Keysnatch
This keylogger is one of the most popular commercial keylogging malware. Its primary objective is to log different keystrokes, done by user. The hacker can find valuable information about the user, including passwords. Very dangerous, and hard to get rid of.
File System Modifications
- The following files were created in the system:
# File Name 1 abox.ocx 2 ccrpftv6.ocx 3 keysnatch.exe 4 sssplt30.ocx
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINEsoftwareclassesaboxctl.aboxHKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstallkeysnatchdisplaynameHKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstallkeysnatchuninstallstring - The following CLSID's were detected:
HKEY..\..\{CLSID Path}03f7cb5f-9e40-4b74-a3ed-7dbeaab01c6cfdf66bea-fec0-4fe5-b6f3-db416f6f7cb9df329552-2e33-45dd-b529-f1a79c5c14d6b538d830-1f02-4c5e-a881-a442e48e6310a368e682-63c3-4a6b-90df-d36f1f94b68f8c3d4aa6-2599-11d2-baf1-00104b9e07928c3d4aa5-2599-11d2-baf1-00104b9e07928c3d4aa3-2599-11d2-baf1-00104b9e07928c3d4aa1-2599-11d2-baf1-00104b9e079277190304-5e62-46b2-a556-599361fb715548372215-470c-4108-b9b3-6de0ea8a62103923042b-2c35-4910-8711-4e0712b8e7c0330849e8-b164-474c-9f09-0fe635d36c3c1a23c59a-8c62-4860-a2fe-fc3940e8158c083e2157-26b7-4a35-92df-11d886ed88cee2a1da8f-fb3e-4e4a-8df6-bc54af4f2b7bd4f6d70a-eca7-4d42-aaec-dad4e26889e1b50ee6c3-c280-47f5-b73f-d624a2980e5d9e563445-b3b2-4a4c-850f-32073a5df93e7a834f35-3908-4fda-bdac-28eab89a0fb3680c2b92-6fbf-446e-8b32-3bba73f1004d634e2191-2142-4c32-8a9a-d92032ca5f51
\" ccrpftv6.ocx\" Seems to be a normal system file which possibly displays the system drives which XP recognizes. I think that ccrpftv6.ocx in capital letters is a malware file. I don\'t think that most internet or spyware search functions differentiate between the two. If I am incorrect please set me straight, but I have run Adaware, Avast, System Mechanic, and Symantec on this file, and it only comes up as a spyware/keylogger with system mechanic.