Virus Database

Trojan.PSW.GIP.107

Description Trojan.PSW.GIP.107

This program belongs to the family of password-stealing Trojans.
When run, the Trojan installs itself to the system, and while installing, copies itself to Windows, Windows system, Windows temporary, or WindowsRECYCLED directory and registers itself in the system registry auto-run section. For example:
Trojan full name: WINDOWSSYSTEMshel.exe
Registry keys:
HKCUSoftwareMicrosoftWindowsCurrentVersionRun Welcome = %SystemDir%shel.exe
HKLMSoftwareMicrosoftWindowsCurrentVersionRunServices Service = SystemDirshel.exe <- "Sevice" not "Service"
HKLMSoftwareMicrosoftWindowsCurrentVersionRun Config = %SystemDir%shel.exe
The installed Trojan file name and target directory are optional. They are stored in encrypted form in the Trojan file at the file end. A hacker may configure them before sending the Ttrojan to a victim machine, or before putting it on a Web site.
The Trojan then registers itself in the system as a hidden application (service), and the Trojan process then is not visible in task list. Being active in the system, the Trojan periodically sends e-mail messages to its host (hacker's e-mail address, also is optional). The message contains the following:
computer information (processor, display settings, disk free space, RAM size, etc.)
RAS DilaUp information, cached passwords (login name and password)
Internet access login and password
ICQ UIN and password

The Trojan can download a file from a specified Internet site and registers it in the Registry auto-run key:
HKLMSOFTWAREMicrosoftWindowsCurrentVersionRunOnce Welcome = TMP15F.EXE
The Trojan also creates, modifies and in some cases deletes the Registry keys:
HKCUSoftwareMicrosoftWindows
File1
File2
File3
Count

Date
LastError
ver

The Trojan (also optional) may drop a "decoy" component - a joke program, game, other kind of attractive program. This is done to deceive a user and disguise the Trojan's installation by a decoy component.

Check other viruses! Be aware! Use Antiviral Software

Einvolk Family

Description Einvolk Family

These are non-memory resident parasitic viruses. They search for .COM-files of the current and parent subdirectories and write themselves to the end of the files that are found. "Einvolk.521,525" are dangerous viruses. In November, they format hard drive sectors and display:
"Einvolk.521": Weimar Republik 525 VF!93
"Einvolk.525": Big brother is watching you.
Virus Factory 93

"Einvolk.640" is a harmless virus. It contains the following internal text string:
Ein volk, Ein reich, ein führer!
John.L.VF!93

Einvolk.521

Description Einvolk.521

This is a non-memory resident parasitic virus. It searches for COM files of the current and parent subdirectories and writes itself to the end of the files that are found.
This is a dangerous virus. In November, it formats hard drive sectors and displays:
Big brother is watching you.
Virus Factory 93

Home