Hot Articles

Trojan-PSW.Win32.Coced.219.b

tag:Password-stealing   Trojans  

The Trojan changes the values of the following system registry keys:

[HKCU\Software\Mirabilis\ICQ\Agent\Apps\ICQ]
"Enable" = "yes"
"Path" = " 
  

If your computer does not have an up-to-date antivirus, or does not have an
antivirus solution at all, follow the instructions below to delete the malicious
program:


  1. Use Task Manager to terminate the Trojan process.

  2. Delete the original Trojan file (the location will depend on
how the program originally penetrated the victim machine).

  3. Delete the following system registry key parameters:

    [HKCU\Software\Mirabilis\ICQ\Agent\Apps\ICQ]
"Enable" = "yes"
"Path" = " 
    
    
    

    This Trojan is one of a family of Trojans which steals user passwords.  It
is designed to steal confidential data. It is a Windows PE EXE file. The file
is 208,901 bytes in size. It is written in Visual C  .
    

Installation


    Once launched, the Trojan copies its executable file to the Windows system
directory:
    


    %System%\msrun.exe
    


    The Trojan also extracts the following file from its body (this file is 197,634
bytes in size):
    


    %Temp%\Winvrfy.exe
    

Payload

©Virus-Encyclopedia.com All Rights Reserved.