Jump to content
Posted 24 October 2005 - 01:30 PM
Posted 24 October 2005 - 01:40 PM
Posted 25 October 2005 - 02:02 AM
Troj/Torpig-E is an information stealing Trojan for the Windows platform.
When Troj/Torpig-E is run some or all of the following files are created either in the folder C:\Program Files\Common Files\Microsoft Shared\Web Folders or in the folder <System>\..\temp:
The file ibm00001.exe is detected is Troj/Torpig-D. The file <random>.tmp is a clean data file. All other files are detected as Troj/Torpig-E.
The following registry entry is created to run ibm00001.exe on startup:
<path to ibm00001.exe>
The following registry entry may be created to run ibm00001.exe on startup:
explorer.exe "<path to ibm00001.exe>"
An entry may be added to the file SYSTEM.INI in the "boot" section with a key name of "shell" to attempt to run ibm00001.exe on startup.
The Trojan attempts to steal passwords, as well as logging keypresses and open window titles to text files and periodically sends the collected information to a remote user via HTTP.
Troj/Torpig-E automatically closes security warning messages displayed by common anti-virus and security related applications.
0 members, 0 guests, 0 anonymous users