Stefanie
Stefanie, also known as Stefan, is a specific Internet worm written in Visual Basic Script language. It spreads through file sharing networks using popular peer-to-peer softwares such as Kazaa, Morpheus, Grokster or BearShare. The spyware attempts to corrupt the computer by deleting the Windows Explorer and AIM messenger. It compromises overall computer security by disabling essential Windows tools and preventing antivirus applications, firewalls, security-related software and other widely used softwares from running. Stefanie also performs annoying actions. It eject the CD-ROM tray, opens a particular web site, reboots or turns off a PC and shows several messages that reveal the worm's presence in the computer. The spyware runs on every Windows startup.
File System Modifications
- The following files were created in the system:
# File Name 1 bigboobs.jpg.vbs 2 hosts.vbs 3 hotgirl.jpg.vbs 4 howtoripdvds.doc.vbs 5 lordoftherings.doc.vbs 6 pussy.jpg.vbs 7 sex.jpg.vbs 8 sextips.doc.vbs 9 startup.vbs 10 stefanie.html 11 stefanie.vbs 12 windows.cmd 13 young.teen.jpg.vbs
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USERSoftwareAmericaOnlineAOLInstantMessenger(TM)CurrentVersionLoginScrenName=FreeSteFanieHKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerDesktopComponents1Source=C:stefanie.htmlHKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerDesktopComponents1SubscribedURL=C:stefanie.htmlHKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternetSettingsEmailName=[e-mailaddress]HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisableTaskMgr=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun[X]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRegisteredOwner[°K°]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunstefanieHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunsystrayHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWinlogonLegalNoticeCaption=[string]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWinlogonLegalNoticeText=[string]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerNoClose=1HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerNoDrives=0x03ffffffHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerNoFolderOptions=1HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerNoViewContextMenu=1
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.