Trojan-PSW.Win32.Aletc

Class Trojan-PSW
Platform Win32
Description

Technical Details

This Trojan program is designed to steal user passwords. This Trojan is a Windows PE EXE file. It is 155 648 bytes in size.

Payload

The Trojan harvests parameters to all remote connections installed on the system (user name, password, number to be called to establish a connection). Harvested data is saved to the following log file:

%Temp%MsWin000.tmp

The log file is sent to the following email addresses:

ale***@yahoo.com
***text@yahoo.com
ale***@crosswinds.net

Removal instructions

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

  1. Use Task Manager to terminate the Trojan process.
  2. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
  3. Delete the following file:
    %Temp%MsWin000.tmp
  4. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).