dwspyxx.dll spyware?

  • Borrow -A- Geek
  • Professor
  • Professor
  • User avatar
  • Posts: 763
  • Loc: Dallas/Ft Worth, Texas

Post 3+ Months Ago

ok i found a file on my computer called dwspy36 and dwspy5.dll i found it because the developer of a program that i bought told me that this file may be cause his app to crash my system. and instructed me to remove it. so i do a search on the net for dwspy36.dll and came up with a bunch of keylogger and spy utilities. after some further serach i came to the conclusion that the dw stands for data window which is used for visual basic runtime libraries but that all i have so far. i checked my other computer and it has this same file onit. just curious if anyone else has ever heard of this file or know what it possible is mainly used for...
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Bigwebmaster
  • Site Admin
  • Site Admin
  • User avatar
  • Posts: 9090
  • Loc: Seattle, WA & Phoenix, AZ

Post 3+ Months Ago

I just searched my computer for that file, an I do not have it. Maybe someone else has it on their computer. Kind of interesting that both your computers have it, must be some common piece of software you have on both of them that gave it to you.
  • Borrow -A- Geek
  • Professor
  • Professor
  • User avatar
  • Posts: 763
  • Loc: Dallas/Ft Worth, Texas

Post 3+ Months Ago

sorry i forgot to put dll at the end of the file but what i have is dwspy36.dll but there are other files with the prefix of dw in the same directory of c:\windows\system32\
  • Bigwebmaster
  • Site Admin
  • Site Admin
  • User avatar
  • Posts: 9090
  • Loc: Seattle, WA & Phoenix, AZ

Post 3+ Months Ago

I just checked that directory now, and yup still nonthing. I have no files that start with dw
  • Jimmie
  • Graduate
  • Graduate
  • User avatar
  • Posts: 187
  • Loc: Ft Worth TX

Post 3+ Months Ago

nothing here either....
  • Borrow -A- Geek
  • Professor
  • Professor
  • User avatar
  • Posts: 763
  • Loc: Dallas/Ft Worth, Texas

Post 3+ Months Ago

[blur]hmmmm Vewwy Intewwesting.....[/blur]
  • JimCooper
  • Born
  • Born
  • JimCooper
  • Posts: 1

Post 3+ Months Ago

The dll is from spyworks and is a VB support library

http://www.hallogram.com/spyworks/prover6.html
  • ScarletBegonia
  • Born
  • Born
  • ScarletBegonia
  • Posts: 1

Post 3+ Months Ago

The dll is from a keylogger program called True Active Computer Activity Monitor, formerly known as Winwhatwhere. It logs and records every keystroke made from the system and saves screen capture images every 30 seconds (by default.) It can even send the reports by stealth email to any address specified. It is usually installed onto your computer physically. Theoretically, this program can be used for just about anything someone wanted - A mother monitoring her kids on the internet, a suspicious spouse/partner, an employer monitoring employees, or some hacker looking for passwords, etc. Regardless of how it got there, it means that your keystrokes are being recorded. You may want to consider installing a cleaner, or formatting your drive to get rid of it. The program runs stealth, but if you'll know its there if in your Program Files directory, you see a folder named TAM. Good luck.
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

in any case, install a firewall, if you haven't... better safe than sorry. It will tell you if any app on your machine is initiating outbound sessions. Don't use ZoneAlarm. There are a bunch out there. I use Kerio. Its easy, works great and is 100% free for home use.

.c
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

^^*points up^^ Thanks for the input both to ScarletBegonia and Carnix. I "pointed up" to note that this post is almost a half year old and the original poster only gets here when he can now-a-days. The point is, it's nice to see fresh ideas on old topics! Especially good ones like these. Now people that find this topic on Google will have some better info to go on!

:thumbsup:
  • Gary D
  • Born
  • Born
  • Gary D
  • Posts: 1

Post 3+ Months Ago

I have just found these two files today "dwspy5.dll" and "dwspyvb.dll". The curios thing is that the file's modification dates are like in the year 2058! Very strange. I was wondering if these files have anything to do with Remote Desktop aka Terminal Services? If you are in a Remote session maybe the PC your working on logs the keystrokes and transmits them to the remote PC to carry out tasks there? Does anyone else know of these files 'cos my immediate thoughts were 'OH No .....I've got a Key Logger'
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

Well, the origins of these files are mentioned in this thread already. However, it's not out of the realm of possiblilty that TS might use them for that purpose, although it seems like that could be a security risk, not to mean a bit scary (as it was for you) if someone happens to find them. Also, spyware detectors could mis-label those files and break your TS system should they remove those files...

My gut reaction is to say they are not part of Terminal Services (remote destop in XP lingo)...

I ran a search on MSDN and the Microsoft KB for both DLLs (with and without the extension.. you never know) and turned up nothing. Usually, but and patch reports will list DLLs in the packages, so even if there was no description, at least it would show that they are part of some package...

This isn't definitive proof that they are not installed due to a MS product, but I think it's more likely that they are part of another spyware, or adware product. Perhaps not so much as a malicious keylogger to send your keystrokes to a cracker somewhere, but maybe more practically to log things like URLS entered
Code: [ Select ]
if(typedstring =~ m/http:\/\//;){ do something... }
for example... where do something could be save to an internal database for sending to Gator... or create a cookie file for use on some site... or who knows. I consider this malicious, but we all know the debate between so-called "adware" and "spyware"

.c
  • quietside
  • Newbie
  • Newbie
  • User avatar
  • Posts: 12
  • Loc: TAMPA, FLORIDA

Post 3+ Months Ago

Basically.. way back in the years of long ago known as Windows 3.1.... there was a little company known as DesAware, Inc. They offered an easy solution for WINDOWS ERROR REPORTING Features that were added to the WINDOWS 98 Class id....

It is a throw back from 1997 and most dot.net applications use it for functionality.... (see below)

SpyWorks brings advanced Microsoft Windows programming techniques to Microsoft Visual Basic 6.0 and other development tools that support the full Microsoft COM/ActiveX Control specification. SpyWorks has long set the standard for controls that provide low level subclassing and hook technology to extend Microsoft's Visual Basic. These controls allow programmers to intercept the low level message stream for any application in the system or the entire system at once. This is ideal for creating application extensions, implementing systemwide hotkeys or macro recorders, and adding low level features to applications.

It is OK to remove the Files... BUT DO NOT REMOVE the DWWIN.EXE or you will have errors when you encounter errors....

That is a registered MICROSOFT command file ....

just remove the DW**.ocx and DW**.dll files.... and you should be fine.... also check your Applications folder in your DOCUMENTS and SETTINGS and see if there are any strange file folders there... if not.. then you are all good....


Ciao

Quietside :twisted:
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

"SpyWorks"

Probably not the best name for a software development company these days...

Great information, thanks!

.c
  • JimOfMex
  • Born
  • Born
  • JimOfMex
  • Posts: 1
  • Loc: Ajijic, MX

Post 3+ Months Ago

Carnix wrote:
in any case, install a firewall, if you haven't... better safe than sorry. It will tell you if any app on your machine is initiating outbound sessions. Don't use ZoneAlarm. There are a bunch out there. I use Kerio. Its easy, works great and is 100% free for home use.

.c

Don't use ZoneAlarm? I've developed a great deal of confidence in this product. I've installed it on probably 30 machines over a period of several years. All of my experiences have been positive. I have tested ZoneAlarm using utilities that test for effective firewall blocking. All product reviews I've read have been positive. I would not like to think I have made a big mistake. Would you please explain why you make this statement? (When I learn this site better, I will know how to branch discussions into their correct threads ... firewalls in this case.) Thanks in advance.
  • grinch2171
  • Moderator
  • Genius
  • User avatar
  • Posts: 6809
  • Loc: Martinsburg, WV

Post 3+ Months Ago

Congrats, you have revived a post that is over a year old.
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

I've never had a good experience with ZoneAlarm. I've tried using it a number of times on several different systems, and it always had problems.

This thread is actually pretty old now, and since this post, I've noticed Kerio's free version isn't nearly as good as it used to be. Previously, you could configure everything as you would expect in a firewall (packet type, ports, incoming vs outgoing, ip address, ip ranges, etc). ZoneAlarm is pretty limited to configuring whether an application can make or recieve requests (the free one anyway). Now, however, Kerio seems to have moved more toward the way ZA does it in their free version, which is disappointing.

Then again... I've upgraded all of my windows systems to XP / 2003 which has a built in firewall (basic, but just as functional as any other simple free firewall) that seems to work well enough, so I don't really bother with 3rd party software firewalls anymore.

XP's firewall on the local machine, and the built-in hardware firewall on my router. I have never had any problems, though I'm not sure why anyone would bother =]

.c

Post Information

  • Total Posts in this topic: 17 posts
  • Users browsing this forum: No registered users and 58 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.