Trojan.PWS.Agent.SGD

tag:Trojan PWS

The malware drops the following files:

1) %windir%\system32\hbqqxx.dll
- this .dll will be injected in all the running processes and it will try to steal sensitive information, such as user accounts and passwords for the Tencent QQ instant messaging program

2) %windir%\system32\system.exe

3) %windir%\system32\drivers\hbkernel32.sys
- a service named HBKernel32 will be created and will be started at every system startup
- will set the registry key:
HKLM\System\CurrentControlSet\Services\HBKernel32
ImagePath - Please let BitDefender delete your infected files.

If you have at least one of the following files on your computer, you are infected:

%windir%\system32\system.exe (size: 7,5KB)
%windir%\system32\drivers\hbkernel32.sys (size: 17,6KB)

(where %windir% stands for c:\windows of c:\winnt, depending on the operating system)

previous:Trojan.PWS.Tupai.A
Next:none

Virus Source from:

New articles

Trojan.PWS.Agent.SGD The malware drops the following files:1) %windir%\system32\hbqqxx.dll- this .dll will be injected in all the running processes and it will try to steal sensitiv...Trojan.PWS.OnlineGames.AABK First of all, the malware deletes the copies of%windir%system32\rpcss.dll (a Windows file) from%windir%\system32\dllcache\rpcss.dlland%windir%\servicepackfiles\...Trojan.PWS.Tupai.ANormal0falsefalsefalseMicrosoftInternetExplorer4st1\:*{behavior:url(#ieooui) }/* Style Definitions */table.MsoNormalTable {mso-style-name:"Table Normal"; mso-ts...Trojan.PWS.Lmir.UMHWhen launched, the trojan drops in %windir%\system32 folder a DLL file having the name derived form an existing DLL from same folder (e.g. rasmanqn3.dll, mdimap...Trojan.PWS.OnlineGames.ZKHThis malware is used to steal user information from online games as qqlogin.exe hx2game.exe and others. The dll file will be injected in every running process. ...

Hot Articles

Trojan.PWS.Agent.SGD

Computer Virus Clounds