Hic, Bác HSSS xem lại hộ cái P2K tool với, sau khi giải nén thì phần mềm Symantec Security trên máy tính của em đều xóa luôn file P2Keditor và báo file bị nhiễm Spyware.HiddenCamera, và link đến dòng thông báo sau:
Spyware.HiddenCameraPrinter Friendly Page
SUMMARY TECHNICAL DETAILS REMOVAL Updated: February 13, 2007 11:48:08 AM
Type: Spyware
Risk Impact: High
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Behavior
Spyware.HiddenCamera is an application which takes a screenshot of the desktop at regular intervals and transmits this information to another computer over a network. It can be configured to monitor the client computer silently at startup.
Symptoms
Your Symantec program detects Spyware.HiddenCamera.
Transmission
Spyware.HiddenCamera must be manually installed.
ProtectionInitial Rapid Release version February 8, 2006
Latest Rapid Release version February 6, 2009 revision 050
Initial Daily Certified version February 8, 2006
Latest Daily Certified version February 6, 2009 revision 049
Initial Weekly Certified release date February 8, 2006
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
.
___________Auto Merge________________
.
Và cái hoạt động cụ thể của em spyware trên máy tính của em cụ thể như sau:
Updated: February 13, 2007 11:48:08 AM
Type: Spyware
Risk Impact: High
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
When Spyware.HiddenCamera is installed, it performs the following actions:
Creates the following files:
%ProgramFiles%\Oleansoft\Hc\Uninstal.exe
%ProgramFiles%\Oleansoft\Hc\hchelp.chm
%ProgramFiles%\Oleansoft\Hc\License.txt
%ProgramFiles%\Oleansoft\Hc\IJL15.DLL (Intel JPG Library)
%ProgramFiles%\Oleansoft\Hc\OLEACC.DLL (Microsoft OLE Accessibility Library)
%ProgramFiles%\Oleansoft\Hc\Hce.exe
%ProgramFiles%\Oleansoft\Hc\Hc.exe
%ProgramFiles%\Oleansoft\Hc\archiveviewer.exe
%ProgramFiles%\Oleansoft\Hc\hcarchive\readme.txt
%UserProfile%\Start Menu\Programs\Hidden Camera\External Archive Viewer.lnk
%UserProfile%\Start Menu\Programs\Hidden Camera\Help.lnk
%UserProfile%\Start Menu\Programs\Hidden Camera\Hidden Camera Manager.lnk
%UserProfile%\Start Menu\Programs\Hidden Camera\License.lnk
%UserProfile%\Desktop\Hidden Camera Manager.lnk
%Windir%\system\Winhc212.dll (file containing initialization information for Spyware.HiddenCamera)
%Windir%\hce29port.ini (ini file for Spyware.HiddenCamera)
%Windir%\HCIPHELP.TXT
%Windir%\OHC\ijl15.dll
%Windir%\OHC\hce.exe
Notes:
%ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
%UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt (Windows NT/2000).
Creates the following registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Uninstall\Hidden Camera
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Uninstall\Hidden Camera 250-in-1
Adds the values:
"HCEmployee" = "C:\Program Files\Oleansoft\Hc\Hce.exe"
"HCEmployee" ="C:\WINDOWS\OHC\hce.exe"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
so that it runs every time Windows starts.
Takes periodic screenshots of the desktop and stores them as .jpeg files in the following folder:
%ProgramFiles%\Oleansoft\Hc\hcarchive
Sends these files to another computer on the network via TCP port 4010.
