Spyware.TotalSpy

Spyware.TotalSpy

Updated:
May 08, 2006
Risk Impact:
Low
Systems Affected:
Windows

Behavior

Spyware.TotalSpy is a spyware program that monitors user activity including visited URLs, logged keystrokes, and also captures screenshots.

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version February 01, 2015 revision 020
  • Initial Daily Certified version May 08, 2006
  • Latest Daily Certified version January 07, 2013 revision 017
  • Initial Weekly Certified release date May 10, 2006
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Spyware.TotalSpy is a spyware program that monitors user activity including visited URLs, logged keystrokes, and also captures screenshots.

When Spyware.TotalSpy is first installed, it creates the following files:
C:\Program Files\TS Trial\conf.dat
C:\Program Files\TS Trial\ctfmon.exe
C:\Program Files\TS Trial\ver.dat

The risk also creates the following folders:
C:\Program Files\TS Trial\daily_log_files
This folder contains the log files for all the keystrokes logged.

C:\Program Files\TS Trial\daily_visited_urls
This folder contains the log files for all the URLs visited.

C:\Program Files\TS Trial\spy_screenshots
This folder may contain other folders which contain the screenshots taken by the threat.


The risk then creates the following registry entry so that it runs every time Windows starts:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"ctfmon.exe" = "C:\Program Files\TS Trial\ctfmon.exe"

The risk then monitors user activity on the compromised computer, logs keystrokes, and captures screenshots.