Subscribe
The Trojan harvests information (including passwords) entered by the user.
It performs the following actions:
- makes screenshots
- logs keystrokes
- tracks mouse movement
- harvests cached passwords.
Harvested data is then sent to the remote malicious user by email:
webm_****@mail.ru
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Use Task Manager to terminate the "system.exe" process.
- Delete the following file:
%System%\system.exe
- Delete the following parameters from the system registry (see
What
is a system registry and how do I use it for details on how to edit the registry).
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SysTray" = "%System%\system.exe"
- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
This Trojan is designed to steal confidential data. It is a Windows PE EXE file. It is 169,472 bytes in size. It is written in Delphi.
InstallationWhen launched, the Trojan copies itself to the Windows system directory as “system.exe”:
%System%\system.exe
The Trojan then adds a link to its executable file in the system registry, ensuring that it will be launched when Windows is rebooted on the victim machine:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SysTray" = "%System%\system.exe"
The Trojan also adds the following value to the system registry:
[HKCU\RemoteAccess\Adresses]Payload
Hot Articles