Subscribe
This Trojan tracks the user's actions on the victim machine. It tracks keys pressed by the user.
It connects to a mail server to send the data collected from the victim machine to the following address:
****@intertainment.co.za
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Use Task Manager to terminate the Trojan process.
- Delete the following file:
%System%/winsys.dll
- Delete the key and value created by the Trojan in the system
registry:
[HKLM\Software\SlySoft]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"winsys" - Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
This Trojan is designed to steal user passwords. It is a Windows PE EXE file. It is 10,240 bytes in size. It is not packed in any way. It is written in Visual C .
InstallationOnce launched, the Trojan copies itself to the Windows system directory as "winsys.dll". The Trojan also creates the following system registry key: :
[HKLM\Software\SlySoft\Sly]
The Trojan also adds the following parameter to the system registry:
[HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices]"winsys" = "winsys.dll"
This ensures that the Trojan will be launched each time Windows is booted on the victim machine.
The Trojan also creates a unique identifier, “slyishere”, to flag its presence in the system:
slyisherePayload
Hot Articles