This Trojan tracks the user's keystrokes, and is designed to steal confidentialinformation. It is a Windows PE EXE file. It is written in Visual Basic. Itis 920,576 bytes in size. It is packed using UPX. The unpacked file is approximately2500KB in size. This program is a constructor for Trojan programs which track the user’skeystrokes. The program interface has the following appearance: When launching, the Trojan opens the following links: - http://mitglied.lycos.de/gpsecurity/gpnews.t
- http://mitglied.lycos.de/gpsecurity/gpks2.tx
- http://www.MegaCash.de/web-sponsor/nt-bin/click.exe?a500155
- http://www.cash4banner.com/web-sponsor/nt-bin/show.exe?a100574
- http://www.cash4banner.com/web-sponsor/nt-bin/click.exe?a100574
- http://adserver.click4cash.de:7080/v11444sub
- http://adserver.click4cash.de:7080/c11444sub
- http://www.cash4xxx.de/php-bin/exitwin.php?I
- http://www.cash4xxx.de/php-bin/banner.php?ID=773&width=468&height=60
- http://spezialreporte.de/blackbook/?8338
- http://www.cash4xxx.de/php-bin/link.php?ID=7
- http://www.cash4banner.de/web-sponsor/nt-bin/show.exe?b100754
- http://www.cash4banner.de/web-sponsor/nt-bin/click.exe?b100754
A new Trojna will be generated if the user clicks on “Create Spion".It uses the following data: - Name of Trojan file (<spy_name>)
- email address;
- smtp server;
- validity period;
- time of activation;
- type of Internet connection.
Once launched, the generated file will create a Trojan spy file in the Windowssystem directory. This file will have the name given by the user. The file is54 784 bytes in size, and will be detected by Kaspersky Anti-Virus as Trojan-Spy.Win32.TaskPlaner.b). This Trojan will log the user’s keystrokes. Harvested data will beencrypted and saved to log files called yipooin.dll and yipooin32.dll. The Trojanwill then send these files to the designated address. [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"<spy_name>" = "%System%\<spy_name>.exe" This ensures that the Trojan will be launched each time Windows is bootedon the victim machine. If your computer does not have an up-to-date antivirus, or does not have anantivirus solution at all, follow the instructions below to delete the maliciousprogram: - Use Task Manager to terminate the Trojan process and delete theTrojan file:
"%System%\<spy_name>.exe" - Delete the following registry key value:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"<spy_name>" - Update your antivirus databases and perform a full scan of thecomputer (download a trial version of Kaspersky Anti-Virus).
Printed From:http://www.viruslist.com/en/viruses/encyclopedia?virusid=41562
Similar Virus/Threat >>
Trojan-Spy.Win32.KeyLogger.lb
This Trojan tracks the user's keystrokes. This Trojan is a Windows DLL file.It is 72,192 bytes in size. It is written in Delphi. InstallationThis Trojan will be installed on the victim machine by...
Trojan-Spy.Win32.Goldun.ms
This Trojan steals confidential data. It is a Windows PE EXE file. The Trojancomponents vary in size from 39 to 48KB.InstallationWhen launching, the Trojan extracts the following file from its...
Trojan-Spy.Win32.Tofger.aa
This Trojan tracks the user's keystrokes. This Trojan is a Windows DLL file.This file will be used by other Trojan programs which are designed to stealconfidential data. It is 3,072 bytes in...
Trojan-Spy.Win32.QQSpy.12.a
This Trojan is designed to steal confidential data. It is a Windows PE EXEfile. It is written in Delphi. It is 193,024 bytes in size.The Trojan creates the following system registry...
Trojan-Spy.Win32.KeyLogger.p
This Trojan tracks the user's keystrokes, and is designed to steal confidentialinformation. It is a Windows PE EXE file. It is 136,192 bytes in size. Itis not packed in any way. It is written in...
Trojan-Spy.Win32.KeyLogger.h
This Trojan tracks the user's keystrokes, and is designed to steal confidentialinformation. It is a Windows PE EXE file. It is 376,832 bytes in size. Itis not packed in any way. It is written in...
Trojan-Spy.Win32.PcGhost.413
This Trojan is designed to steal confidential data. It is a Windows PE EXEfile. It is written in Delphi. It is 275,456 bytes in size.InstallationThis Trojan will be installed to the victim...
Trojan-Spy.Win32.PcGhost.400
This Trojan is designed to steal confidential data. It is a Windows PE EXEfile. It is written in Delphi. It is 273,920 bytes in size.InstallationThis Trojan will be installed to the victim...
Trojan-Spy.Win32.PcGhost.340
This Trojan is designed to steal confidential data. It is a Windows PE EXEfile. It is written in Delphi. It is 241,152 bytes in size.InstallationThis Trojan will be installed to the victim...
Trojan-Spy.Win32.Dks.131.b
This Trojan logs the user’s keystrokes. It is a Windows PE EXE file.It is written in Visual C++. The file is 6,144 bytes in size. The file is packedusing UPX. The unpacked file is...
Trojan-Spy.Win32.Small.a
This Trojan is designed to intercept information entered via the keyboard.The program itself is a Windows PE EXE file. It is 4,096 bytes in size. Itis packed using UPX. The unpacked file is...
Trojan-Spy.Win32.Banker.cmp
This Trojan program is designed to steal confidential data. It is a WindowsPE EXE file, and is 34304 bytes in size. It is packed using a customized packer.The Trojan copies itself to...
Trojan-Spy.Win32.Dks.131.a
This Trojan logs the user’s keystrokes. It is a Windows PE EXE file.It is written in Visual C++. The file is 6,144 bytes in size. The file is packedusing UPX. The unpacked file is...
Trojan-Spy.Win32.Banker.ckj
This Trojan intercepts confidential user data. It is a Windows PE EXE file,29KB in size, packed using MEW. The unpacked file is approximately 225KB insize.InstallationWhen launched, the Trojan...
Trojan-Spy.Win32.VB.oq
|
