Ultraview is a computer surveillance program that logs user keystrokes, takes screenshots, captures e-mail messages and online chat conversations and records web sites visited. Gathered data can be transferred to a configurable remote host. It can also be accessed via the Internet. Ultraview is able to hide its running processes and avoid detection. The threat runs on every Windows startup.
dtor.exeregistrar.exe
ccp.dlldprx.dllmca.dllmcie.dllmck.dllmcmsg.dllmco.dllmcoexp.dllmcsc.dllmcy.dll
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunatuvpHKEY_CLASSES_ROOTAOLMonitorDGC.AOLMonitorHKEY_CLASSES_ROOTAOLMonitorDGC.AOLMonitor.1HKEY_CLASSES_ROOTCommonCommandProcessor.CommandProcessorHKEY_CLASSES_ROOTCommonCommandProcessor.CommandProcessor.1HKEY_CLASSES_ROOTDataProxy.MonitorDataProxyHKEY_CLASSES_ROOTDataProxy.MonitorDataProxy.1HKEY_CLASSES_ROOTDataProxy.PostDataHKEY_CLASSES_ROOTDataProxy.PostData.1HKEY_CLASSES_ROOTIEMonitorDGC.IEMonitorHKEY_CLASSES_ROOTIEMonitorDGC.IEMonitor.1HKEY_CLASSES_ROOTKeyLoggerDGC.KeyLoggerHKEY_CLASSES_ROOTKeyLoggerDGC.KeyLogger.1HKEY_CLASSES_ROOTMSNMonitorDGC.MSNMonitorHKEY_CLASSES_ROOTMSNMonitorDGC.MSNMonitor.1HKEY_CLASSES_ROOTOutlookExpressDGC.OEMonitorHKEY_CLASSES_ROOTOutlookExpressDGC.OEMonitor.1HKEY_CLASSES_ROOTOutlookMonitorDGC.OutlookMonitorHKEY_CLASSES_ROOTOutlookMonitorDGC.OutlookMonitor.1HKEY_CLASSES_ROOTScreenCaptureDGC.ScreenCaptureHKEY_CLASSES_ROOTScreenCaptureDGC.ScreenCapture.1HKEY_CLASSES_ROOTYahooMonitorDGC.YahooMonitorHKEY_CLASSES_ROOTYahooMonitorDGC.YahooMonitor.1HKEY_CLASSES_ROOTAppIDRegistrar.EXEHKEY_CLASSES_ROOTAppID{38352016-D06D-41DF-8B5F-1269A59D0096}HKEY_CLASSES_ROOTCLSID{00b7e0ab-817a-44ad-a04b-d1148d524136}HKEY_CLASSES_ROOTCLSID{27B5E5C3-775A-4870-9BD3-B49694524CFD}HKEY_CLASSES_ROOTCLSID{2FF1ACE6-7599-4079-A70E-7E83B0267624}HKEY_CLASSES_ROOTCLSID{3C311150-55BF-4FBD-AFE0-7091E1D2D32B}HKEY_CLASSES_ROOTCLSID{3C8EFE7C-42B3-44B4-B0A8-1261A49D6426}HKEY_CLASSES_ROOTCLSID{45E922A0-0CD5-4A7B-BD35-44CA52B8390D}HKEY_CLASSES_ROOTCLSID{615EB7A2-E5F7-4500-80B7-9F1E72BEC678}HKEY_CLASSES_ROOTCLSID{67654448-42AD-4097-87AA-BAC1BFDA92B6}HKEY_CLASSES_ROOTCLSID{891CA317-EB89-4025-ABB8-0C1D1472E4E5}HKEY_CLASSES_ROOTCLSID{99947C9C-ACC7-4075-8261-0F586026EF52}HKEY_CLASSES_ROOTCLSID{C0D0F71C-6812-4D95-9C4E-015D45A57803}HKEY_CLASSES_ROOTCLSID{F8A0020A-2C78-47CD-AB7B-CE4181BE2628}HKEY_CLASSES_ROOTInterface{0142B9E1-8F28-474B-AFF1-B41811384D70}HKEY_CLASSES_ROOTInterface{1DAA2A2C-BBB9-4CF4-8D9C-757B61D09FD4}HKEY_CLASSES_ROOTInterface{2430F873-EF85-4ED1-A25A-D3E0D629270A}HKEY_CLASSES_ROOTInterface{309C886A-03B6-4098-B693-40034DFC6622}HKEY_CLASSES_ROOTInterface{3FCDAE39-B685-42B3-AC10-EE04C1781652}HKEY_CLASSES_ROOTInterface{408B762E-A8B3-4BB9-984B-3833FBDA2BCE}HKEY_CLASSES_ROOTInterface{4CDDCA57-3DDE-40C7-A589-018E2DBD9CCA}HKEY_CLASSES_ROOTInterface{571904ED-58B8-4CE6-A213-646B5D9A655A}HKEY_CLASSES_ROOTInterface{595EA054-3660-483C-8A79-0166D4D4702E}HKEY_CLASSES_ROOTInterface{6D9D5ED0-757B-4C9E-BB04-CCF5B036E349}HKEY_CLASSES_ROOTInterface{77585A46-EB87-4517-A0BF-170B678A232E}HKEY_CLASSES_ROOTInterface{82AA44FA-00C1-4A10-BE09-D3B10B9E7F68}HKEY_CLASSES_ROOTInterface{8320962F-305F-4F80-AFBF-427556EB385B}HKEY_CLASSES_ROOTInterface{874FAFF4-CA08-4AD8-A2D1-A6D3322205E7}HKEY_CLASSES_ROOTInterface{8A680A04-51D6-4EBA-A35E-DBBAF0D54525}HKEY_CLASSES_ROOTInterface{9154BB18-A295-45A1-8146-EBA4F0EC1B6D}HKEY_CLASSES_ROOTInterface{98732B25-9BD7-4E90-B8E6-9A709EC60058}HKEY_CLASSES_ROOTInterface{B0F03211-099C-45C5-B638-647E7DC731E7}HKEY_CLASSES_ROOTInterface{BA4CF93B-BEDB-4C19-97AF-C39C1B31A848}HKEY_CLASSES_ROOTInterface{C4655209-406D-49BA-9622-AE0410F50D0E}HKEY_CLASSES_ROOTInterface{CC25F4C6-3227-45FA-8FDB-0E291EDB5742}HKEY_CLASSES_ROOTInterface{D330D322-F5EE-4938-8B5F-3F4650F98BB9}HKEY_CLASSES_ROOTInterface{F2168B0C-2381-42E5-A0C1-3B3D6D5AB60E}HKEY_CLASSES_ROOTTypeLib{024CD98B-C982-46BA-A721-29CB460F33B8}HKEY_CLASSES_ROOTTypeLib{16EB59FA-8710-430F-922D-67A8EFC74C18}HKEY_CLASSES_ROOTTypeLib{3222FE43-306C-4831-B46B-A157B2986DD0}HKEY_CLASSES_ROOTTypeLib{4AEDB174-8B9C-4DE7-8276-C7B60E0F6896}HKEY_CLASSES_ROOTTypeLib{682DC0F3-19A4-450A-97FF-EEEB81554ED5}HKEY_CLASSES_ROOTTypeLib{75BC0CC2-74B3-46A5-BDC5-2D311D479049}HKEY_CLASSES_ROOTTypeLib{77CADC3F-6244-44DD-96E9-C3D84C0686D1}HKEY_CLASSES_ROOTTypeLib{80519B95-F63A-4F69-AAEE-D5BB9ACBA0B2}HKEY_CLASSES_ROOTTypeLib{8C023226-642E-43D0-8D64-BD6E628CB012}HKEY_CLASSES_ROOTTypeLib{D2C2BC73-37AC-4F34-8C1C-8688C3DFAD7A}HKEY_CLASSES_ROOTTypeLib{E9A68ED9-D34F-4F41-91ED-ACC4370DE537}