Busted

Posted: March 28, 2006

Busted is a commercial PC surveillance tool designed to monitor user activity, log keystrokes, take screenshots, capture AIM chat conversations and record addresses of visited web sites. Gathered data is saved to an encrypted file, which can be sent to a preconfigured e-mail address. Busted must be manually installed. The application runs on every Windows startup.

File System Modifications

The following files were created in the system:

# File Name

1 busted.exe

2 sentinellistener.exe

3 sentinelmon.exe

#	File Name
1	busted.exe
2	sentinellistener.exe
3	sentinelmon.exe

Registry Modifications

The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USERSSoftwareLocalAppWizard-GeneratedApplicationclsrHKEY_CURRENT_USERSSoftwarePCSentinelSoftwarePCSentinelsBusted!HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionAppPathsusted.exeHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunsentinelmonHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallPCSentinelsBusted!HKEY_LOCAL_MACHINESOFTWAREPCSentinelSoftwarePCSentinelsBusted!HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesEventlogApplicationSentinelListener

Busted

File System Modifications

Registry Modifications

Leave a Reply