eBlaster 2.1
|
· Overview ·
|
Overview |
|
Summary: |
From the doc: 'eBlaster will AUTOMATICALLY monitor PC activity from a remote location. Install eBlaster once on the PC and walk away. There is no need to return to the computer...EVER! Once installed, eBlaster monitors the PC and then delivers detailed activity reports right to your e-mail address, as frequently as every 30 minutes. eBlaster records: All Web Sites Visited All Applications Run All Keystrokes Typed All Chat Conversations All Instant Messages (including both sides of a Yahoo, MSN or AOL instant message session) eBlaster is 100 percent compatible with AOL 5.0, AOL 6.0 and AOL 7.0.' |
Vendor Notes: |
From the eBlaster Web Site: Automatically forwards you an EXACT COPY of their Chats, Instant Messages and Emails. Now with optional Remote Install if you do not have physical access to the computer you wish to monitor. eBlaster Internet spy software is the ONLY software in the world that will capture their incoming and outgoing email, chats and instant messages - then IMMEDIATELY forward you an EXACT COPY. Example: • You are at work and your child is home from school. • She receives an email from John at 3:00 PM. • Within seconds, you receive a COPY of that email sent to your email address. • A few minutes later, she replies to John's email. • Within seconds, you receive a COPY of what she sent to John. In addition, eBlaster spy software records ALL emails, chats, instant messages, web sites visited, keystrokes typed, programs launched and peer-to-peer (P2P) files downloaded - then sends it to you via email in the form of a detailed Activity Report. Receive your Activity Reports as frequently as once every hour or once a day - it's your choice. |
Alias: |
Trj/Reboot.htm [Panda] |
Category: |
Key Logger: (Keystroke Logger). A program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack. For example, a key logger will reveal the contents of all e-mail composed by the user. Keylog programs are commonly included in rootkits and RATs (remote administration trojans). Browser Helper Object: (BHO). A component that Internet Explorer will load whenever it starts, shares IE's memory context, can perform any action on the available windows and modules. A BHO can detect events, create windows to display additional information on a viewed page, monitor messages and actions. Microsoft calls it "a spy we send to infiltrate the browser's land." BHOs are not stopped by personal firewalls, because they are seen by the firewall as your browser itself. Some exploits of this technology search all pages you view in IE and replace banner advertisements with other ads. Some monitor and report on your actions. Some change your home page. Surveilance: Trojan: Any program with a hidden intent. Trojans are one of the leading causes of breaking into machines. If you pull down a program from a chat room, new group, or even from unsolicited e-mail, then the program is likely trojaned with some subversive purpose. The word Trojan can be used as a verb: To trojan a program is to add subversive functionality to an existing program. For example, a trojaned login program might be programmed to accept a certain password for any user's account that the hacker can use to log back into the system at any time. Rootkits often contain a suite of such trojaned programs. |
Variants: |
|
Similar Pests: |
Key Logger · Browser Helper Object · Surveilance · Trojan |
Origins |
|
Group: |
Spectorsoft |
Vendor: |
SpectorSoft. |
By This Group: |
|
Mailing Address: |
333 17th Street Vero Beach, FL 32960 |
Phone: |
888-598-2788 (Toll-Free Sales) 772-770-5670 (Outside of U.S.) |
Date of Origin: |
Variants from May, 2000 to November, 2004 |
Place of Origin: |
Vero Beach, FL USA |
Distribution |
|
Prevalence: |
|
Clot Factor: |
The "Clot Factor" is a measure of how much a pest "gums up" a machine by adding registry entries, files, and directories. As more objects are placed in a machine, manual removal becomes more difficult and more error-prone. |
Growth: |
|
Operation |
|
General: |
eBlaster 5.0 defends itself against removal. Research installed eBlaster 4 times and each time the exe and dll files had different names. Some files seem randomly named, while others are named using a convention similar to Microsofts. For example, Microsoft has a number of dlls that begin dhcp and eBlaster named a dll dhcpkbd.dll. Many other files named in a similar way. Also, files guard against creating a backup. Most registry entries are given a unique CLSID. Some registry entries are recreated if deleted. |
Info Collected: |
Records Emails, Chats, IMs, Web Sites, Programs Run, Keystrokes Typed, Peer to Peer File Sharing, Screen Snapshots - Plus - Offers Internet Access Blocking and Instant Notification Alerts |
Storage Required: |
|
Browser Performance: |
Likely to slow performance of Internet Explorer. |
ScreenShot: |
|
eBlaster 2.1
Risks |
|
Detection Issues: |
Difficult to detect by design. May hide from process list. May install with variable names in variable locations. |
Detection and Removal |
|
Automatic Removal: |
|
Manual Removal: |
Follow these steps to remove EBlaster from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake. |
| Stop Running Processes: Kill these running processes with Task Manager: | |
| Unregister DLLs: Unregister these DLLs with Regsvr32, then reboot: | |
| Clean Registry: Remove these registry items (if present) with RegEdit: | |
| Remove Files: Remove these files (if present) with Windows Explorer: | |
| Remove Directories: Remove these directories (if present) with Windows Explorer: | |
Research |
|
File Analyses: |
|
More Info: |
|
Research By: |
|
Last Revised: |
April 02, 2005 |
PestPatrol detects this.