Class | Trojan-PSW |
Platform | Win32 |
Description |
Technical DetailsThis Trojan is designed to steal user passwords. It is a Windows PE EXE file. It is 10,240 bytes in size. It is not packed in any way. It is written in Visual C++. InstallationOnce launched, the Trojan copies itself to the Windows system directory as “winsys.dll”. The Trojan also creates the following system registry key: [HKLMSoftwareSlySoftSly] The Trojan also adds the following parameter to the system registry: [HKLMSoftwareMicrosoftWindowsCurrentVersionRunServices]
“winsys” = “winsys.dll” This ensures that the Trojan will be launched each time Windows is booted on the victim machine. The Trojan also creates a unique identifier, “slyishere”, to flag its presence in the system: slyishere PayloadThis Trojan tracks the user’s actions on the victim machine. It tracks keys pressed by the user. It connects to a mail server to send the data collected from the victim machine to the following address: ****@intertainment.co.za Removal instructionsIf your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
|
Find out the statistics of the threats spreading in your region |