Spy Sweeper with AntiVirus

The most award-winning anti-spyware software

Spy Sweeper with Antivirus

Get serious about removing spyware with Spy Sweeper - the award-winning anti-spyware software trusted by millions of home computer users.

Add to Cart Button

$29.95

Spyware & Virus Directory

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 

Spyware.SpyGraphica

Updated: March 21, 2005 12:18:33 PM GMT
Type: Spyware
Name: SpyGraphica Pro 3.1
Version: 3.1
Publisher: cablehead software
Risk Impact: High
File Names: SpyGraphica.exe (installer); chm.exe; SpyGraphica.exe (main configuration manager); svchosts.exe
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

SUMMARY


Behavior

Spyware.SpyGraphica is a program that logs keystrokes and takes snapshots on your computer.

Symptoms

One or more files are detected as Spyware.SpyGraphica.

Transmission

Spyware.SpyGraphica must be manually installed on your system.

Protection

  • Virus Definitions (LiveUpdate™ Weekly) July 21, 2004
  • Virus Definitions (Intelligent Updater) July 17, 2004

TECHNICAL DETAILS


Spyware.SpyGraphica runs, it can:
  • Log keystrokes and screenshots.
  • Hide and unhide its tray icon.
  • Log transferring via email.

When Spyware.SpyGraphica runs, it does the following:
  1. Displays the installation instructions.

  2. Prompts for the installation folder. The default installation folder is C:SpyGraphica.

    Note: We have developed the contents in the rest of this document under the assumption that you selected to install the Spyware on the default directory.

  3. Creates the following files:
    C:SpyGraphicalCapchm.exe: Used for registration. Detected as Spyware.SpyGraphica.
    C:SpyGraphicalCapdfr.abc
    C:SpyGraphicaINSTALL.LOG: Installation information.
    C:SpyGraphicaReadMe.txt: Documentation.
    C:SpyGraphicaSpyGraphica.exe: Main configurations application. Detected as Spyware.SpyGraphica.
    C:SpyGraphicaSpyGraphica.exe.manifest: Spyware information.
    C:SpyGraphicasvchosts.exe: Main logging application. Detected as Spyware.SpyGraphica.
    C:SpyGraphicaUNWISE.EXE: Generic uninstaller.
    C:Documents and SettingsAdministratorStart MenuProgramsSpyGraphicaSpyGraphica.lnk: Start menu link.

  4. Creates the following files in %System% directory if they do not already exist:

    Note: %System% is a variable. The worm locates the System folder and copies itself to that location. By default, this is C:WindowsSystem (Windows 95/98/Me), C:WinntSystem32 (Windows NT/2000), or C:WindowsSystem32 (Windows XP).

    Important:     Other applications may use the following files. Microsoft provides many of the files. We advise that you do not erase these files.
    • WISE0001.DLL
    • OCXREG32.EXE
    • PROGRESS.DLL
    • W32INST.DLL
    • OLEAUT32.DLL
    • OLEPRO32.DLL
    • ASYCFILT.DLL
    • STDOLE2.TLB
    • MSVBVM60.DLL
    • REGSVR32.EXE
    • COMCAT.DLL
    • MFC42.DLL
    • MSVCRT40.DLL
    • MSCOMCTL.OCX
    • COMDLG32.OCX
    • VBAR332.DLL
    • RESTART.EXE
    • UNWISE32.EXE
    • GETCPU.DLL
    • MSCOMCTL.OCX
    • SSUBTMR6.DLL
    • SSUBTMR.DLL
    • DWSPY36.DLL
    • DWSHK36.OCX
    • CCRPTMR6.DLL
    • IJL11.DLL
    • GLABCORE.DLL
    • CCRPSLD.OCA
    • CCRPSLD.OCX
    • MSWINSCK.OCX
    • VBALGRID6.OCX
    • XPMENU.OCX
    • MSVCRT.DLL
    • MBPRGBAR.OCX
    • VBALIML6.OCX
    • SCRRUN.DLL

  5. Adds the value:

    "RegHelp" = "C:SPYGRA~1svchosts.exe"

    to the registry key:

    HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun

    so that the spyware runs when you start Windows.

  6. Creates the following registry keys/values:
    HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstallSpyGraphica Pro 3DisplayName = "SpyGraphica Pro 3"
    HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstallSpyGraphica Pro 3UninstallString = "C:SPYGRA~1UNWISE.EXE C:SPYGRA~1INSTALL.LOG"
    HKEY_LOCAL_MACHINESoftwareWise SolutionsWise Installation SystemRepairC:/SpyGraphica/INSTALL.LOGIcons1Path = "C:SPYGRA~1SpyGraphica.exe"
    HKEY_LOCAL_MACHINESoftwareWise SolutionsWise Installation SystemRepairC:/SpyGraphica/INSTALL.LOGIcons1ShowWindow = "1"
    HKEY_LOCAL_MACHINESoftwareWise SolutionsWise Installation SystemRepairC:/SpyGraphica/INSTALL.LOGIcons1Arguments = ""
    HKEY_LOCAL_MACHINESoftwareWise SolutionsWise Installation SystemRepairC:/SpyGraphica/INSTALL.LOGIcons1WorkingDir = ""
    HKEY_LOCAL_MACHINESoftwareWindowsaAppString = "<string found in application to screen capture>"
    HKEY_LOCAL_MACHINESoftwareWindowsaDesktop = "<option for screen capture style>"
    HKEY_LOCAL_MACHINESoftwareWindowsaline = "<mail setting>"
    HKEY_LOCAL_MACHINESoftwareWindowsap = "C:SPYGRA~1svchosts.exe"
    HKEY_LOCAL_MACHINESoftwareWindowsCapAtBoot = "<option for starting capture at boot time>"
    HKEY_LOCAL_MACHINESoftwareWindowscDelay = "<screen capture delay in milliseconds>"
    HKEY_LOCAL_MACHINESoftwareWindowseDesktop = "<option for screen capture style>"
    HKEY_LOCAL_MACHINESoftwareWindowsf1 = "<miscellaneous setting>"
    HKEY_LOCAL_MACHINESoftwareWindowsf2 = "<miscellaneous setting>"
    HKEY_LOCAL_MACHINESoftwareWindowsflo = "<miscellaneous setting>"
    HKEY_LOCAL_MACHINESoftwareWindowsFont = "<font of log>"
    HKEY_LOCAL_MACHINESoftwareWindowsfqual = "<capture quality>"
    HKEY_LOCAL_MACHINESoftwareWindowsFrunner = "<miscellaneous setting>"
    HKEY_LOCAL_MACHINESoftwareWindowsHome = "C:SPYGRA~1svchosts.exe"
    HKEY_LOCAL_MACHINESoftwareWindowsLeft = "<positioning setting>"
    HKEY_LOCAL_MACHINESoftwareWindowsLeft2 = "<positioning setting>"
    HKEY_LOCAL_MACHINESoftwareWindowsLrun = "<last run time>"
    HKEY_LOCAL_MACHINESoftwareWindowsmadd = "<mailing address>"
    HKEY_LOCAL_MACHINESoftwareWindowsMD = "<disk options>"
    HKEY_LOCAL_MACHINESoftwareWindowsMDSpace = "<maximum disk space>"
    HKEY_LOCAL_MACHINESoftwareWindowsmEnabled = "<log mailing setting>"
    HKEY_LOCAL_MACHINESoftwareWindowsmfreq = "<mailing frequency>"
    HKEY_LOCAL_MACHINESoftwareWindowsmodem = "<miscellaneous setting>"
    HKEY_LOCAL_MACHINESoftwareWindowsmsvr = "<mailing server>"
    HKEY_LOCAL_MACHINESoftwareWindows frames = "<miscellaneous setting>"
    HKEY_LOCAL_MACHINESoftwareWindowsam = "<miscellaneous setting>"
    HKEY_LOCAL_MACHINESoftwareWindowstards = "<miscellaneous setting>"
    HKEY_LOCAL_MACHINESoftwareWindowsRun = "<miscellaneous setting>"
    HKEY_LOCAL_MACHINESoftwareWindowssApp = "<miscellaneous setting>"
    HKEY_LOCAL_MACHINESoftwareWindowsSavePath = "<path to save logs>"
    HKEY_LOCAL_MACHINESoftwareWindowssDelay = "<viewing delay in seconds>"
    HKEY_LOCAL_MACHINESoftwareWindowsStealth = "<stealth options>"
    HKEY_LOCAL_MACHINESoftwareWindowsStopIfMax = "<maximum disk setting>"
    HKEY_LOCAL_MACHINESoftwareWindowsToolTip = "<warning message>"
    HKEY_LOCAL_MACHINESoftwareWindowsTop = "<positioning setting>"
    HKEY_LOCAL_MACHINESoftwareWindowsTop2 = "<positioning setting>"
    HKEY_LOCAL_MACHINESoftwareWindowsXfor = "<encrypted password>"
    HKEY_LOCAL_MACHINESoftwareWindowszMin = "<miscellaneous setting>"



REMOVAL


The following instructions pertain to all Symantec antivirus products that support Security Risk detection.
  1. Update the definitions.
  2. Uninstall Spyware.SpyGraphica.
  3. Restart the computer in Safe mode.
  4. Run a full system scan and delete all the files detected as Spyware.SpyGraphica.
  5. Delete the values that were added to the registry.
For specific details on each of these steps, read the following instructions.
  1. To update virus definitions
    To obtain the most recent definitions, start your Symantec program and run LiveUpdate.
  2. To uninstall Spyware
    1. Navigate to C:SpyGraphica.
    2. Double-click UNWISE.EXE.

  3. To restart the computer in Safe mode
    Shut down the computer and turn off the power. Wait for at least 30 seconds, and then restart the computer in Safe mode or VGA mode. For instructions, read the document, How to start the computer in Safe Mode.
  4. To scan for and delete the files
    1. Start Norton AntiVirus and make sure that it is configured to scan all the files. For more information, read the document, How to configure Norton AntiVirus to scan all files.
    2. Run a full system scan.
    3. If any files are detected as Spyware.SpyGraphica, click Delete.


      Note:       If your Symantec antivirus product reports that it cannot delete a detected file, write down the path and file names. Then use Windows Explorer to locate and delete the file. If you ran the uninstallation process as described in the previous section, it is possible that all the files were removed, and therefore none will be detected.

  5. To delete the values from the registry

    Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.
Note: This is done to make sure that all the keys are removed. They may not be there if the uninstaller removed them.
  1. Click Start > Run.
  2. In the Open box, type: regedit
  3. Click OK.

  4. Navigate to the key:
    HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun

    In the right pane, delete the value:

    "RegHelp" = "C:SPYGRA~1svchosts.exe"

  5. Navigate to the key:
    HKEY_LOCAL_MACHINESoftware

    In the left pane, delete the subkey: Windows

    Important: Make sure that you do not delete the registry key: HKEY_LOCAL_MACHINESoftwareMicrosoftWindows

  6. Navigate to the key:
    HKEY_LOCAL_MACHINESoftwareWise SolutionsWise Installation SystemRepair

    In the left pane, delete the subkey:

    C:/SpyGraphica/INSTALL.LOG

  7. Exit the Registry Editor.



Spy Sweeper 5.2 stops spyware in its tracks while offering home computer users the ability to configure the program to suit their specific needs, such as:

Choose a Quick, Full or Custom Sweep: With Spy Sweeper 5.2, you can easily choose to perform a quick, full or customized sweep. If you're looking for an immediate diagnosis, choose a quick sweep. For a pinpointed search, customize your sweep to have Spy Sweeper skip files by folder or file extension. For a deep cleaning, opt for a full sweep.

Exclude Files from a Sweep: Spy Sweeper allows you to save time during a sweep by skipping specific files or different sections of your PC. You can select specific file extension, such as .xls or .mpg to exclude.

Additional Highlights

As soon as it's installed, Spy Sweeper gives 360 degrees of protection against spyware, including:

Simple Sweeps: Detecting spyware and removing unwanted programs found on your computer in three effortless steps

Easy Management: Quickly and simply configure program, sweep and upgrade options

Fast Home: Use the home screen to access the most commonly used functions of Spy Sweeper

Shields Summary: A redesigned shields summary page makes it simple to see at a glance which shields are on or off

Action Alerts: Receive clear, easy-to-understand notifications when new spyware threats are detected

"Spy Sweeper remains a favorite for protection from spyware."



"This program's dominance is apparent as soon as you install it."