Mal/SpyEye-B Description

Mal/SpyEye-B is a variant of a well-known spyware infection known as SpyEye. Mal/SpyEye-B has recently been associated with an email scam that uses fake Facebook notifications and email messages in order to try to install Mal/SpyEye-B on the victim's computer system. The main purpose of a Mal/SpyEye-B infection is to gain access to a computer user's sensitive data, including banking information, account numbers and passwords, and credit card details. If you suspect that your computer system has become infected with Mal/SpyEye-B, it is very important to remove Mal/SpyEye-B immediately with a reliable anti-malware program. Email scams like the previously-mentioned fake Facebook email have been associated with Spy Eye variants for a long time. In recent months, ESG security researchers have observed fake emails from the IRS, air lines, and courier services all containing links or attachments with some variants of the SpyEye malware threat.

How the Mal/SpyEye-B Infection Protects Itself from Removal and Detection

It is not coincidence that Mal/SpyEye-B and other variants of SpyEye are among the most common spyware infections that hackers use today. Mal/SpyEye-B can be shrunk to very small file sizes that can prevent many anti-malware scanners from detecting Mal/SpyEye-B until it is too late. Mal/SpyEye-B's code is also heavily obfuscated, which can make Mal/SpyEye-B difficult to detect and, more importantly, difficult for PC security researchers to study and understand. ESG malware researchers have also observed that the code of Mal/SpyEye-B and the way its files work are all non-intuitive and difficult to follow and delete without the help of an automated anti-malware program.

One of the main reasons why Mal/SpyEye-B is so difficult to remove is that Mal/SpyEye-B will inject itself into running processes, rather than create its own file process in the Task Manager. This means that once Mal/SpyEye-B has launched, stopping Mal/SpyEye-B is quite difficult without stopping essential Windows file processes like explorer.exe. Also, due to the fact that not all of the Mal/SpyEye-B infection is located in a single place, PC security analysts have observed that Mal/SpyEye-B can reinstall itself and restore its own component if any of its files are deleted or if Mal/SpyEye-B is removed incompletely by a security application. Some variants of Mal/SpyEye-B even use rootkit techniques that allow Mal/SpyEye-B's files to remain undetected on the victim's computer system and its changes to the Windows Registry to remain hidden.

Technical Information

File System Details

Mal/SpyEye-B creates the following file(s):
# File Name Detection Count
1 C:\Documents and Settings\test user\Application Data\jxiz.exe N/A

Registry Details

Mal/SpyEye-B creates the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Taskman = C:\Documents and Settings\test user\Application Data\jxiz.exe