Hot Articles

Trojan-PSW.Win32.Small.ae

tag:Password-stealing   Trojans  

The Trojan harvests the contents of the system password cache by using an undocumented function of WnetEnumCachedPasswords.

The Trojan sends the harvested passwords by email to the remote malicious user's email:

1*****@freemail.co.za

The Trojan also creates the following registry key, and save its configuration to this key:

[HKLM\SOFTWARE\SlySoft]

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

  1. Use Task Manager to terminate the malicious program

    This Trojan program is designed to steal user passwords. It is a Windows PE EXE file. It is 10240 bytes in size.

    Installation

    The Trojan copies its executable file to the Windows system directory:

    %System%\winsys.dll

    In order to ensure that the Trojan is launched automatically each time the system is booted, the Trojan adds a link to its executable file in the system registry:

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "winsys" = "winsys.dll" Payload

©Virus-Encyclopedia.com All Rights Reserved.