Saturday, March 20, 2010

activity monitor

Description: Activity Monitor is a monitoring tool. It monitors a remote computer's activities. Very intrusive and can monitor files within programs. None of your work is shielded especially since this program monitors across a network. Commercial product.

Malware Threat

activity monitor

Directories

C:\Program Files\AMSys
C:\Documents and Settings\All Users\Local Settings\AM
C:\Documents and Settings\user-account-name\Start Menu\Programs\Activity Monitor
C:\Program Files\Activity Monitor
C:\Documents and Settings\All Users\Start Menu\Programs\Activity Monitor
C:\Program Files\Activity Monitor\Templates
C:\Program Files\Activity Monitor\Microsoft.VC80.CRT

Files

C:\Windows\winam.dat
C:\Program Files\AMSys\slgr.dll
C:\Program Files\AMSys\guid.dat
C:\Documents and Settings\user-account-name\Desktop\Activity Monitor.lnk
C:\Program Files\AMSys\swsys.exe
C:\Program Files\AMSys\ijl15.dll
C:\Program Files\AMSys\mfc42.dll
C:\Program Files\AMSys\awmsg.dat
C:\Program Files\AMSys\msvcrt.dll
C:\Program Files\AMSys\swkbhk.dll
C:\Program Files\AMSys\swmain.dll
C:\Program Files\AMSys\amaware.dll
C:\Program Files\AMSys\unins000.dat
C:\Program Files\AMSys\unins000.exe
C:\Program Files\AMSys\unis000.exe
C:\Program Files\AMSys\winam.dat
C:\Program Files\AMSys\dconsole.dll
C:\Documents and Settings\All Users\Local Settings\amprm.dat
C:\Documents and Settings\All Users\Local Settings\awmsg.dat
C:\Documents and Settings\All Users\Local Settings\winam.dat
C:\Documents and Settings\All Users\Local Settings\amguid.dat
C:\Program Files\Activity Monitor\opn.dat
C:\Program Files\Activity Monitor\list.dat
C:\Program Files\Activity Monitor\buyam.url
C:\Program Files\Activity Monitor\ijl15.dll
C:\Program Files\Activity Monitor\mfc42.dll
C:\Program Files\Activity Monitor\dpexec.exe
C:\Program Files\Activity Monitor\LogExp.dll
C:\Program Files\Activity Monitor\msvcrt.dll
C:\Program Files\Activity Monitor\README.TXT
C:\Program Files\Activity Monitor\AMHelp.chm
C:\Program Files\Activity Monitor\license.txt
C:\Program Files\Activity Monitor\unins000.dat
C:\Program Files\Activity Monitor\unins000.exe
C:\Program Files\Activity Monitor\swatcher.exe
C:\Program Files\Activity Monitor\IPHelper.dll
C:\Program Files\Activity Monitor\dconsole.dll
C:\Program Files\Activity Monitor\amagent37.exe
C:\Program Files\Activity Monitor\amonitort.url
C:\Program Files\Activity Monitor\BCGCBPRO675.dll
C:\Documents and Settings\user-account-name\Start Menu\Programs\Activity Monitor\Activity Monitor.lnk
C:\Program Files\Activity Monitor\Templates\log.xls
C:\Program Files\Activity Monitor\Templates\url.html
C:\Program Files\Activity Monitor\Templates\delim.csv
C:\Program Files\Activity Monitor\Templates\head.html
C:\Program Files\Activity Monitor\Templates\last.html
C:\Program Files\Activity Monitor\Templates\header.csv
C:\Program Files\Activity Monitor\Templates\first.html
C:\Program Files\Activity Monitor\Templates\logrec.html
C:\Program Files\Activity Monitor\Templates\bottom.html
C:\Documents and Settings\user-account-name\Start Menu\Programs\Activity Monitor\Activity Monitor Help.lnk
C:\Program Files\Activity Monitor\Templates\scrshot.html
C:\Documents and Settings\All Users\Start Menu\Programs\Activity Monitor\Activity Monitor.lnk
C:\Documents and Settings\user-account-name\Start Menu\Programs\Activity Monitor\Activity Monitor website.lnk
C:\Documents and Settings\user-account-name\Start Menu\Programs\Activity Monitor\Purchase Activity Monitor.lnk
C:\Documents and Settings\user-account-name\Start Menu\Programs\Activity Monitor\Uninstall Activity Monitor.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Activity Monitor\Activity Monitor Help.lnk
C:\Program Files\Activity Monitor\Microsoft.VC80.MFC\mfc80.dll
C:\Program Files\Activity Monitor\Microsoft.VC80.MFC\mfc80u.dll
C:\Program Files\Activity Monitor\Microsoft.VC80.MFC\mfcm80.dll
C:\Program Files\Activity Monitor\Microsoft.VC80.MFC\mfcm80u.dll
C:\Program Files\Activity Monitor\Microsoft.VC80.CRT\msvcm80.dll
C:\Program Files\Activity Monitor\Microsoft.VC80.CRT\msvcp80.dll
C:\Program Files\Activity Monitor\Microsoft.VC80.CRT\msvcr80.dll
C:\Documents and Settings\All Users\Start Menu\Programs\Activity Monitor\Activity Monitor website.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Activity Monitor\Purchase Activity Monitor.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Activity Monitor\Uninstall Activity Monitor.lnk
C:\Program Files\Activity Monitor\Microsoft.VC80.MFC\Microsoft.VC80.MFC.manifest
C:\Program Files\Activity Monitor\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
C:\Documents and Settings\user-account-name\Application Data\Microsoft\Internet Explorer\Quick Launch\Activity Monitor.lnk

Registry Keys

HKEY_LOCAL_MACHINE\SOFTWARE\WinL
HKEY_CURRENT_USER\SOFTWARE\BCGPControlBar-157
HKEY_CURRENT_USER\SOFTWARE\BCGPBaseControlBar-157
HKEY_CURRENT_USER\SOFTWARE\SOFTACTIVITY\ACTIVITY MONITOR
HKEY_CURRENT_USER\Software\Deep Software\Activity Monitor
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{142E758E-2AC3-443A-A549-7E6A036285A2}_is1
HKEY_USERS\S-1-5-21-515967899-1220945662-1417001333-1003\Software\Deep Software

Registry Values

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SWClient
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\ExclusionList\swsys.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\PCHealth\ErrorReporting\ExclusionList\swsys.exe

- win32.vb.ateWin32.VB.ate is a backdoor worm that spreads through network shares and allows attackers to access and control over infected computer.
- win32.vb.kuWin32.VB.KU is a downloader trojan that downloads the files from internet and execute them without user's permission.
- win32.vb.ufWin32.VB.UF is a backdoor worm that spreads through network shares and allows attackers to access and gives full control over infected computer.
- win32.vbWin32.VB attempts to download files from given websites It also attempts to modify the settings of Internet Explorer.
- win32.welchiaWorm that spread using the DCOM RPC Vulnerability - Sure to slow down PC performance
- win32.wowWin32.WOW is a Trojan that allows hackers to gain access and full control over the infected computers.
- win32.wzWin32.WZ is a Worm that allows hackers to gain access and full control over the infected computers.

activity monitor

ACROSS THE GLOBE

ACROSS THE GLOBE

IN United States

FROM United States