This Trojan steals confidential data. It is a Windows PE EXE file. The Trojancomponents vary in size from 39 to 48KB. InstallationWhen launching, the Trojan extracts the following file from its body: %System%\msvcrl.dll – this file is 39 424 bytes in size and is packedusing UPX. The Trojan gets the path to Internet Explorer and modifies iexplore.exe, byadding an import from %System%\scvcrl.dll to the import table This ensures that the Trojan file will be loaded every time Microsoft InternetExplorer is launched. The original Trojan file will then be deleted. The Trojan harvests passwords from the data files of the following instantmessenging clients: QIP2005TrillianMSN MessengerYahoo MessengerAOLMiranda The Trojan also harvests passwords to FTP servers from the configuration filesof the following FTP clients: WS_FTPTotal CommanderCuteFTPFAR It harvests account passwords from the configuration files of the followingmail clients: TheBatOutlook ExpressOutlook It also harvests the IE Auto Complete Fields dictionary. The Trojan hooks the following API functions: InternetReadFileInternetOpenURL This enables it to track which sites a user visits. The Trojan also interceptsdata which is entered in web forms and transmitted in Internet Explorer. In addition, when addresses are opened in Internet Explorer which coincidewith an address coded into the Trojan, the Trojan will redirect the browserto the remote malicious user’s site. Harvested information will be sent in an HTTP request to the remote malicioususer's site. If your computer does not have an up-to-date antivirus, or does not have anantivirus solution at all, follow the instructions below to delete the maliciousprogram: - Use Task Manager to terminate all iexplore.exe processes.
- Delete the following file:
%System%\msvcrl.dll - Restore the original iexplore.exe file using the Windows installationdisk.
- Update your antivirus databases and perform a full scan of thecomputer (download a trial version of Kaspersky Anti-Virus).
Printed From:http://www.viruslist.com/en/viruses/encyclopedia?virusid=135929
Similar Virus/Threat >>
Trojan-Spy.Win32.KeyLogger.lb
This Trojan tracks the user's keystrokes. This Trojan is a Windows DLL file.It is 72,192 bytes in size. It is written in Delphi. InstallationThis Trojan will be installed on the victim machine by...
Trojan-Spy.Win32.Tofger.aa
This Trojan tracks the user's keystrokes. This Trojan is a Windows DLL file.This file will be used by other Trojan programs which are designed to stealconfidential data. It is 3,072 bytes in...
Trojan-Spy.Win32.KeyLogger.e
This Trojan tracks the user's keystrokes, and is designed to steal confidentialinformation. It is a Windows PE EXE file. It is written in Visual Basic. Itis 920,576 bytes in size. It is packed...
Trojan-Spy.Win32.QQSpy.12.a
This Trojan is designed to steal confidential data. It is a Windows PE EXEfile. It is written in Delphi. It is 193,024 bytes in size.The Trojan creates the following system registry...
Trojan-Spy.Win32.KeyLogger.p
This Trojan tracks the user's keystrokes, and is designed to steal confidentialinformation. It is a Windows PE EXE file. It is 136,192 bytes in size. Itis not packed in any way. It is written in...
Trojan-Spy.Win32.KeyLogger.h
This Trojan tracks the user's keystrokes, and is designed to steal confidentialinformation. It is a Windows PE EXE file. It is 376,832 bytes in size. Itis not packed in any way. It is written in...
Trojan-Spy.Win32.PcGhost.413
This Trojan is designed to steal confidential data. It is a Windows PE EXEfile. It is written in Delphi. It is 275,456 bytes in size.InstallationThis Trojan will be installed to the victim...
Trojan-Spy.Win32.PcGhost.400
This Trojan is designed to steal confidential data. It is a Windows PE EXEfile. It is written in Delphi. It is 273,920 bytes in size.InstallationThis Trojan will be installed to the victim...
Trojan-Spy.Win32.PcGhost.340
This Trojan is designed to steal confidential data. It is a Windows PE EXEfile. It is written in Delphi. It is 241,152 bytes in size.InstallationThis Trojan will be installed to the victim...
Trojan-Spy.Win32.Dks.131.b
This Trojan logs the user’s keystrokes. It is a Windows PE EXE file.It is written in Visual C++. The file is 6,144 bytes in size. The file is packedusing UPX. The unpacked file is...
Trojan-Spy.Win32.Small.a
This Trojan is designed to intercept information entered via the keyboard.The program itself is a Windows PE EXE file. It is 4,096 bytes in size. Itis packed using UPX. The unpacked file is...
Trojan-Spy.Win32.Banker.cmp
This Trojan program is designed to steal confidential data. It is a WindowsPE EXE file, and is 34304 bytes in size. It is packed using a customized packer.The Trojan copies itself to...
Trojan-Spy.Win32.Dks.131.a
This Trojan logs the user’s keystrokes. It is a Windows PE EXE file.It is written in Visual C++. The file is 6,144 bytes in size. The file is packedusing UPX. The unpacked file is...
Trojan-Spy.Win32.Banker.ckj
This Trojan intercepts confidential user data. It is a Windows PE EXE file,29KB in size, packed using MEW. The unpacked file is approximately 225KB insize.InstallationWhen launched, the Trojan...
Trojan-Spy.Win32.VB.oq
|
