SpyEye is a famous trojan that steals your private data.
Also known as EyeStye (Microsoft), Pincav (Kaspersky).
Can be identified by any anti-rootkit: only user-mode hooks, no driver.
Purpose of hooks is self-defence: hides registry keys from it starts, hides file on disk and intercepts private information.
![]()
A lot of hooks in processes.
![]()
Registers itself in autorun at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
![]()
Hidden autostart item.
![]()
Hidden directory with module.
Instructions for remove: delete autorun item from registry and hidden folder on disk. After reboot, your system is clean.
Was discussed here http://www.kernelmode.info/forum/viewtopic.php?f=16&t=93.
Also known as EyeStye (Microsoft), Pincav (Kaspersky).
Can be identified by any anti-rootkit: only user-mode hooks, no driver.
Purpose of hooks is self-defence: hides registry keys from it starts, hides file on disk and intercepts private information.
Instructions for remove: delete autorun item from registry and hidden folder on disk. After reboot, your system is clean.
Was discussed here http://www.kernelmode.info/forum/viewtopic.php?f=16&t=93.
