.: CyberSpy 1.3 (a) :.
- Coded by: Ghirai
- Version: CyberSpy 1.3 (a)
- Coded in: Visual Basic
- Family: CyberSpy
- Category: Remote Access
Server: dropped file: C:\WINDOWS\SYSTEM\~Cab001.exe size: 47 and 49 KB port: 38742 TCP startup: HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Regcheck" HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices "Regcheck" c:\windows\win.ini, "load"
-the files 'Install.exe' and '~Install.exe' are a little different: -both are servers, but '~Install.exe' also kills from memory/uninstalls some firewalls and A-Virus programs... -that's the only difference. -you'll probably need the vb6 runtimes and mswinsck.ocx in your Windows\System folder (check altavista, etc.) Ghirai.
URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at firstname.lastname@example.org, thank you in advance.