Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Spyware.Spy-Guard

Spyware.Spy-Guard

Updated:
16 February 2006
Risk Impact:
High
Systems Affected:
Windows

Behavior

Spyware.Spy-Guard is a spyware program that logs keystrokes and monitors user activity, such as Web sites visited. It can also block specific sites.

Antivirus Protection Dates

  • Initial Rapid Release version 02 October 2014 revision 022
  • Latest Rapid Release version 07 May 2019 revision 006
  • Initial Daily Certified version 16 February 2006
  • Latest Daily Certified version 07 May 2019 revision 008
  • Initial Weekly Certified release date 15 February 2006
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Spyware.Spy-Guard is a spyware program that logs keystrokes and monitors user activity, such as Web sites visited. It can also block specific sites.

When Spyware.Spy-Guard is installed, it creates the following files:
%CurrentFolder%\MSFLXGRD.OCX (This is a non-malicious component that may be used by other applications.)
%CurrentFolder%\TABCTL32.ocx (This is a non-malicious component that may be used by other applications.)
%CurrentFolder%\MSSTDFMT.DLL (This is a non-malicious component that may be used by other applications.)
%CurrentFolder%\MSVBVM60.DLL (This is a non-malicious component that may be used by other applications.)
%CurrentFolder%\STDFTFR.DLL (This is a non-malicious component that may be used by other applications.)
%CurrentFolder%\STDOLE2.TLB (This is a non-malicious component that may be used by other applications.)
%CurrentFolder%\svcmon.exe
%CurrentFolder%\setup.bat
%CurrentFolder%\Installation.txt
%CurrentFolder%\license_condition d'utilisation.txt
%System%\esys.dll
%System%\Flxgdfr.dll (This is a non-malicious component that may be used by other applications.)
%System%\Msflxgrd.ocx (This is a non-malicious component that may be used by other applications.)
%System%\Msstdfmt.dll (This is a non-malicious component that may be used by other applications.)
%System%\stdftfr.dll (This is a non-malicious component that may be used by other applications.)
%System%\Tabctfr.dll (This is a non-malicious component that may be used by other applications.)
%System%\Tabctl32.ocx (This is a non-malicious component that may be used by other applications.)
%System%\Vb6fr.dll (This is a non-malicious component that may be used by other applications.)
%System%\Vb6stkit.dll (This is a non-malicious component that may be used by other applications.)

The risk then creates the following folders:
%CurrentFolder%\win_95_98
%CurrentFolder%\win2000
%CurrentFolder%\win_me
%CurrentFolder%\win_xp

Next, the risk creates the following registry entry, so that it runs every time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"svcmon" = "%CurrentFolder%\svcmon.exe"

The risk also creates numerous legitimate registry entries associated with the non-malicious components mentioned above that are installed by it.

The risk then logs keystrokes and monitors user activity, such as Web sites visited.

This risk also has the functionality to block access to specific Web sites.
Writeup By: SpyGuard