PC Police

Posted: March 28, 2006

PC Police is a commercial PC surveillance application that tracks user activity, logs all keystrokes and captures online chat conversations. Gathered data can be silently transferred to a remote PC. PC Police is not an actual spyware. However, it can be used for obvious malicious purposes. The application must be manually installed. It secretly runs on every Windows startup.

File System Modifications

The following files were created in the system:

# File Name

1 ppagnt.exe

2 ppenvoke.exe

3 ppsvc.exe

#	File Name
1	ppagnt.exe
2	ppenvoke.exe
3	ppsvc.exe

Registry Modifications

The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINESOFTWAREClassesInetCtls.InetHKEY_LOCAL_MACHINESOFTWAREClassesInetCtls.Inet.1HKEY_LOCAL_MACHINESOFTWAREClassesOSSMTP.AttachmentHKEY_LOCAL_MACHINESOFTWAREClassesOSSMTP.CustomHeaderHKEY_LOCAL_MACHINESOFTWAREClassesOSSMTP.SMTPSessionHKEY_LOCAL_MACHINESOFTWAREClassesSystemHook.SysHookHKEY_LOCAL_MACHINESOFTWAREClassesSystemHook.SysHook.1HKEY_LOCAL_MACHINESOFTWAREClassesTabDlg.SSTabHKEY_LOCAL_MACHINESOFTWAREClassesTabDlg.SSTab.1HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunppsvc
The following CLSID's were detected:
HKEY..\..\{CLSID Path}BDC217C8-ED16-11CD-956C-0000C04E4C0AAA987BF8-E849-4996-9335-413DF4A8158AA49D3905-4211-11D4-B85F-00B0D040070E48E59290-9880-11CF-9754-00AA00C00908BDC217C7-ED16-11CD-956C-0000C04E4C0AA49D3913-4211-11D4-B85F-00B0D040070EA49D3911-4211-11D4-B85F-00B0D040070EA34B63B9-8FD8-4004-BED1-4E6E587B5175A24154AB-E52F-4F9F-91A0-4E3E243BEDBE5FB91338-D8D6-4431-B490-8388D37AFE9657506911-EDA2-4815-810B-7C55A685DA5148E59292-9880-11CF-9754-00AA00C0090848E59291-9880-11CF-9754-00AA00C009082A4FCCB0-DFF1-11CF-8E74-00A0C90F26F8C2A3FF36-C3A5-4334-968C-1DEA85AAA772BDC217C5-ED16-11CD-956C-0000C04E4C0ABB81FA79-DCD7-48A6-A710-A85BD5ED9640A49D3912-4211-11D4-B85F-00B0D040070E7DA06D40-54A0-11CF-A521-0080C77A778648E59293-9880-11CF-9754-00AA00C009080A1C811C-88FF-493B-98A9-83B4A649ACD9

PC Police

File System Modifications

Registry Modifications

Leave a Reply