Kaspersky Threats

Class

Platform

Description

Technical Details

This Trojan program is designed to steal user passwords. It is a Windows PE EXE file. The file is 23,040 bytes in size. It is written in Visual Basic.

Payload

The Trojan will steal passwords to modem connections.

The Trojan sends the harvested passwords by email to the remote malicious user’s at:

**chno@mail.ru

The Trojan also creates the following registry key, and save its configuration to this key:

[HKCUSoftwareVB and VBA Program SettingsTHDetect]

The Trojan also displays the following message:

Removal instructions

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

Use Task Manager to terminate the Trojan process.
Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
Delete the following parameters from the system registry (see What is a system registry and how do I use it for details on how to edit the registry):
```
[HKCUSoftwareVB and VBA Program SettingsTHDetect]
```
Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).

Find out the statistics of the threats spreading in your region

Class	Trojan-PSW
Platform	Win32
Description	Technical Details This Trojan program is designed to steal user passwords. It is a Windows PE EXE file. The file is 23,040 bytes in size. It is written in Visual Basic. Payload The Trojan will steal passwords to modem connections. The Trojan sends the harvested passwords by email to the remote malicious user’s at: **chno@mail.ru The Trojan also creates the following registry key, and save its configuration to this key: [HKCUSoftwareVB and VBA Program SettingsTHDetect] The Trojan also displays the following message: Removal instructions If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program: Use Task Manager to terminate the Trojan process. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine). Delete the following parameters from the system registry (see What is a system registry and how do I use it for details on how to edit the registry): [HKCUSoftwareVB and VBA Program SettingsTHDetect] Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
	Find out the statistics of the threats spreading in your region

Trojan-PSW.Win32.Mike

Technical Details

Payload

Removal instructions