Trojan-Spy.Win32.GreenScreen.099
| Alert Level : | Medium |
| Discovered: | Sep 09 2002 |
| Tag: | Trojan Spy |
| Discoverer and Source: | http://www.kaspersky.com/ |
Malware Behavior and Technical Description
This is spy trojan that installs itself to the system, hides itself and then captures screen images and saves them to disk files in encrypted form. Thus it allows to a hacker to watch screen images.
The trojan itself is Windows PE EXE file, compressed by AsPack, written in Delphi. The trojan size is different and depends on trojan version.
While installing the trojans copies itself to Windows system directory with the SERVICES.EXE name and registers that file in system registry auto-run key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services
It also writes "auto-run" command to SYSTEM.INI file to "shell=" instruction.
The captured screens are stored to SPC\SPC*.* files in Windows system direcotry.
The trojan is written in China and has text strings in Chinese.
0
Removal Trojan-Spy.Win32.GreenScreen.099 instructions:
0
Need help? Live computer support via remote at SupportSpace |

