Trojan-Spy.Win32.Goldun.gu

tag:Trojan Spy

Delete the Trojan's installation key from the system registry:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winprint]

Delete the following files:

%System%\winprint.dll
%System%\eps32sys.sys

Reboot the computer.
Perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus here).

This Trojan spy program is designed to steal confidential financial information.

The Trojan itself is a Windows PE EXE file approximately 25KB in size, packed using FSG. The unpacked file is approximately 110KB in size.
Installation
When installing itself to the system, the Trojan creates the following files in the Windows system directory:
```
%System%\winprint.dll
%System%\eps32sys.sys
```
TrojanSpy.Win32.Goldun.gu creates the following entries in the system registry:
```
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winprint]
"DllName" = "winprint.dll"
"Startup" = "winprint"
"Impersonate" = "1"
"Asynchronous" = "1"
"MaxWait" = "1"
```
Payload
TrojanSpy.Win32.Goldun.gu attempts to steal logins, passwords and other account information associated with e-gold online bank.
Removal instructions

previous:Trojan-Spy.Win32.Goldun.ms
previous:Trojan-Spy.Win32.GreenScreen.099

Virus Source from:

New articles

TSPY_ZBOT.XMASThis spyware may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It may be downloaded from remote ...Trojan.Win32.FraudPack.bgveThis Trojan is designed to install and launch other programs on the victim machine without the knowledge or consent of the user. It is a Windows PE EXE file. ...Sinowal.VXRSinowal.VXR is a Trojan designed to steal information related to certain British banking entities. It obtains confidential information related to users' login f...Trojan.Spy.ZBot.EHAt execution this malware is a trojan that copies itself in %WINDIR%\system32\ntos.exe (or C:\Documents and settings\%username%\Application Data\) and he will c...Trojan.Spy.Webmoner.CE-In order to outwit the user, the fileofen has an icon of an installeror of a well-known file type(e.g. Media Player files, IE files); also, it may have names l...

Hot Articles

Trojan-Spy.Win32.Goldun.gu

Computer Virus Clounds