This Trojan intercepts confidential user data. It is a Windows PE EXE file,29KB in size, packed using MEW. The unpacked file is approximately 225KB insize. InstallationWhen launched, the Trojan extracts from itself the following file, which is41,472 bytes in size: %System%\msie.dll The Trojan also registers this file in the system registry, ensuring thatit will be launched each time Windows is booted on the victim machine: [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs" = "%System%\msie.dll" The Trojan then deletes its executable file and ceases running. The Trojan component %System%\msie.dll installs hooks for the following APIfunctions: InternetCrackUrlInternetConnectAHttpOpenRequestAHttpSendRequestAInternetReadFile The Trojan uses these hooks to track user activity on the following sites: ibank.barclays.co.uk/olb/t/LoginMember.do
ibank.barclays.co.uk/olb/t/LoginMembers.do
ibank.barclays.co.uk/olb/t/LoginsMembers.do wellsfargo.com
bankofamerica.com
online.lloydstsb.co.uk
oi.cajamadrid.es
bannerbank.ru
ad.yieldmanager.com
iv.doubleclick.nets e-gold.com/acct/balance.asp
e-gold.com/acct/confirm.asp
e-gold.com/acct/spend.asp
e-gold.com/acct/redeem.asp
e-gold.com/acct/history.asp
e-gold.com/acct/ai.asp
e-gold.com/acct/logout.asp
e-gold.com/acct/acct.asp internetbanking.gad.de
vr-networld-ebanking.de
citibank.de On these sites, the Trojan will intercept information values entered in fieldswith the following names: AccountIDStoreMyNumberPassPhraseTuringAmountautoT1autoT2IdPayee_AccountLoginSpendSchmetterling The Trojan also harvests Microsoft Office account passwords.. The Trojan saves harvested data to the following log files: %System%\info.dat%System%\ms.dat These files are periodically uploaded to the remote malicious user’sFTP server. If your computer does not have an up-to-date antivirus, or does not have anantivirus solution, follow the instructions below to delete the malicious program: - Use Task Manager to terminate the Trojan process.
- Delete the original Trojan file (its location will depend onhow the program originally penetrated the victim machine).
- Delete the following files:
%System%\msie.dll %System%\info.dat %System%\ms.dat - Delete the following registry key parameter:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs" = "%System%\msie.dll" - Update your antivirus databases and perform a full scan of thecomputer (download a trial version of Kaspersky Anti-Virus).
Printed From:http://www.viruslist.com/en/viruses/encyclopedia?virusid=152814
Similar Virus/Threat >>
Trojan-Spy.Win32.KeyLogger.lb
This Trojan tracks the user's keystrokes. This Trojan is a Windows DLL file.It is 72,192 bytes in size. It is written in Delphi. InstallationThis Trojan will be installed on the victim machine by...
Trojan-Spy.Win32.Goldun.ms
This Trojan steals confidential data. It is a Windows PE EXE file. The Trojancomponents vary in size from 39 to 48KB.InstallationWhen launching, the Trojan extracts the following file from its...
Trojan-Spy.Win32.Tofger.aa
This Trojan tracks the user's keystrokes. This Trojan is a Windows DLL file.This file will be used by other Trojan programs which are designed to stealconfidential data. It is 3,072 bytes in...
Trojan-Spy.Win32.KeyLogger.e
This Trojan tracks the user's keystrokes, and is designed to steal confidentialinformation. It is a Windows PE EXE file. It is written in Visual Basic. Itis 920,576 bytes in size. It is packed...
Trojan-Spy.Win32.QQSpy.12.a
This Trojan is designed to steal confidential data. It is a Windows PE EXEfile. It is written in Delphi. It is 193,024 bytes in size.The Trojan creates the following system registry...
Trojan-Spy.Win32.KeyLogger.p
This Trojan tracks the user's keystrokes, and is designed to steal confidentialinformation. It is a Windows PE EXE file. It is 136,192 bytes in size. Itis not packed in any way. It is written in...
Trojan-Spy.Win32.KeyLogger.h
This Trojan tracks the user's keystrokes, and is designed to steal confidentialinformation. It is a Windows PE EXE file. It is 376,832 bytes in size. Itis not packed in any way. It is written in...
Trojan-Spy.Win32.PcGhost.413
This Trojan is designed to steal confidential data. It is a Windows PE EXEfile. It is written in Delphi. It is 275,456 bytes in size.InstallationThis Trojan will be installed to the victim...
Trojan-Spy.Win32.PcGhost.400
This Trojan is designed to steal confidential data. It is a Windows PE EXEfile. It is written in Delphi. It is 273,920 bytes in size.InstallationThis Trojan will be installed to the victim...
Trojan-Spy.Win32.PcGhost.340
This Trojan is designed to steal confidential data. It is a Windows PE EXEfile. It is written in Delphi. It is 241,152 bytes in size.InstallationThis Trojan will be installed to the victim...
Trojan-Spy.Win32.Dks.131.b
This Trojan logs the user’s keystrokes. It is a Windows PE EXE file.It is written in Visual C++. The file is 6,144 bytes in size. The file is packedusing UPX. The unpacked file is...
Trojan-Spy.Win32.Small.a
This Trojan is designed to intercept information entered via the keyboard.The program itself is a Windows PE EXE file. It is 4,096 bytes in size. Itis packed using UPX. The unpacked file is...
Trojan-Spy.Win32.Banker.cmp
This Trojan program is designed to steal confidential data. It is a WindowsPE EXE file, and is 34304 bytes in size. It is packed using a customized packer.The Trojan copies itself to...
Trojan-Spy.Win32.Dks.131.a
This Trojan logs the user’s keystrokes. It is a Windows PE EXE file.It is written in Visual C++. The file is 6,144 bytes in size. The file is packedusing UPX. The unpacked file is...
Trojan-Spy.Win32.VB.oq
|
