123 PC Spy

Description:	Keylogger
Risk Level:	Low
Date of First Occurence:	Friday, May 09, 2008
Software Developer:	(unknown)
Brief Info:	Keyloggers invisibly monitor and record all of your computer activity. This information is then automatically emailed to an anonymous user.
Removal:	This threat can be removed using "Spyware Terminator"

Detected Files: %PROGRAMFILES%\XPCSpy\AppSpy.dll MD5: 767F9B03F0316E765E270F39CC2F385A Size:76288 %PROGRAMFILES%\XPCSPY\XPCSPY.EXE MD5: A8A41796C3848E6273D66A0AF7B34834 Size:406016 %PROGRAMFILES%\XPCSpy\IESpy.dll MD5: BD4041F39B15B1191270B33766434503 Size:187392 %PROGRAMFILES%\XPCSpy\Protector.dll MD5: C1D84247439FA4C59C5B3103567DF345 Size:23040 %PROGRAMFILES%\XPCSpy\unins000.exe MD5: 4430CC72B3A69E91F42043950461FBD1 Size:71588 %PROGRAMFILES%\XPCSpy\KeySpy.dll MD5: 23B94584C38899C3FD8C13F1203699B1 Size:68608 %PROGRAMFILES%\XPCSpy\XPCSpy.exe MD5: 61058ACD4F01DFC261AFBE2FE68BB7CA Size:403456
Detected Files with variable Filenames:

Files by Name %PROGRAMFILES%\XPCSpy\AppSpy.dll %PROGRAMFILES%\XPCSpy\IESpy.dll %PROGRAMFILES%\XPCSpy\KeySpy.dll %PROGRAMFILES%\XPCSpy\Protector.dll %PROGRAMFILES%\XPCSpy\unins000.exe %PROGRAMFILES%\XPCSpy\XPCSpy.exe %START_PROGRAMSALL%\123 XPCSpy\Run XPCSpy.lnk %START_PROGRAMSALL%\123 XPCSpy\Uninstall XPCSpy.lnk %START_PROGRAMSALL%\123 XPCSpy\XPCSpy HomePage.lnk %START_PROGRAMSALL%\123 XPCSpy\XPCSpy Readme.lnk %START_PROGRAMSALL%\123 XPCSpy\XPCSpy User Manual.lnk
Files by MD5 MD5: B1E6B9EC53DB9A644BFEB8FEBAC0EEC4 Size: 1238619
Files by Directories %PROGRAMFILES%\XPCSpy %START_PROGRAMSALL%\123 XPCSpy
Files by CLSID or Name CLSID=51C0A1AB-BBCF-4DDB-BFBA-0B9C4E7E01FA CLSID=B427BF1E-A970-47DA-9BC3-02E8C5EC667D
Registry Keys HKCR\AppSpy.TShellExecuteHook HKCR\IESpy.IESpy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\XPCSpy HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XPCSpy_is1
Registry Values HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ValueName=XPCSpy Start