Content

Spyware-SnoopST

Type
Program
SubType
Spyware
Discovery Date
06/14/2007
Minimum DAT
5053 (06/14/2007)
Updated DAT
5315 (06/11/2008)
Minimum Engine
5.1.00
Description Added
06/14/2007
Description Modified
06/14/2007 3:33 AM (PT)

Tab Navigation

Characteristics

McAfee(R) Avert recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application.

If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

For information on how to enable, disable, and exclude detection of legitimately installed programs please visit:

http://vil.nai.com/vil/pups/configuration.htm

Summary:

This detection is for a potentially unwanted program which is capable of tracking the user activity on an installed computer.

Given below is a brief list of monitored activity:

  • Websites visited
  • Instant messenger converstaions (Yahoo, MSN, AIM, etc.)
  • Email activity
  • Running applications

Apart from this, the program is also capable of the following:

  • Taking screenshots of the user's desktop
  • Block access to social networking sites (Myspace, Xanga, Facebook, etc.)
  • Restricting user access to specific websites
  • Restricting user access to the Internet

The above mentioned monitoring activity is done in stealth mode, and the user is not given any indication about this program running. This application also modifies the Windows LSP stack, so it can monitor network activity.

Installation:

This program comes installed on a USB flash drive. When this flash drive is plugged into a computer, the program can be installed on it. When installed, the following are the files that are dropped on the computer:

  • %UserProfile%\Application Data\{67E71F41-70D9-4823-8EC0-78BC232B5E7A}
  • %UserProfile%\Application Data\{67E71F41-70D9-4823-8EC0-78BC232B5E7A}\instance.dat
  • %UserProfile%\Application Data\{67E71F41-70D9-4823-8EC0-78BC232B5E7A}\mia.dll
  • %UserProfile%\Application Data\{67E71F41-70D9-4823-8EC0-78BC232B5E7A}\SnoopStick.dat
  • %UserProfile%\Application Data\{67E71F41-70D9-4823-8EC0-78BC232B5E7A}\SnoopStick.exe
  • %UserProfile%\Application Data\{67E71F41-70D9-4823-8EC0-78BC232B5E7A}\SnoopStick.msi
  • %UserProfile%\Application Data\{67E71F41-70D9-4823-8EC0-78BC232B5E7A}\SnoopStick.par
  • %UserProfile%\Application Data\{67E71F41-70D9-4823-8EC0-78BC232B5E7A}\SnoopStick.res
  • %WinDir%\CSSSUpd.exe
  • %WinDir%\CSSSWD.exe
  • %WinDir%\sqlite3.dll
  • %WinDir%\SSCRG.exe
  • %WinDir%\SSDGT.exe
  • %WinDir%\SSLS.exe
  • %WinDir%\SSMsgr.exe
  • %WinDir%\Installer\d7e155.msi
  • %WinDir%\system32\mslspcg.exe
  • %WinDir%\system32\smdnn05.dll
  • %WinDir%\system32\SpOrder.Dll
  • %WinDir%\system32\logs\ClientSSFileUpdater.txt
  • %WinDir%\system32\logs\CSSSWDDbgLog.txt
  • %WinDir%\system32\logs\Other[Time Stamp].log
  • %WinDir%\system32\logs\SSDbgLog.txt
  • %WinDir%\system32\logs\Web[Time Stamp].log

This program also creates a registry run entry as defined by the user, so it can run at system startup.

Screenshots:

 


 

Aliases

Aliases

  • Spyware.SnoopStick (Symantec)