Trojan-Spy.Win32.GreenScreen.099

tag:Trojan Spy

0 0

This is spy trojan that installs itself to the system, hides itself and then captures screen images and saves them to disk files in encrypted form. Thus it allows to a hacker to watch screen images.

The trojan itself is Windows PE EXE file, compressed by AsPack, written in Delphi. The trojan size is different and depends on trojan version.

While installing the trojans copies itself to Windows system directory with the SERVICES.EXE name and registers that file in system registry auto-run key:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services

It also writes "auto-run" command to SYSTEM.INI file to "shell=" instruction.

The captured screens are stored to SPC\SPC*.* files in Windows system direcotry.

The trojan is written in China and has text strings in Chinese.

previous:Trojan-Spy.Win32.Goldun.gu
previous:Trojan-Spy.Win32.Iespy.od

Virus Source from:

New articles

TSPY_ZBOT.XMASThis spyware may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It may be downloaded from remote ...Trojan.Win32.FraudPack.bgveThis Trojan is designed to install and launch other programs on the victim machine without the knowledge or consent of the user. It is a Windows PE EXE file. ...Sinowal.VXRSinowal.VXR is a Trojan designed to steal information related to certain British banking entities. It obtains confidential information related to users' login f...Trojan.Spy.ZBot.EHAt execution this malware is a trojan that copies itself in %WINDIR%\system32\ntos.exe (or C:\Documents and settings\%username%\Application Data\) and he will c...Trojan.Spy.Webmoner.CE-In order to outwit the user, the fileofen has an icon of an installeror of a well-known file type(e.g. Media Player files, IE files); also, it may have names l...

Hot Articles

Trojan-Spy.Win32.GreenScreen.099

Computer Virus Clounds