Download the latest scan engine


In the wild: No

Destructive: No

Language: English

Systems affected: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:


Reported detections:


System  impact:


Information exposure:



A spyware is a program that monitors and gathers user information for different purposes. Spyware programs usually run in the background, with their activities transparent to most users. Many users inadvertently agree to installing spyware by accepting the End User License Agreement (EULA) on certain free software.

Many users consider spyware an invasive form of data gathering. Spyware may also cause a general degradation in both network connection and system performance.

The state of California classifies spyware as: programs that are installed under deceptive circumstances; software that hides in personal computers; software that secretly monitors user activity; keylogging software; and software that collects Web browsing histories.


Initial samples received on:  Oct 18, 2007

File type: PE

File size: 94,208 Bytes



This spyware may be dropped by WORM_AUTORUN.HON.

It is used to export function used by other malwares to perform their malicious routines. It is injected by the main component into various running processes on an affected system to make its detection and removal difficult.

However, it needs its main component in order to execute and perform its own routines.

Analysis by:  Marfel Tiamzon


Minimum scan engine version needed: 8.700

Download the latest scan engine

Virus pattern version needed : 4.785.00

Pattern release date:  Oct 18, 2007

Important note: The "Minimum scan engine" refers to the earliest Trend Micro scan engine version guaranteed to detect this threat. However, Trend Micro strongly recommends that you update to the latest version in order to get comprehensive protection. Download the latest scan engine here.


For Windows ME and XP users, before doing any scans, please make sure you disable System Restore to allow full scanning of your computer.

 Step 1: Remove malware files dropped/downloaded by TSPY_ONLINEG.KDM  

 Step 2: Scan your computer with your Trend Micro product to delete files detected as TSPY_ONLINEG.KDM  

*Note: If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.