Subscribe
The Trojan constantly searches for windows of the following classes:
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Delete the Trojan process.
- Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
- Delete the following files:
%Temp%\Pinch;009.exe %Temp%\drag_and_go_back_spezial.swf
- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
This Trojan is designed to steal confidential information (user passwords). It is designed to steal a range of confidential information.
It is a Windows PE EXE file. The file is approximately 49KB in size. t is written in Assembler.
InstallationWhen launching, the Trojan extracts the following files from its body:
- %Temp%\Pinch;009.exe — this file is 26,635 bytes in size;
- %Temp%\drag_and_go_back_spezial.swf — this file is 19,006 bytes in size.
The files will then be launched for execution.
The Trojan also adds the following parameter to the system registry:
[HKLM\System\ControlSet\Services\SharedAccess\Parameters\FirewallPolicy\"<name of Trojan program>" = "<name of Trojan program>:*:Enabled:" Payload
Hot Articles