Theals.b
Theals.b is a dangerous multifunctional Internet worm that distributes itself by e-mail and infects network PCs running Windows operating computer with unpatched security vulnerabilities. The spyware arrives in bogus e-mail messages with attached .pif files. Once the user executes such a file, Theals.b silently installs itself to the computer and infects executable files found on the compromised PC. Then it drops malicious components of its previous variant - Theals, and starts collecting confidential account details and files of installed WebMoney software. Gathered data is transferred to a predefined web server. Theals.b is able to hide its active processes and related files. The worm automatically runs on every Windows startup.
File System Modifications
- The following files were created in the system:
# File Name 1 stealth.bszip.dll 2 stealth.dcom.exe 3 stealth.ddos.exe 4 stealth.exe 5 stealth.injector.exe 6 stealth.shared.dll 7 stealth.spam1.exe 8 stealth.spam2.exe 9 stealth.stat.exe 10 stealth.wm.exe 11 stealth.worm.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsNTCurrentVersionWinlogonShellexplorer.exeC:stealth.worm.exe
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.