NETObserve
NETObserve is a powerful remote administration tool with a rich set of functions. NETObserve is a legitimate and quite popular product. It can be used to remotely control the affected PC, browse its file computer, manage its files and processes, modify essential computer and networking settings. The application also tracks user and computer activity, logs all keystrokes, takes screenshots, captures pictures from a webcam, records online chat conversations and addresses of visited web sites. NETObserve is controlled through the web interface. The RAT can hide its running processes and use different techniques to avoid detection. The threat runs on every Windows startup.
File System Modifications
- The following files were created in the system:
# File Name 1 broadcast.exe 2 easys.dll 3 no32mon.exe 4 nosys32.dll 5 syscap32.dll
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINESOFTWAREExploreAnywhereSoftwareNOuy_url=[siteaddress]HKEY_LOCAL_MACHINESOFTWAREExploreAnywhereSoftwareNOsite_url=[siteaddress]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun1sys32cfgHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSharedDlls\%Windir%unvise32.exeHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallNETObserve[XVS]
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.