Spyware.TrustyHound

Spyware.TrustyHound

Updated:
February 13, 2007
Risk Impact:
Low
Systems Affected:
Windows

Behavior


Spyware.TrustyHound provides a search engine in the system tray and sends system information to a predetermined server.

Symptoms


Files are detected as Spyware.TrustyHound.

Behavior


Spyware.TrustyHound must be manually installed on your system.

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version December 08, 2017 revision 022
  • Initial Daily Certified version May 14, 2005
  • Latest Daily Certified version December 09, 2017 revision 001
  • Initial Weekly Certified release date May 16, 2005
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

When Spyware.TrustyHound is installed, it performs the following actions:
  1. Creates the following files:

    %ProgramFiles%\TrustyHound-TS\TrustyHound-TS.exe
    %ProgramFiles%\TrustyHound-TB\TRUSTYHOUND-TS-installer.exe
    %ProgramFiles%\TrustyHound-TB\tb[2 random characters]\TRUSTYHOUND-TS-installer.exe

    Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

  2. Creates the following non malicious files:

    • %ProgramFiles%\TrustyHound-TS\cardfountain.html
    • %ProgramFiles%\TrustyHound-TS\cardfountain.ico
    • %ProgramFiles%\TrustyHound-TS\free-stuff-directory.html
    • %ProgramFiles%\TrustyHound-TS\free-stuff-directory.ico
    • %ProgramFiles%\TrustyHound-TS\funflirts.html
    • %ProgramFiles%\TrustyHound-TS\funflirts.ico
    • %ProgramFiles%\TrustyHound-TS\image-search.html
    • %ProgramFiles%\TrustyHound-TS\image-search.ico
    • %ProgramFiles%\TrustyHound-TS\unins000.dat
    • %ProgramFiles%\TrustyHound-TS\unins000.exe
    • %ProgramFiles%\TrustyHound-TS\web-search.html
    • %ProgramFiles%\TrustyHound-TS\web-search.ico
    • %ProgramFiles%\TrustyHound-TB\autofill_plugin.dll
    • %ProgramFiles%\TrustyHound-TB\whiteList_plugin.dll
    • %ProgramFiles%\TrustyHound-TB\msvcp60.dll
    • %ProgramFiles%\TrustyHound-TB\msvcrt.dll
    • %ProgramFiles%\TrustyHound-TB\autofill.cfg
    • %ProgramFiles%\TrustyHound-TB\b246.LOG
    • %ProgramFiles%\TrustyHound-TB\basis.xml
    • %ProgramFiles%\TrustyHound-TB\icons.bmp
    • %ProgramFiles%\TrustyHound-TB\local-bubble.html
    • %ProgramFiles%\TrustyHound-TB\toolbar-search-over.bmp
    • %ProgramFiles%\TrustyHound-TB\toolbar.crc
    • %ProgramFiles%\TrustyHound-TB\toolbar-search.bmp
    • %ProgramFiles%\TrustyHound-TB\toolbar.dll
    • %ProgramFiles%\TrustyHound-TB\version.txt
    • %ProgramFiles%\TrustyHound-TB\websearch-over.bmp
    • %ProgramFiles%\TrustyHound-TB\websearch.bmp

  3. Creates the following files:

    • %Temp%\NS025T
    • %Temp%\TrustyHound-TS.exe
    • %Temp%\~DF2A78.Tmp
    • %UserProfile%\Desktop\CardFountain Greetings.lnk
    • %UserProfile%\Desktop\Free Stuff Directory.lnk
    • %UserProfile%\Desktop\FunFlirts Online Dating.lnk
    • %UserProfile%\Desktop\TrustyHound Image Search.lnk
    • %UserProfile%\Desktop\TrustyHound Web Search.lnk
    • %UserProfile%\Start Menu\CardFountain Greetings.lnk
    • %UserProfile%\Start Menu\Free Stuff Directory.lnk
    • %UserProfile%\Start Menu\FunFlirts Online Dating.lnk
    • %UserProfile%\Start Menu\TrustyHound Image Search.lnk
    • %UserProfile%\Start Menu\TrustyHound Web Search.lnk
    • %UserProfile%\Start Menu\Programs\TrustyHound-TS\CardFountain Greetings.lnk
    • %UserProfile%\Start Menu\Programs\TrustyHound-TS\Free Stuff Directory.lnk
    • %UserProfile%\Start Menu\Programs\TrustyHound-TS\FunFlirts Online Dating.lnk
    • %UserProfile%\Start Menu\Programs\TrustyHound-TS\TrustyHound Image Search.lnk
    • %UserProfile%\Start Menu\Programs\TrustyHound-TS\TrustyHound Web Search.lnk
    • %UserProfile%\Start Menu\Programs\TrustyHound-TS\TrustyHound-TS Companion.lnk

      Notes:
    • %Temp% is a variable that refers to the Windows temporary folder. By default, this is C:\Windows\TEMP (Windows 95/98/Me/XP) or C:\WINNT\Temp (Windows NT/2000).
    • %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\<Current User> (Windows NT/2000/XP).

  4. Adds the value:

    "TrustyHound-TS" = "%ProgramFiles%\TrustyHound-TS\TrustyHound-TS.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that the risk runs every time Windows starts.

  5. Adds the registry subkey:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TrustyHound-TS ( Companion Tools )_is1

    so that Spyware.TrustyHound can be uninstalled.

  6. Displays an icon in the system tray that can be used to access a meta search engine. When the search engine is used, system information is sent to a predetermined server.


To uninstall the Security Risk
  1. Do one of the following:
    1. On the Windows 98 taskbar:
      1. Click Start > Settings > Control Panel.
      2. In the Control Panel window, double-click Add/Remove Programs.

    2. On the Windows Me taskbar:
      1. Click Start > Settings > Control Panel.
      2. In the Control Panel window, double-click Add/Remove Programs.
        If you do not see the Add/Remove Programs icon, click "...view all Control Panel options."

    3. On the Windows 2000 taskbar:
      By default, Windows 2000 is set up the same as Windows 98, so follow the instructions for Windows 98. If otherwise, click Start, point to Settings > Control Panel, and then click Add/Remove Programs.

    4. On the Windows XP taskbar:
      1. Click Start > Control Panel.
      2. In the Control Panel window, double-click Add or Remove Programs.

  2. Click TrustyHound-TS (Companion Tools) version 4.2


    Note:
    You may need to use the scroll bar to view the whole list.

  3. Click Add/Remove, Change/Remove, or Remove (this varies with the operating system). Follow the prompts.

    Note: After running the Add/Remove programs applet, all the files may have been removed. You will want to run a full system scan to ensure that this is the case. However, it is possible that no files will be detected after using Add/Remove programs.