• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Identity Theft › Trojan › Trojan Horse keylogger steal end-user information for popular online games.

Trojan Horse keylogger steal end-user information for popular online games.

Myantispyware team March 13, 2006     3 Comments    

Websense® Security Labs™ has received reports of a malicious website, which is hosting a Trojan Horse keylogger. This keylogger is designed to steal end-user information for popular online games. The malicious code’s filename is main_n80.scr and was discovered on a site, which appears to be a fraudulent version of the Nokia Taiwan website.
The site uses a cousin domain name and simply has an image screenshot of the real Nokia Taiwan website. It is hosted in Hong Kong and appears to have been registered with fraudulent information.

The main_80.scr file is an SFX self-extracting executable file that contains four files:
* download.exe
* winlogin.exe
* server.exe
* error.jpg
When the main_80.scr file is executed, it will use download.exe to copy the extracted files to the system32 dir and execute its version of run32dll.exe. The rundll32.exe file will show error.jpg. Once the user closes the .jpg file,rundll32.exe will execute the rest of the extracted .exe files.
These extracted .exe files modify the registry, as detailed below, to ensure that it starts on restart, and checks for the existence of the application Lineage.
* Modifies or creates files and stores in system32 directory
* Kerne0110.exe is a copy of winlogin.exe
* Rundll32.exe is a copy of download.exe
* gg.bat is created
* _2dll.dll is created
* microsoftie0110.dll is created
* msabc.dll is created
* pKerme123.dll is created
* RegistryInfo.dll is created

Identity Theft Trojan

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

3 Comments

  1. Steve Lamb's Blog
    ― March 15, 2006 - 10:27 am

    Evidence of a website that appears to be hosting a malicious keylogger trojan horse

    Trojan horses (software that includes “features” that may work against the user’s intentions) are hardly…

  2. Steve Lamb
    ― March 15, 2006 - 10:28 am

    Thanks for the interesting website – keep up the good work.

  3. Nursing and some other bits
    ― March 15, 2006 - 3:24 pm

    Trojan report.

    Just picked up the following warning:
    Websense® Security Labs™ has received reports of a malicious website, which is hosting a Trojan Horse keylogger. This keylogger is designed to steal end-user information for popular online games. The malicious…

Leave a Reply Cancel reply




New Guides

Mayfootekvideo.com
How to remove Mayfootekvideo.com pop-ups (Virus removal guide)
All Day Forecast
How to remove All Day Forecast redirect (Virus removal guide)
Search.halldayforecast.com
How to remove Search.halldayforecast.com [Chrome, Firefox, IE, Edge]
systemkeeper04.com
How to remove Systemkeeper04.com pop-ups (Virus removal guide)
privacyegg.com
How to remove Privacyegg.com pop-ups (Virus removal guide)

Follow US

Search

Useful Guides

Best free malware removal tools
Best Free Malware Removal Tools 2019
Malwarebytes won’t install, run or update – How to fix it
How to remove pop-up ads [Chrome, Firefox, IE, Opera, Edge]
DNSChanger
How to remove DNSChanger malware virus [Updated Apr. 2018]
Files encrypted by ransomware become useless
How To Recover Encrypted Files (Ransomware file recovery)

Recent Posts

LdPinch again spammed via ICQ
BraveSentry – new rogue anti spyware
Exchange rate conversion tool load Trojan.Downloader and Trojan.Muldrop
Running as Limited User – The Easy Way to keep a system free from malware
Nyxem/Kama Sutra/Blackworm return again

MYANTISPYWARE.COM

  • About Us
  • Contact Us

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2019 My AntiSpyware - Free antispyware programs and Spyware Removal Instructions.