There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.
Trojan:Win32/Spyeye is a trojan that captures keystrokes and steals login credentials through a method known as "form grabbing". Trojan:Win32/Spyeye sends captured data to a remote attacker, may download updates and has a rootkit component to hide its malicious activity.
What to do now
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:
Trojan:Win32/Spyeye is a trojan that captures keystrokes and steals login credentials through a method known as "form grabbing". Trojan:Win32/Spyeye sends captured data to a remote attacker, may download updates and has a rootkit component to hide its malicious activity.Installation
When run, this trojan makes the following registry modifications to ensure its copy executes at each system start:
In subkey: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Sets value: "<file name>.exe" With data: "<current folder>\<file name>.exe"
If found, Trojan:Win32/Spyeye deletes old copies of itself from the affected computer.
It prevents detection by hooking certain APIs such as the following:
Steals information Trojan:Win32/Spyeye attempts to gather the following information, which it then sends to a remote server:
Bot GUID (a unique identifier associated with the malware)
Current user name
Volume serial number
Process name associated with captured data
Name of hooked API function (for example PR_Write)
Other information specific to computer locale such as:
Operating system version
Downloads updates and arbitrary files Trojan:Win32/Spyeye may download and run updates to itself or other files.