ViRobot/HAURI

有害可能なプログラム
Monitor.007SpySoft.1246154
種類
Monitor
危険度/拡散度
/
発見日
[korea] 2009-01-09 [Foreign] 0000-00-00
Virobot対応
2009-1-9 [Able to detect & repair]

[Monitor.007SpySoft.1246154] is a monitoring program that shows the user information of installed system.

This program monitors below five items and it saves as each file and image.

 - Keystrokes Log
 - WebSites Log
 - Application Log
 - Screenshots Log
 - File/FolderS Log

Settings of [007 Spy Software]


1. Keyboard stroke monitoring





2. Website connection monitoring

 



3. Application usage monitoring




4. Screen monitoring









5. File/Folder copy or delete monitoring





[Monitor.007SpySoft.1246154] is using various normal Windows system file and registry so, you should be very careful when you delete it.


< URL >
http://www.(   )-software.com/spy_software.htm

< Files >
[Monitor.007SpySoft.1246154] generates following files.
(Program folder)\Common Files\Microsoft Shared\DAO\ssdata\Apps.dat
(Program folder)\Common Files\Microsoft Shared\DAO\ssdata\kys.dat
(Program folder)\Common Files\Microsoft Shared\DAO\ssdata\lgstat.ini
(Program folder)\Common Files\Microsoft Shared\DAO\ssdata\scr.dat
(Program folder)\Common Files\Microsoft Shared\DAO\svchost.exe
(System folder)\COMCTL32.OCX
(System folder더)\ijl11pro.DLL
(System folder)\MSINET.OCX
(System folder)\VB5STKIT.DLL
(Windows folder)\winhelp.ini

< Registry >
[Monitor.007SpySoft.1246154] generates following files.
HKLM\SOFTWARE\Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}
HKLM\SOFTWARE\Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}
HKLM\SOFTWARE\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}
HKLM\SOFTWARE\Classes\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}
HKLM\SOFTWARE\Classes\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}
HKLM\SOFTWARE\Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}
HKLM\SOFTWARE\Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}
HKLM\SOFTWARE\Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}
HKLM\SOFTWARE\Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}
HKLM\SOFTWARE\Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}
HKLM\SOFTWARE\Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}
HKLM\SOFTWARE\Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}
HKLM\SOFTWARE\Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}
HKLM\SOFTWARE\Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}
HKLM\SOFTWARE\Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}
HKLM\SOFTWARE\Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}
HKLM\SOFTWARE\Classes\Interface\{0713E451-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E791-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8A0-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8A1-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8A3-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8A4-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8A5-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8A7-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8AE-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8AF-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8B0-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8B1-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8D0-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E8D1-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E944-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{0713E953-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}
HKLM\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}
HKLM\SOFTWARE\Classes\Interface\{2C787A50-E01C-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{2C787A52-E01C-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{373FF7F1-EB8B-11CD-8820-08002B2F4F5A}
HKLM\SOFTWARE\Classes\Interface\{373FF7F2-EB8B-11CD-8820-08002B2F4F5A}
HKLM\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}
HKLM\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}
HKLM\SOFTWARE\Classes\Interface\{58DA8D8B-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{58DA8D8C-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{58DA8D90-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{58DA8D91-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{58DA8D94-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{58DA8D95-9D6A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{612A8625-0FB3-11CE-8747-524153480004}
HKLM\SOFTWARE\Classes\Interface\{612A8626-0FB3-11CE-8747-524153480004}
HKLM\SOFTWARE\Classes\Interface\{6B7E6390-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{6B7E6391-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\Interface\{6E1B5150-DB62-11D0-A0D8-0080C7E7B78D}
HKLM\SOFTWARE\Classes\Interface\{7791BA40-E020-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{7791BA42-E020-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{7791BA50-E020-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{7791BA52-E020-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{7791BA60-E020-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{7791BA62-E020-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{8556BCD0-E01E-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{8556BCD2-E01E-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{9ED94441-E5E8-101B-B9B5-444553540000}
HKLM\SOFTWARE\Classes\Interface\{9ED94442-E5E8-101B-B9B5-444553540000}
HKLM\SOFTWARE\Classes\Interface\{BF877890-E026-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{BF877892-E026-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{BF877894-E026-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{BF877896-E026-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{E6E17E80-DF38-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{E6E17E82-DF38-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{E6E17E84-DF38-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{E6E17E86-DF38-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{E6E17E88-DF38-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{E6E17E8A-DF38-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{E6E17E8C-DF38-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{E6E17E8E-DF38-11CF-8E74-00A0C90F26F8}
HKLM\SOFTWARE\Classes\Interface\{EC0AB1C0-6CAB-11CF-8998-00AA00688B10}
HKLM\SOFTWARE\Classes\Interface\{F4D83600-895E-11D0-B0A6-000000000000}
HKLM\SOFTWARE\Classes\Interface\{F4D83601-895E-11D0-B0A6-000000000000}
HKLM\SOFTWARE\Classes\Interface\{F4D83602-895E-11D0-B0A6-000000000000}
HKLM\SOFTWARE\Classes\Interface\{F4D83603-895E-11D0-B0A6-000000000000}
HKLM\SOFTWARE\Classes\Interface\{F4D83604-895E-11D0-B0A6-000000000000}
HKLM\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}
HKLM\SOFTWARE\Classes\TypeLib\{6B7E6392-850A-101B-AFC0-4210102A8DA7}
HKLM\SOFTWARE\Classes\COMCTL.ImageListCtrl
HKLM\SOFTWARE\Classes\COMCTL.ImageListCtrl.1
HKLM\SOFTWARE\Classes\COMCTL.ListViewCtrl
HKLM\SOFTWARE\Classes\COMCTL.ListViewCtrl.1
HKLM\SOFTWARE\Classes\COMCTL.ProgCtrl
HKLM\SOFTWARE\Classes\COMCTL.ProgCtrl.1
HKLM\SOFTWARE\Classes\COMCTL.SBarCtrl
HKLM\SOFTWARE\Classes\COMCTL.SBarCtrl.1
HKLM\SOFTWARE\Classes\COMCTL.Slider
HKLM\SOFTWARE\Classes\COMCTL.Slider.1
HKLM\SOFTWARE\Classes\COMCTL.TabStrip
HKLM\SOFTWARE\Classes\COMCTL.TabStrip.1
HKLM\SOFTWARE\Classes\COMCTL.Toolbar
HKLM\SOFTWARE\Classes\COMCTL.Toolbar.1
HKLM\SOFTWARE\Classes\COMCTL.TreeCtrl
HKLM\SOFTWARE\Classes\COMCTL.TreeCtrl.1
HKLM\SOFTWARE\Classes\InetCtls.Inet
HKLM\SOFTWARE\Classes\InetCtls.Inet.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows LSASS Service: "(program folder)\Common Files\Microsoft Shared\DAO\svchost.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\system32\ijl11pro.DLL: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\system32\VB5STKIT.DLL: 0x00000001

[How to repair]


1. If you are WinXP/ME users, please be inactivate System Recovery Function.
The reason why being inactivate of the system recovery is to clean the virus completely.
You can refer to MS technical documents(Q263455) for more details.


2. Update the engine module for the latest one.
To repair this virus, you need to update the engine for the latest one.


a. ViRobot products users
-Download the latest engine files via our website (www.hauri.net)


b. Non-ViRobot products users
- Use the LiveCall (Free Scan) via the website (http://www.livecall.co.kr)
- Use the trial version of ViRobot products (30days only)


3. How to scan the virus.


a. Run your ViRobot, and choose all files in scan option.
- ViRobot Desktop 5.x : [Tools] -> [Configuration] -> [Spyware/Adware Scan] : Check all files
- LiveCall (Free Scan) : [Advanced Scan] : Check


b. Repair all viruses detected.