Trojan-Spy.Win32.KeyLogger.ab

tag:Trojan   Spy  

Once launched, the Trojan tracks information entered via the keyboard in active windows. Harvested data is saved to the following log file:

C:\Windows\Files.log

The Trojan then sends this file to the remote malicious user's email:

***ewdsw@peoplemail.com.cn

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

  1. Use Task Manager to terminate the Trojan process.
  2. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
  3. Delete the following registry keys:

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
    "Graphdics" = "

    This Trojan tracks the user's keystrokes. This Trojan is a Windows PE EXE file. The file is approximately 30KB in size. It is packed using ASPack. The unpacked file is approximately 60KB in size. It is written in Visual Basic.

    Installation

    In order to ensure that the Trojan is launched automatically when the system is rebooted, the Trojan registers its executable file in the system registry:

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
    "Graphdics" = "<path to Trojan file>"

    [HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices] "Grgaphics" = "<path to Trojan file>"

    Payload

©Virus-Encyclopedia.com All Rights Reserved.