a Spyware program that logs keystrokes and other system activity.

Antivirus Protection Dates

  • Initial Rapid Release version 02 October 2014 revision 022
  • Latest Rapid Release version 23 March 2017 revision 037
  • Initial Daily Certified version 14 June 2006
  • Latest Daily Certified version 23 March 2017 revision 041
  • Initial Weekly Certified release date 14 June 2006
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Spyware.SniperSpy is a spyware program that monitors and records keystrokes, instant message conversations, Web sites visited, file/folder changes and applications used. Spyware.SniperSpy also takes periodic screen shots.

When the program is executed, it creates the following files:
%SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\SniperSpy\License Agreement.lnk
%SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\SniperSpy\Remove SniperSpy.lnk
%SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\SniperSpy\SniperSpy Configuration.lnk
%SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\SniperSpy\Visit SniperSpy.Com.lnk
%ProgramFiles%\registry\IShellLink.tlb
%ProgramFiles%\registry\kbrhook.dll
%ProgramFiles%\registry\rec[RANDOM VALUE].log
%ProgramFiles%\registry\regsvc32.exe
%ProgramFiles%\registry\syslog.txt
%ProgramFiles%\registry\unins.exe
%ProgramFiles%\Retina-X Studios\SniperSpy\config.exe
%ProgramFiles%\Retina-X Studios\SniperSpy\config.ini
%ProgramFiles%\Retina-X Studios\SniperSpy\final\ins.exe
%ProgramFiles%\Retina-X Studios\SniperSpy\sniper.url
%ProgramFiles%\Retina-X Studios\SniperSpy\trialeula.txt
%ProgramFiles%\Retina-X Studios\SniperSpy\unins000.dat
%ProgramFiles%\Retina-X Studios\SniperSpy\unins000.exe
%ProgramFiles%\Retina-X Studios\SniperSpy\upx.exe

The program installs the following Microsoft files:
%System%\comdlg32.ocx
%System%\MSINET.OCX

Next the program creates the following registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SniperSpy (Trial)_is1
HKEY_LOCAL_MACHINE\SOFTWARE\kbrhook
HKEY_LOCAL_MACHINE\SOFTWARE\SysMgr

The program monitors and records the following operations:
Keystrokes
Instant message conversations
Web sites visited
File and folder changes
Applications used

The program also takes periodic screen shots.
`