Subscribe0 0
The Logmod program belongs to the family of password stealing trojans.
Logmod steals the following information: Windows version, Explorer version, phone book entries, service provider information, RAS data, modem log, e.t.c.
When run the trojan installs itself into the system. While installing the Logmod trojan registers itself in the system registry auto-run section:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Sysres = Sysres.exe
The trojan does not copy/move its file to any other directory, thus it cannot automatically run on Windows boot-up (except if it is originally placed in the Windows or Windows system directory). Therefore, for example, it cannot "install" itself into the system while being run from email attachments. There should be an additional component ("dropper") that installs the trojan into the system.
To send stolen data out of infected computers the Logmod opens an Internet URL with the following request:
http://stats.internetsexprovider.com/resident/SysWeb.php3?country=espana4&Login=
Hot Articles