Troj/AleSpy-B is a Trojan for the Windows platform.
Troj/AleSpy-B will attempt to spy on web traffic. The Trojan will also attempt to download and run executable files.
When first run, Troj/AleSpy-B will alter the Windows Desktop background. The Trojan will change the color of the Desktop and display a fake blue screen error image with the following text:
Security warning
A fatal error in IE has occured at 0028:c0011e36 in VXD VMM(01) +
00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c
* System can not function in normal mode.
Please check you security settings.
* Scan your PC with any avaliable antivirus / spyware remover
program to fix the problem.
Troj/AleSpy-B will drop the following files:
<System>\oleadm.dll
<System>\wp.bmp
<System>\wp.gif
<System>\uninstIU.exe
Troj/AleSpy-B will copy the Windows DLL file in <System>\winint.dll to <System>\oleadm32.dll. The Trojan will then alter the copy. The altered copy is also detected as Troj/AleSpy-B. When Windows is rebooted, the infected copy will replace the original Windows DLL file.
Troj/AleSpy-B sets the following registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoActiveDesktopChanges
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
NoDispBackgroundPage
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
NoDispAppearancePage
1
HKCU\CLSID\(357A87ED-3E5D-437d-B334-DEB7EB4982A3)\
HKCU\Control Panel\Colors
Background
1 2 172
HKCU\Control Panel\Desktop
Wallpaper
<System>\wp.bmp