Home>Trojan Programs>PSW Trojans>

Trojan-PSW.Win32.Tapiras.a

Alert Level :	Medium
Discovered:	Aug 20 2007
Tag:	Password-stealing   Trojans
Discoverer and Source:	http://www.kaspersky.com/

Malware Behavior and Technical Description

This Trojan is one of a family of Trojans which steals user passwords. It is a Windows PE EXE file. It is 77,824 bytes in size. It is written in C .

Installation

Once launched, the Trojan copies its body to the Windows system directory as "tapiras.exe ":

%System%\tapiras.exe

The Trojan then passes control to this file and deletes its original file.

In order to ensure that the Trojan is launched automatically when the system is rebooted, it registers its executable file in the system registry:

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"tapiras.exe" = "tapiras.exe"

Payload

The Trojan harvests the following data:

• Information about the user, the computer name, and the type of operating system;
• Information about ICQ account numbers which is saved in the registry;
• Information about modem connections which is saved in the registry;
• List of frequently viewed URLs;
• Cached passwords;

When the victim machine connects to the Internet, the Trojan sends all stolen data to the remote malicious user

Removal Trojan-PSW.Win32.Tapiras.a instructions:

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

1. Use Task Manager to terminate the Trojan process.
2. If the Trojan has not already deleted its original file, delete it (the location will depend on how the program originally penetrated the victim machine)
3. Delete the file created by the Trojan: %System%\tapiras.exe
4. Delete the following parameter from the system registry (see What is a system registry and how do I use it for details on how to edit the registry).

   [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
   "tapiras.exe" = "tapiras.exe"

5. Change all passwords for applications which may have had their passwords stolen.
6. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).

Need help? Live computer support via remote at SupportSpace.Help with printer problems, windows, hardware, software, spyware removal and more. - Go Now!

Great Anti-Virus Software : Kaspersky Internet Security 2009 Save 35% Buy Panda Global Protection 2009 and Panda Antiviru Download PandaLabs Reports Free AVG virus removel tools Hunting Down Spyware and Adware Adware and spyware, knowing the basics Adware Spyware Remover from CBAdvance Keeping Your Computer in Good Condition Using Free Spyware A Beware of Covert Online Spies Why the Need to Remove Adware and Spyware