1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Virus Descriptions
  6. Trojan-PSW:W32/Lmir.BPG

Trojan-PSW:W32/Lmir.BPG

Name : Trojan-PSW:W32/Lmir.BPG
Category:Malware
Type:Trojan-PSW
Platform:W32

Summary

This is typical Trojan that logs keyboard strikes (key logger) and URLs visited by the user.

Additional Details

Upon execution, this malware drops a file on the root directory of the C:\ drive:

  •  C:\xp2007.dat
- Detected as Trojan.Win32.BHO.[variant]

This malware installs itself as a Browser Helper Object. It creates the following autostart registry keys:

  • HKLM\Software\{5FF908C9-578F-4A40-9643-E0CA07093990}
  •  HKLM\Software\Classes\CLSID\{5FF908C9-578F-4A40-9643-E0CA07093990}
  •  HKLM\Software\Classes\CLSID\{5FF908C9-578F-4A40-9643-E0CA07093990}\InprocServer32
  •  HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
\{5FF908C9-578F-4A40-9643-E0CA07093990}

This malware logs keyboard strikes and mouse clicks of the user and then saves them in a file with a random name in the system's default temporary directory. It also logs the URLs (web site addresses) visited by the user and saves them in a separate log file, also with a random name.

Note: The temporary directory is normally C:\Documents and Settings\[account name]\Local Settings\Temp.