Threat Information for "Trojan.EmailSpy"
| Description | Top |
-- Ease of Removal 1: Uses running processes 2: Runs as a service 3: Consistently named 4: Consistent file contents 5: File names randomly generated from a hard-coded list -- Privacy Risks/Security Changes 1: Mimics legitimate file names -- Damage/Intrusion/Annoyance 1: Significantly slows down the computer 2: Creates new files -- Propagation/Saturation 1: Infects from a link in an email 2: Infects from an email attachment 3: Installed by other infections
| Technical Details | Top |
- Added Directory/File:
FilePath: %SYSTEMDIR%\wpcap.dll - Added Directory/File:
FilePath: %SYSTEMDIR%\pthreadVC.dll - Added Directory/File:
FilePath: %SYSTEMDIR%\drivers\npf.sys - Added Directory/File:
FilePath: %SYSTEMDIR%\WanPacket.dll - Added Directory/File:
FilePath: %SYSTEMDIR%\Packet.dll - Added Registry Key:
Key: HKU\S-*\Software\Microsoft\WPCEmail* - Added Registry Key:
Key: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NPF - Added Registry Key:
Key: HKCU\Software\Microsoft\WPCEmail* - Added Registry Key:
Key: HKLM\SYSTEM\CurrentControlSet\Services\NPF - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: Microsoft WPCEmail
