Spy Heal Ransomware

Spy Heal virus description
Technical details:
Categories: Ransomware

Spy Heal Folders:
[%PROGRAMS%]\SpyHeal
[%PROGRAMS%]\SpyHeal 2.5
[%PROGRAMS%]\SpyHeal 2.6
[%PROGRAMS%]\SpyHeal 3.3
[%PROGRAMS%]\SpyHeal 3.5
[%PROGRAMS%]\SpyHeal 3.7
[%PROGRAMS%]\SpyHeal 3.8
[%PROGRAMS%]\SpyHealer
[%PROGRAMS%]\SpyHeals
[%PROGRAM_FILES%]\SH\SpyHeal 2.4
[%PROGRAM_FILES%]\SH\SpyHeal 2.5
[%PROGRAM_FILES%]\SH\SpyHeal 2.6
[%PROGRAM_FILES%]\SH\SpyHeal 2.7
[%PROGRAM_FILES%]\SH\SpyHeal 2.8
[%PROGRAM_FILES%]\SH\SpyHeal 2.9
[%PROGRAM_FILES%]\SH\SpyHeal 3.1
[%PROGRAM_FILES%]\SH\SpyHeal 3.2
[%PROGRAM_FILES%]\SH\SpyHeal 3.3
[%PROGRAM_FILES%]\SH\SpyHeal 3.4
[%PROGRAM_FILES%]\SH\SpyHeal 3.5
[%PROGRAM_FILES%]\SH\SpyHeal 3.6
[%PROGRAM_FILES%]\SH\SpyHeal 3.7
[%PROGRAM_FILES%]\SH\SpyHeal 3.8
[%PROGRAM_FILES%]\Spy-Heal
[%PROGRAM_FILES%]\SpyHeal
[%PROGRAM_FILES%]\SpyHealer
[%PROGRAM_FILES%]\SpyHeals
[%STARTMENU%]\Programs\SpyHeal 2.6

Spy Heal Files:
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Spy-Heal 2.1.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyHeal 2.5.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyHeal 2.6.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyHeal 2.9.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyHeal 3.3.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyHeal 3.5.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyHeal 3.8.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyHealer 2.2.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyHeals 2.3.lnk
[%DESKTOP%]\SpyHeal 2.6.lnk
[%DESKTOP%]\SpyHeal 3.8.lnk
[%DESKTOP%]\SpyHealer.lnk
[%DESKTOP%]\SpyHeals.lnk
[%PROGRAMS%]\Spy-Heal\Spy-Heal 2.1 Website.lnk
[%PROGRAMS%]\Spy-Heal\Spy-Heal 2.1.lnk
[%PROGRAMS%]\Spy-Heal\Uninstall Spy-Heal 2.1.lnk
[%PROGRAM_FILES%]\SH\SpyHeal 3.3\SpyHeal 3.3.exe
[%PROGRAM_FILES%]\SH\SpyHeal 3.8\SpyHeal 3.8.exe
[%PROGRAM_FILES%]\Spy-Heal\Spy-Heal.exe
[%STARTMENU%]\Spy-Heal 2.1.lnk
[%STARTMENU%]\SpyHeal 2.1.lnk
[%STARTMENU%]\SpyHeal 2.5.lnk
[%STARTMENU%]\SpyHeal 2.6.lnk
[%STARTMENU%]\SpyHeal 2.9.lnk
[%STARTMENU%]\SpyHeal 3.3.lnk
[%STARTMENU%]\SpyHeal 3.5.lnk
[%STARTMENU%]\SpyHeal 3.8.lnk
[%STARTMENU%]\SpyHealer 2.2.lnk
[%STARTMENU%]\SpyHeals 2.3.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Spy-Heal 2.1.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyHeal 2.5.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyHeal 2.6.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyHeal 2.9.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyHeal 3.3.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyHeal 3.5.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyHeal 3.8.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyHealer 2.2.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\SpyHeals 2.3.lnk
[%DESKTOP%]\SpyHeal 2.6.lnk
[%DESKTOP%]\SpyHeal 3.8.lnk
[%DESKTOP%]\SpyHealer.lnk
[%DESKTOP%]\SpyHeals.lnk
[%PROGRAMS%]\Spy-Heal\Spy-Heal 2.1 Website.lnk
[%PROGRAMS%]\Spy-Heal\Spy-Heal 2.1.lnk
[%PROGRAMS%]\Spy-Heal\Uninstall Spy-Heal 2.1.lnk
[%PROGRAM_FILES%]\SH\SpyHeal 3.3\SpyHeal 3.3.exe
[%PROGRAM_FILES%]\SH\SpyHeal 3.8\SpyHeal 3.8.exe
[%PROGRAM_FILES%]\Spy-Heal\Spy-Heal.exe
[%STARTMENU%]\Spy-Heal 2.1.lnk
[%STARTMENU%]\SpyHeal 2.1.lnk
[%STARTMENU%]\SpyHeal 2.5.lnk
[%STARTMENU%]\SpyHeal 2.6.lnk
[%STARTMENU%]\SpyHeal 2.9.lnk
[%STARTMENU%]\SpyHeal 3.3.lnk
[%STARTMENU%]\SpyHeal 3.5.lnk
[%STARTMENU%]\SpyHeal 3.8.lnk
[%STARTMENU%]\SpyHealer 2.2.lnk
[%STARTMENU%]\SpyHeals 2.3.lnk

Spy Heal Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{8AC99A2F-17F7-2E97-A7F8-6D9EF8B99CC4}
HKEY_CLASSES_ROOT\CLSID\{96E6B1C3-B5D0-89CC-4909-92D85A48B1A0}
HKEY_CLASSES_ROOT\CLSID\{B0CB769E-2057-5D37-EA39-F7F57583005F}
HKEY_CLASSES_ROOT\Interface\{0A00FD69-DF2A-469D-85F1-8522A16DBAE5}
HKEY_CLASSES_ROOT\Interface\{0A479D87-72AC-4DCE-A3F1-FDC882390F60}
HKEY_CLASSES_ROOT\Interface\{0F6DC152-7399-4244-88D4-404EADFB6F82}
HKEY_CLASSES_ROOT\Interface\{131706D3-7294-4EDC-BA4B-5290BAB9FB36}
HKEY_CLASSES_ROOT\Interface\{161D399B-0789-4402-864E-F4347690BD48}
HKEY_CLASSES_ROOT\Interface\{16737204-F9B6-45D0-BA08-EC632ACA96EA}
HKEY_CLASSES_ROOT\Interface\{199938D5-4818-438F-87E3-2F4F20DA0686}
HKEY_CLASSES_ROOT\Interface\{1AC3AD58-7689-4503-85C4-CCAA138FF8E2}
HKEY_CLASSES_ROOT\Interface\{1D83415C-7B92-4B77-94B7-805CAD5BE234}
HKEY_CLASSES_ROOT\Interface\{22C0F9FE-1453-4925-A7C9-7D118611770E}
HKEY_CLASSES_ROOT\Interface\{241D6A46-E756-47C2-A95D-CB63313A5FAB}
HKEY_CLASSES_ROOT\Interface\{292CFF41-7F46-4A29-A000-0EC2F5C7B311}
HKEY_CLASSES_ROOT\Interface\{2E0ED423-67B0-4C73-BADB-57D673A92E92}
HKEY_CLASSES_ROOT\Interface\{308F3F85-665A-4090-B3FB-C8D1058A48F8}
HKEY_CLASSES_ROOT\Interface\{310E0349-3292-47AE-A0A9-4E69E1A41A16}
HKEY_CLASSES_ROOT\Interface\{3370A970-3DD4-45A7-A7DE-51E9BBA21687}
HKEY_CLASSES_ROOT\Interface\{342FA421-0EAA-4D47-8EB6-BEAA035098C5}
HKEY_CLASSES_ROOT\Interface\{37EEB3B8-A21E-4799-9266-9EC7D945674B}
HKEY_CLASSES_ROOT\Interface\{39C781BB-D051-46D7-AC41-9E8DD70EB6AC}
HKEY_CLASSES_ROOT\Interface\{3BEE5AE6-A4D8-4FD3-B5D5-1385CEA2A22C}
HKEY_CLASSES_ROOT\Interface\{3E1ED656-24DE-4BF4-B72E-60F28DA679C0}
HKEY_CLASSES_ROOT\Interface\{41417555-4052-47C1-A7DF-C5A2B869F98E}
HKEY_CLASSES_ROOT\Interface\{434C8718-A0BD-4D67-A4B4-E8E93DE6F462}
HKEY_CLASSES_ROOT\Interface\{46593BFA-1D7A-4A56-90EE-88E852649F3D}
HKEY_CLASSES_ROOT\Interface\{4A7CC1B7-3BA5-4CF6-8098-56D315EBEE11}
HKEY_CLASSES_ROOT\Interface\{4AE0048E-4C88-43DE-BBCC-2530A2C24634}
HKEY_CLASSES_ROOT\Interface\{544F9A30-7A37-4E83-95BF-704131C6B928}
HKEY_CLASSES_ROOT\Interface\{55DADDE6-2501-415A-BC5F-6F75D6E771C5}
HKEY_CLASSES_ROOT\Interface\{58F394DC-8F9C-41AF-99A8-0C5DBD830512}
HKEY_CLASSES_ROOT\Interface\{66BC37E5-67AA-4383-950A-3CC1C4ECA062}
HKEY_CLASSES_ROOT\Interface\{6A618662-5687-4B32-AC43-CBCDEBCECC34}
HKEY_CLASSES_ROOT\Interface\{6C6E6CB6-8156-4901-AA42-B535181D17A3}
HKEY_CLASSES_ROOT\Interface\{6D8D02FB-2877-40CF-8325-B6FFEC0811DA}
HKEY_CLASSES_ROOT\Interface\{718A5FDA-8DF6-4170-8510-5D1FFDA34D04}
HKEY_CLASSES_ROOT\Interface\{71E95C13-D4E4-4988-B848-A6B34FDA0858}
HKEY_CLASSES_ROOT\Interface\{775AD947-7128-4774-8623-55FADB5F74BB}
HKEY_CLASSES_ROOT\Interface\{77DF43A0-4CD3-4BE1-B4FC-8B9F3857CBB6}
HKEY_CLASSES_ROOT\Interface\{7A8EB3CB-2B62-43B6-A7F7-8D4A2114FBD9}
HKEY_CLASSES_ROOT\Interface\{7FB0A17F-60E7-47C6-BBF8-00A0427CF8EF}
HKEY_CLASSES_ROOT\Interface\{80787CB9-2E40-42BA-927A-C7E09C2C3D2E}
HKEY_CLASSES_ROOT\Interface\{813F7051-445D-4F92-ADC3-BA458DD03AC0}
HKEY_CLASSES_ROOT\Interface\{82ED1459-4A02-485D-9C6E-D43F8FDA54F0}
HKEY_CLASSES_ROOT\Interface\{8418663C-4874-4F9A-A006-DBEB97E115AD}
HKEY_CLASSES_ROOT\Interface\{8458EDF5-1DFD-4BF0-95AC-1D7463031D92}
HKEY_CLASSES_ROOT\Interface\{848AD4FF-1DC0-4EC5-9036-2F166DC07BE4}
HKEY_CLASSES_ROOT\Interface\{855C1A79-4F7F-4D77-8B4B-160CF205F7E4}
HKEY_CLASSES_ROOT\Interface\{85953437-B661-4DC1-98A6-FC7005B710FC}
HKEY_CLASSES_ROOT\Interface\{87664F4C-697D-437E-BF90-2FD7C6C0B04C}
HKEY_CLASSES_ROOT\Interface\{87D82DBC-3B2E-4612-99EE-124010E69D0F}
HKEY_CLASSES_ROOT\Interface\{8D645EF2-3C9C-4E8B-8C21-6A7099C3165B}
HKEY_CLASSES_ROOT\Interface\{984281D2-E2E0-442D-A2DD-88638F2CE04C}
HKEY_CLASSES_ROOT\Interface\{9C66014E-500A-4179-8E64-31E23F3DA3D8}
HKEY_CLASSES_ROOT\Interface\{9D5ADF27-B3F9-493D-A15E-AB019B9FD18B}
HKEY_CLASSES_ROOT\Interface\{9DE6DA81-E460-4E25-937D-A3EE1E6FCA27}
HKEY_CLASSES_ROOT\Interface\{A1D7C45E-BB89-41BA-97CD-E18B09CD51F8}
HKEY_CLASSES_ROOT\Interface\{A5412848-95E8-447A-9167-089694F0E5B2}
HKEY_CLASSES_ROOT\Interface\{AA83A138-86EF-45D7-B972-B826958F9C60}
HKEY_CLASSES_ROOT\Interface\{AAE068B1-0ED6-4D2F-A608-DB1371444036}
HKEY_CLASSES_ROOT\Interface\{AE497FA2-B6E8-4857-81F7-BE93AB48DFAD}
HKEY_CLASSES_ROOT\Interface\{B688F097-1064-414F-B287-A9940CF4421C}
HKEY_CLASSES_ROOT\Interface\{BC9BE2E2-423B-4626-988B-B4313E841042}
HKEY_CLASSES_ROOT\Interface\{BE579BF7-654E-4F8A-8644-71DD3ED764AE}
HKEY_CLASSES_ROOT\Interface\{C24A6A6B-2A18-4813-B997-9CF341121673}
HKEY_CLASSES_ROOT\Interface\{C5BB6E2B-6CB5-4AAD-AEF7-2484D3E04EEF}
HKEY_CLASSES_ROOT\Interface\{CA7F252B-D8BA-41A7-AF42-C6A2B963196C}
HKEY_CLASSES_ROOT\Interface\{CC46AF02-F1CA-423E-AC2D-269D2702DCF4}
HKEY_CLASSES_ROOT\Interface\{CDCD8646-681B-4CCD-9A74-D029F2F5FCE4}
HKEY_CLASSES_ROOT\Interface\{D057A1BA-B65F-4226-8118-B9DE5FC61F91}
HKEY_CLASSES_ROOT\Interface\{D3A4539E-86FE-4C7F-A16B-A52577D077D8}
HKEY_CLASSES_ROOT\Interface\{D99B591E-0F66-4899-9613-F1FE4EFD8623}
HKEY_CLASSES_ROOT\Interface\{DE6C3EBE-8828-4184-8B30-6CF92CB8A366}
HKEY_CLASSES_ROOT\Interface\{E03200E7-09E7-4425-AEC7-F791F8BD8D80}
HKEY_CLASSES_ROOT\Interface\{E57F7200-0C4F-432A-9430-CEF414547B32}
HKEY_CLASSES_ROOT\Interface\{E7137690-A900-4F77-824E-EC0177D74FD0}
HKEY_CLASSES_ROOT\Interface\{E82867DE-72F0-43AE-AFD8-C10AA5B664DE}
HKEY_CLASSES_ROOT\Interface\{EA611C24-572F-448F-AD9F-D515DCD50037}
HKEY_CLASSES_ROOT\Interface\{EF215DAD-8E52-4C75-B779-5093B3855E79}
HKEY_CLASSES_ROOT\Interface\{EF884BC1-EE64-4E8B-AE3D-84037A0D1606}
HKEY_CLASSES_ROOT\Interface\{F78F28D0-7D4C-42C5-A456-020B8112D01F}
HKEY_CLASSES_ROOT\Interface\{FAE3AD64-3F3A-4417-8F4F-0C7AE7A5C724}
HKEY_CLASSES_ROOT\TypeLib\{2A762197-1159-441E-BE28-4160C5494A66}
HKEY_CLASSES_ROOT\TypeLib\{4E429148-DA39-4B08-AB95-BB7FE2959C5B}
HKEY_CLASSES_ROOT\TypeLib\{60320E38-7909-44F7-81CA-2AF6B480705E}
HKEY_CLASSES_ROOT\TypeLib\{9903018A-A019-4DCF-B555-997A3C6571FE}
HKEY_CLASSES_ROOT\TypeLib\{BE9DD753-BB1A-4B56-9A06-5BD5E02C90AE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Spy-Heal.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyHeal.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyHealer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyHeals.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spy-Heal
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHeal
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHeal 2.6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHeal 3.3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHeal 3.5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHeal 3.8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHealer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHeals
HKEY_LOCAL_MACHINE\SOFTWARE\Spy-Heal
HKEY_LOCAL_MACHINE\SOFTWARE\SpyHeal
HKEY_LOCAL_MACHINE\SOFTWARE\SpyHeal 2.5
HKEY_LOCAL_MACHINE\SOFTWARE\SpyHeal 2.6
HKEY_LOCAL_MACHINE\SOFTWARE\SpyHeal 2.7
HKEY_LOCAL_MACHINE\SOFTWARE\SpyHeal 2.8
HKEY_LOCAL_MACHINE\SOFTWARE\SpyHeal 3.3
HKEY_LOCAL_MACHINE\SOFTWARE\SpyHeal 3.5
HKEY_LOCAL_MACHINE\SOFTWARE\SpyHeal 3.6
HKEY_LOCAL_MACHINE\SOFTWARE\SpyHeal 3.7
HKEY_LOCAL_MACHINE\SOFTWARE\SpyHeal 3.8
HKEY_LOCAL_MACHINE\SOFTWARE\SpyHealer
HKEY_LOCAL_MACHINE\SOFTWARE\SpyHeals

Spy Heal Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyHeal.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyHealer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyHeals.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Spy Heal indications of infection

This symptoms of Spy Heal detection are the files, registry, and network communication referenced in the technical details section.
Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial.Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.
Buy Exterminate-It antivirus software and perform a full scan of the computer.
You can also Download Free Trial Version of ExterminateIt! to check your your computer just NOW.

Also Be Aware of the Following Threats:
Removing Small.ab Trojan
NeuroticKat Trojan Removal
Bancos.GTF Trojan Symptoms
WebAware Trojan Removal
Removing Need2Find Adware

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)