F-Secure
Tools
Trojan-PSW:W32/Lmir.BPG
| Name : | Trojan-PSW:W32/Lmir.BPG |
| Category: | Malware |
| Type: | Trojan-PSW |
| Platform: | W32 |
Summary
This is typical Trojan that logs keyboard strikes (key logger) and URLs visited by the user.
Additional Details
Upon execution, this malware drops a file on the root directory of the C:\ drive:
This malware installs itself as a Browser Helper Object. It creates the following autostart registry keys:
This malware logs keyboard strikes and mouse clicks of the user and then saves them in a file with a random name in the system's default temporary directory. It also logs the URLs (web site addresses) visited by the user and saves them in a separate log file, also with a random name.
Note: The temporary directory is normally C:\Documents and Settings\[account name]\Local Settings\Temp.
• C:\xp2007.dat
- Detected as Trojan.Win32.BHO.[variant]
- Detected as Trojan.Win32.BHO.[variant]
This malware installs itself as a Browser Helper Object. It creates the following autostart registry keys:
• HKLM\Software\{5FF908C9-578F-4A40-9643-E0CA07093990}
• HKLM\Software\Classes\CLSID\{5FF908C9-578F-4A40-9643-E0CA07093990}
• HKLM\Software\Classes\CLSID\{5FF908C9-578F-4A40-9643-E0CA07093990}\InprocServer32
• HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
\{5FF908C9-578F-4A40-9643-E0CA07093990}
\{5FF908C9-578F-4A40-9643-E0CA07093990}
This malware logs keyboard strikes and mouse clicks of the user and then saves them in a file with a random name in the system's default temporary directory. It also logs the URLs (web site addresses) visited by the user and saves them in a separate log file, also with a random name.
Note: The temporary directory is normally C:\Documents and Settings\[account name]\Local Settings\Temp.