• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Identity Theft › Trojan › Trojan Horse keylogger steal end-user information for popular online games.

Trojan Horse keylogger steal end-user information for popular online games.

Myantispyware team March 13, 2006     3 Comments    

Websense® Security Labs™ has received reports of a malicious website, which is hosting a Trojan Horse keylogger. This keylogger is designed to steal end-user information for popular online games. The malicious code’s filename is main_n80.scr and was discovered on a site, which appears to be a fraudulent version of the Nokia Taiwan website.
The site uses a cousin domain name and simply has an image screenshot of the real Nokia Taiwan website. It is hosted in Hong Kong and appears to have been registered with fraudulent information.

The main_80.scr file is an SFX self-extracting executable file that contains four files:
* download.exe
* winlogin.exe
* server.exe
* error.jpg
When the main_80.scr file is executed, it will use download.exe to copy the extracted files to the system32 dir and execute its version of run32dll.exe. The rundll32.exe file will show error.jpg. Once the user closes the .jpg file,rundll32.exe will execute the rest of the extracted .exe files.
These extracted .exe files modify the registry, as detailed below, to ensure that it starts on restart, and checks for the existence of the application Lineage.
* Modifies or creates files and stores in system32 directory
* Kerne0110.exe is a copy of winlogin.exe
* Rundll32.exe is a copy of download.exe
* gg.bat is created
* _2dll.dll is created
* microsoftie0110.dll is created
* msabc.dll is created
* pKerme123.dll is created
* RegistryInfo.dll is created

Identity Theft Trojan

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

3 Comments

  1. Steve Lamb's Blog
    ― March 15, 2006 - 10:27 am  Reply

    Evidence of a website that appears to be hosting a malicious keylogger trojan horse

    Trojan horses (software that includes “features” that may work against the user’s intentions) are hardly…

  2. Steve Lamb
    ― March 15, 2006 - 10:28 am  Reply

    Thanks for the interesting website – keep up the good work.

  3. Nursing and some other bits
    ― March 15, 2006 - 3:24 pm  Reply

    Trojan report.

    Just picked up the following warning:
    Websense® Security Labs™ has received reports of a malicious website, which is hosting a Trojan Horse keylogger. This keylogger is designed to steal end-user information for popular online games. The malicious…

Leave a Reply Cancel reply




New Guides

Silenthill24.biz
How to remove Silenthill24.biz pop-ups (Virus removal guide)
unwanted ads
How to uninstall IntegerLocator app/extension from Mac (Virus removal guide)
Freshyearmarts.shop
Freshyearmarts.shop pop-up scam (Virus removal guide)
unwanted ads
Fast PDF Reader extension (Virus removal guide)
Watchvideo.pro
Watchvideo.pro pop-up scam (Virus removal guide)

Follow Us

Search

Useful Guides

How to remove browser hijacker virus (Chrome, Firefox, IE, Edge)
How to reset Mozilla Firefox (Updated Apr. 2018)
Managed by your organization chrome virus
Chrome Managed by your organization malware removal guide
remove android virus
How to remove virus from Android phone
This setting is enforced by your administrator (Removal guide)

Recent Posts

LdPinch again spammed via ICQ
BraveSentry – new rogue anti spyware
Exchange rate conversion tool load Trojan.Downloader and Trojan.Muldrop
Running as Limited User – The Easy Way to keep a system free from malware
Nyxem/Kama Sutra/Blackworm return again

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2022 Myantispyware.com - Free antispyware programs and Spyware Removal Instructions.