Subscribe
Wdll.dll contains a function which will ensure that information entered via the keyboard and mouse is intercepted with the help of SetWindowsHookEx. The .dll file will then use the hook set to send information about keys pressed and mouse events to a window with the "TKeyForm
- Use Task Manager to terminate the Trojan process.
- Use Task Manager to terminate the Trojan process Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
- Delete the following files:
%WinDir%\W98SYS.EXE %WinDir%\wdll.dll
- Delete the following system registry key parameter:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
This Trojan spy program harvests confidential information. It is designed to steal a range of confidential information. It harvests information entered via the keyboard and the mouse. It is a Windows PE EXE file. It is 81,408 bytes in size.
InstallationWhen launched, the Trojan copies its executable file to the Windows root directory:
%WinDir%\W98SYS.EXE
In order to ensure that the Trojan is launched automatically each time Windows is restarted, the Trojan registers its executable file in the system registry:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
" "="%WinDir%\W98SYS.EXE"The Trojan also extracts the following file from its body:
%WinDir%\wdll.dll
Payload
Hot Articles