Trojan-PSW.Win32.ZombSmallTrojan.01
| Alert Level : | Medium |
| Discovered: | Mar 30 2006 |
| Tag: | Password-stealing Trojans |
| Discoverer and Source: | http://www.kaspersky.com/ |
Malware Behavior and Technical Description
The program is an executable file called smalltroyan.exe, which is a Win32 GUI application. This file uses defined parameters to generate a Trojan program, which is an executable file called strojan.exe.
The program is written in Delphi and packed using UPX. The configuration program smalltrojan.exe is 6688 bytes in size. The malicious program itself, strojan.exe, is 5312 bytes in size.
Payload
When activated, the malicious program launches the application SmallTrojan 0.1 (c)zOmbie. This application causes a dialogue box to be displayed in the centre of the desktop:
The program asks the user to enter his/ her email and smtp address. The Trojan will send emails with confidential information harvested from the victim computer to this address.
If the user clicks on 'Exit', the application will close. If the user clicks on 'Make, the following message will be displayed on screen.
SmallTrojan displays a message indicating that an executable file named strojan.exe has just been generated. Included at the end of the message is SmallTrojan copyright information, the author's pseudonym and an URL address where updates may be found.
While this is happening, the Trojan program is configured to work with a specific remote malicious user.
The Trojan is then ready to function within the victim machine.
Once the strojan.exe file is launched on the victim machine, the Trojan copies itself to the Windows system directory as
Removal Trojan-PSW.Win32.ZombSmallTrojan.01 instructions:
- Using Task Manager, terminate the following processes:
strojan.exe krnl32.exe
- Delete the Trojan file from the Windows system directory:
%System%\krnl32.exe
- Revert the following system registry entry:
[HKLM\Software\CLASSES\exefile\shell\open\command]
Need help? Live computer support via remote at SupportSpace.Help with printer problems, windows, hardware, software, spyware removal and more. - Go Now!
