|
|
|  |
|
|
|
|
F-Secure Malware Information Pages: Trojan-PSW:W32/Lmir.BPG
|
|
|
| Radar |
 |
|
|
|
Summary
|
| This is typical Trojan that logs keyboard strikes (key logger) and URLs visited by the user. |
|
|
|
Detailed Description
|
Upon execution, this malware drops a file on the root directory of the C:\ drive:
- C:\xp2007.dat
- Detected as Trojan.Win32.BHO.[variant]
This malware installs itself as a Browser Helper Object. It creates the following autostart registry keys:
- HKLM\Software\{5FF908C9-578F-4A40-9643-E0CA07093990}
- HKLM\Software\Classes\CLSID\{5FF908C9-578F-4A40-9643-E0CA07093990}
- HKLM\Software\Classes\CLSID\{5FF908C9-578F-4A40-9643-E0CA07093990}\InprocServer32
- HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
\{5FF908C9-578F-4A40-9643-E0CA07093990}
This malware logs keyboard strikes and mouse clicks of the user and then saves them in a file with a random name in the system's default temporary directory. It also logs the URLs (web site addresses) visited by the user and saves them in a separate log file, also with a random name.
Note: The temporary directory is normally C:\Documents and Settings\[account name]\Local Settings\Temp. |
|
|
|
F-Secure Corporation |
|
|
|
|
|
Last Modified: December 19, 2007
|
|
|
|
|
