Spyware Part 2

Winzix : It is a typical spyware that load bunch of spyware and adware which will crash you system or make the system to malfunction. According to Symantec the report of Winzix is as follows


Symantec Security Response
http://www.symantec.com/security_response/index.jsp
WinZix
Updated:July 12, 2007 1:37:27 PM
Type:Potentially Unwanted App
Name:Winzix
Publisher:Winzix
Risk Impact:Low
Systems Affected:Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows Server 2003, Windows 2000
SUMMARY

Behavior
WinZix is a potentially unwanted application that may download other programs on to the computer.

Antivirus Protection Dates
Initial Rapid Release version July 10, 2007 revision 017
Latest Rapid Release version April 29, 2011 revision 036
Initial Daily Certified version July 10, 2007 revision 017
Latest Daily Certified version April 29, 2011 revision 037
Initial Weekly Certified release date July 11, 2007
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
TECHNICAL DETAILS
When the program is executed, it displays the following interface:

It then creates the following files:
C:\Documents and Settings\All Users\Start Menu\Programs\WinZix\Uninstall WinZix.lnk
%ProgramFiles%\WinZix\Flexi.skf
%ProgramFiles%\WinZix\SkinCrafterDll.dll
%ProgramFiles%\WinZix\unins000.dat
%ProgramFiles%\WinZix\unins000.exe
%UserProfile%\Desktop\WinZix-2.0-setup-0514.exe
C:\Documents and Settings\All Users\Start Menu\Programs\WinZix\WinZix.lnk
%ProgramFiles%\WinZix\minime.exe
%ProgramFiles%\WinZix\WinZix.exe
%ProgramFiles%\WinZix\WinZixManager.dll
%UserProfile%\Desktop\WinZix.lnk

Next, the program creates the following registry subkeys:
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZixManager
HKEY_CLASSES_ROOT\.zix
HKEY_CLASSES_ROOT\CLSID\{EE91F4CC-6BA2-424C-A1FE-64910CCB6A42}
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\WinZixManager
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\WinZixManager
HKEY_CLASSES_ROOT\Interface\{41CA7D4D-AE77-4B13-9459-E9AB7EFECAAD}
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-zix
HKEY_CLASSES_ROOT\TypeLib\{10954590-2B3A-41EC-97BB-C95A5E646DA9}
HKEY_CLASSES_ROOT\WinZixManager.WinZixShell
HKEY_CLASSES_ROOT\winzix
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZix_is1

The program also creates the following registry entries:
HKEY_CLASSES_ROOT\WinZixManager.WinZixShell.1\"Default" = "WinZixShell Class"
HKEY_CLASSES_ROOT\WinZixManager.WinZixShell.1\CLSID\"Default" = "{EE91F4CC-6BA2-424C-A1FE-64910CCB6A42}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{EE91F4CC-6BA2-424C-A1FE-64910CCB6A42}" = "WinZixShell extension"

The program may then download a copy of Adware.Lop on to the computer.

This is a information of Winzix from Symantec Corporation

Next Spyware i want to talk about it 3wPlayer:

3wPlayer is a rogue media player software application bundled with trojans that can infect computers running Microsoft Windows. It is designed to exploit users who download video files, instructing them to download and install the program in order to view the video. The 3wPlayer employs a form of social engineering to infect computers. Seemingly desirable video files, such as recent movies, are released via BitTorrent or other distribution channels. These files resemble conventional AVI files, but are engineered to display a message when played on most media player programs, instructing the user to visit the 3wPlayer website and download the software to view the video. The 3wPlayer is infected with Trojan.Win32.Obfuscated.According to Symantec, 3wPlayer "may download" a piece of adware they refer to as Adware.Lop, which "adds its
own toolbar and search button to Internet Explorer".

Also another Software that is DivoCodec and X3Codec

The DivoCodec or Divo Codec or X3Codec has also been identified as a trojan similar to 3wPlayer. Users are instructed to download the codec in order to view or play an AVI/MP4/MP3/WMA file, often downloaded via P2P programs.
Instead of actual codecs, DivoCodec installs malware on the users computer. The DivoCodec is polymorphic and can change its structure. It has also been known to write to another process' virtual memory (process hijacking).