| Name: |
Mssys Trojan |
| Category: |
Trojan |
| Advice: |
Remove |
| Risk: |
Severe Risk
Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. |
| Description:
|
Mssys Trojan is a Trojan Horse that can capture keystrokes and periodically send them to a predefined email address.
Mssys Trojan may arrive as a dropper.
Executes %Windir%Mssys.exe and registers itself as a service, if the current system is Windows 95/98/Me.
Checks the foreground window periodically. If the title of the foreground window is one of the following:
e-gold Account Access
PayPal
Welcome to Citi
GoldMoney.com
E-Bullion
Evocash the Internet currency
Bank of America
Internet Billing Company
www.4 A B I L L I N G.com
Verotel Billing Solutions
The Trojan will capture the keystrokes.
Saves the keystrokes, as well as the window title and current time, to the file Wini.ini.
Emails the file Wini.ini to the predefined email address.
|
| Signatures:
|
process: mssys.exe: MD5 Hash: ...
process: msdos.exe: MD5 Hash: ...
process: Mssys.exe: MD5 Hash: .. |
| Type: |
Trojan - A Trojan software is any software on a user's computer that the user is not aware or intentionally installed. Most Trojan software is designed to perform some sort of actions that could jeopardize the user's security or privacy. |
