Home / malware MonitoringTool:Win32/Beyond
First posted on 14 February 2013.
Source: MicrosoftAliases :
MonitoringTool:Win32/Beyond is also known as not-a-virus:Monitor.Win32.BeyondKeyLogger.ir (Kaspersky), Potentially harmful program Logger.AIJH (AVG), Trojan.Spy.KeyLogger!4D4E (Rising AV).
Explanation :
Installation
Monitoringtool:Win32/Beyond is a tool that may be downloaded from the Internet. When installed, it is not listed in Task Manager, the Windows taskbar, system tray, or Start menu. It also hides its files.
It is installed in a hidden subfolder in %ProgramFiles%, which has a random name, with the file name "izbgnl.exe". It also installs its DLL component in the Windows system folder using the naming format "ms<random letters>.dll".
To make sure it automatically runs every time Windows starts, it creates a registry entry with a random name under the subkey HKLM\Software\Microsoft\Windows\CurrentVersion\Run.
Behavior
Monitoringtool:Win32/Beyond can do the following:
- Record instant messages
- Monitor your running programs
- Take screenshots of your desktop
- Send reports to a remote location via email or FTP
- Record microphone sounds
- Generate HTML reports
- Disable programs that warn against keylogging software
- Disable other unwanted software
- Filter the accounts of monitored users
- Block unwanted URLs
Its user interface may look like:
Analysis by Mihai Calota
Last update 14 February 2013
