Mal/SpyEye-B is a variant of a well-known spyware infection known as SpyEye. Mal/SpyEye-B has recently been associated with an email scam that uses fake Facebook notifications and email messages in order to try to install Mal/SpyEye-B on the victim’s computer system. The main purpose of a Mal/SpyEye-B infection is to gain access to a computer user’s sensitive data, including banking information, account numbers and passwords, and credit card details. If you suspect that your computer system has become infected with Mal/SpyEye-B, it is very important to remove Mal/SpyEye-B immediately with a reliable anti-malware program. Email scams like the previously-mentioned fake Facebook email have been associated with Spy Eye variants for a long time. In recent months, ESG security researchers have observed fake emails from the IRS, air lines, and courier services all containing links or attachments with some variants of the SpyEye malware threat.
How the Mal/SpyEye-B Infection Protects Itself from Removal and Detection
It is not coincidence that Mal/SpyEye-B and other variants of SpyEye are among the most common spyware infections that hackers use today. Mal/SpyEye-B can be shrunk to very small file sizes that can prevent many anti-malware scanners from detecting Mal/SpyEye-B until it is too late. Mal/SpyEye-B’s code is also heavily obfuscated, which can make Mal/SpyEye-B difficult to detect and, more importantly, difficult for PC security researchers to study and understand. ESG malware researchers have also observed that the code of Mal/SpyEye-B and the way its files work are all non-intuitive and difficult to follow and delete without the help of an automated anti-malware program.
One of the main reasons why Mal/SpyEye-B is so difficult to remove is that Mal/SpyEye-B will inject itself into running processes, rather than create its own file process in the Task Manager. This means that once Mal/SpyEye-B has launched, stopping Mal/SpyEye-B is quite difficult without stopping essential Windows file processes like explorer.exe. Also, due to the fact that not all of the Mal/SpyEye-B infection is located in a single place, PC security analysts have observed that Mal/SpyEye-B can reinstall itself and restore its own component if any of its files are deleted or if Mal/SpyEye-B is removed incompletely by a security application. Some variants of Mal/SpyEye-B even use rootkit techniques that allow Mal/SpyEye-B’s files to remain undetected on the victim’s computer system and its changes to the Windows Registry to remain hidden.
How Can You Detect Mal/SpyEye-B?
Mal/SpyEye-B Removal Details
Mal/SpyEye-B has typically the following processes in memory:
- C:\Documents and Settings\test user\Application Data\jxiz.exe
Mal/SpyEye-B creates the following registry entries:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Taskman = C:\Documents and Settings\test user\Application Data\jxiz.exe