McAfee > Theat Center > PUP Detail Page

Characteristics

This detection is for a potentially unwanted program (PUP). It is not a virus or trojan.

It is a Spyware program, intended to log keystrokes and URLs of webpages that the user visits. It also logs the applications which were executed on the system.

It can be installed in visible or stealth mode. During the visible mode of operation the startup program icon is visible on the desktop and the "Boss Everyware 2" menu entry is visible under the Start Menu. When in stealth mode it is not visible.

Installation

The following Registry key(s) is/are added to hook system startup:

• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
  Run   "SysWsa32" = %Sysdir%\WSA32.EXE

The following Registry keys are added for the spyware operation:

• HKEY_CURRENT_USER\Software\Jmerik
• HKEY_CLASSES_ROOT\.ber
• HKEY_CLASSES_ROOT\.dbf
• HKEY_CLASSES_ROOT\.dsv
• HKEY_CLASSES_ROOT\.elt
• HKEY_CLASSES_ROOT\BER
• HKEY_CLASSES_ROOT\DBF
• HKEY_CLASSES_ROOT\DSV
• HKEY_CLASSES_ROOT\ELT
• HKEY_LOCAL_MACHINE\SOFTWARE\Jmerik
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
  CurrentVersion\App Paths\beconfig.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
  CurrentVersion\App Paths\bewrep.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
  CurrentVersion\App Paths\WSA32.EXE
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
  CurrentVersion\Uninstall\Boss Everyware 2.8_is1

Creates a folder in the Windows System Directory:

•  %SysDir%\Wsa32

Creates a menu sub-item named "Boss Everyware 2" under the "Programs" folder within the Start Menu.

Users who would like to check for the presence of potentially unwanted programs on their system should run the command line scanner with the /PROGRAM switch. Please note that VirusScan 7, and higher, has an option that enables users to detect this kind of program automatically (see below).

Removal

Aliases

Aliases

N/A