Threat Information for "Trojan.Bispy"

Removal Top

StopSign will automatically remove this infection with a paid membership.

Summary Top
  • Name: Trojan.Bispy
  • Aliases:Worm/Rbot.IQ.04, Win32:BiSpy, Adware Generic.FVY, Adware.Serchentrix.A, AdvWare.BiSpy.f, Trojan.SpyBi.B
  • Date Discovered: 2006-08-02
  • Protection Added: 2006-08-16
Description Top 
-- Ease of Removal

1: Uses running processes
2: Consistent file contents
3: Consistently named
4: Creates new registry entries with consistent data
5: Runs as a BHO or shell extension

-- Damage/Intrusion/Annoyance

1: Displays targeted popup advertisements [SPYWARE ONLY]
2: Autoruns at startup without an option to be disabled

-- Propagation/Saturation

1: Creates new files
Technical Details Top
  • Added Directory/File:
    FilePath: %WINDIR%\twtini.inf
  • Added Directory/File:
    FilePath: %TEMPDIR%\thi????.tmp
  • Added Directory/File:
    FilePath: %TEMPDIR%\twtini.cab
  • Added Directory/File:
    FilePath: %WINDIR%\preIns??.exe
  • Added Directory/File:
    FilePath: %WINDIR%\mxtarget.dll
  • Added Directory/File:
    FilePath: %TEMPDIR%\twtini.cab
  • Added Directory/File:
    FilePath: %WINDIR%\bi.dll
  • Added Directory/File:
    FilePath: %WINDIR%\lastgood\inf\twtini.inf
  • Added Directory/File:
    FilePath: %TEMPDIR%\thi????.tmp
  • Added Directory/File:
    FilePath: %TEMPDIR%\twaintec.ini
  • Added Directory/File:
    FilePath: %WINDIR%\alchem.exe
  • Added Directory/File:
    FilePath: %WINDIR%\preIns??.exe
  • Added Directory/File:
    FilePath: %TEMPDIR%\twtini.inf
  • Added Directory/File:
    FilePath: %WINDIR%\twaintech.dll
  • Added Directory/File:
    FilePath: %TEMPDIR%\preIns??.exe
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\twaintec.dll
  • Added Directory/File:
    FilePath: %WINDIR%\inf\twaintec.inf
  • Added Directory/File:
    FilePath: %WINDIR%\bdl24126.exe
  • Added Directory/File:
    FilePath: %TEMPDIR%\bi_pro.exe
  • Added Directory/File:
    FilePath: %TEMPDIR%\bi_prob.exe
  • Added Directory/File:
    FilePath: %WINDIR%\inf\twtini.inf
  • Added Directory/File:
    FilePath: %TEMPDIR%\preIns??.exe
  • Added Directory/File:
    FilePath: %TEMPDIR%\dummy.htm
  • Added Registry Key:
    Key: HKCR\CLSID\{000020DD-C72E-4113-AF77-DD56626C6C42}
  • Added Registry Key:
    Key: HKLM\%CURRENTVERSIONREG%\App Management\ARPCache\twaintec
  • Added Registry Key:
    Key: HKCR\Typelib\{11CC62B2-65F2-4A82-B332-5DE4E8384422}
  • Added Registry Key:
    Key: HKCR\%BHOREG%\{11CC62B2-65F2-4A82-B332-5DE4E8384422}
  • Added Registry Key:
    Key: HKCR\Typelib\{000020dd-c72e-4113-af77-dd56626c6c42}
  • Added Registry Key:
    Key: HKCR\%BHOREG%\{000020DD-C72E-4113-AF77-DD56626C6C42}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\CLSID\{0000607d-d204-42c7-8e46-216055bf9918}
  • Added Registry Key:
    Key: HKLM\%BHOREG%\{0000607D-D204-42C7-8E46-216055BF9918}
  • Added Registry Key:
    Key: HKCR\CLSID\{11CC62B2-65F2-4A82-B332-5DE4E8384422}
  • Added Registry Key:
    Key: HKLM\%CURRENTVERSIONREG%\Uninstall\twaintec
  • Added Registry Key:
    Key: HKCR\TwaintecDll.TwaintecDllObj.1
  • Added Registry Key:
    Key: HKCR\CLSID\{0000607d-d204-42c7-8e46-216055bf9918}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\twaintec
  • Added Registry Key:
    Key: HKCR\Typelib\{0000607d-d204-42c7-8e46-216055bf9918}
  • Added Registry Key:
    Key: HKCR\%BHOREG%\{0000607D-D204-42C7-8E46-216055BF9918}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\CLSID\{11CC62B2-65F2-4A82-B332-5DE4E8384422}
  • Added Registry Key:
    Key: HKLM\%BHOREG%\{11CC62B2-65F2-4A82-B332-5DE4E8384422}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\CLSID\{000020dd-c72e-4113-af77-dd56626c6c42}
  • Added Registry Key:
    Key: HKLM\%BHOREG%\{000020DD-C72E-4113-AF77-DD56626C6C42}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\TwaintecDll.TwaintecDllObj.1
  • Added Registry Value:
    Key: HKLM\SYSTEM\LastKnownGoodRecovery\LastGood Value: INF/twaintec
  • Added Registry Value:
    Key: HKLM\%CURRENTVERSIONREG%\Run Value: alchem
  • Added Registry Value:
    Key: HKLM\SYSTEM\LastKnownGoodRecovery\LastGood Value: INF/twtini.
  • Added Registry Data:
    Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: preInsbi.exe
  • Added Registry Data:
    Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\biM.exe
  • Added Registry Data:
    Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\biS.exe
  • Added Registry Data:
    Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\biprep.exe
  • Added Registry Data:
    Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\biO.exe
  • Added Registry Data:
    Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\biT.exe