Subscribe
The Trojan will:
- Track information entered via the keyboard.
- Get passwords to AOL accounts from the following registry key:
[HKLM\Software\America Online\AOL Instant Messenger (TM)\CurrentVersion\Users]
- Harvest messages sent via AOL Instant Messenger.
The harvest data will be saved to the following log file: c:\autoexec.bac.
The Trojan also has backdoor functionality, which makes it possible for a remote malicious user to:
- Reboot the computer;
- Log off current user;
- Open/ close the CD-ROM drive;
- Modify system date and time.
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Use Task Manager to terminate the Trojan process.
- Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
- Delete the files created by the Trojan:
C:\WINDOWS\All Users\Start Menu\Programs\StartUp\AOLStart.exe
C:\windows\startm~1\programs\startup\Office.exe
C:\autoexec.bac - Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
This Trojan is a Windows PE EXE file. It is 69,632 bytes in size. It is written in Visual Basic.
InstallationWhen launched, the Trojan copies its executable file to the following folders under the following names:
%WinDir%\All Users\Start Menu\Programs\StartUp\AOLStart.exe%WinDir%\startm~1\programs\startup\Office.exe
This ensures that the Trojan will be launched automatically each time Windows is restarted on the victim machine.
Payload
Hot Articles