Virus:Trojan-Spy.Win32.BZub.arOther versions: .ji , .jj
This Trojan spy program harvests confidential information. It is designed to steal a range of confidential information. This Trojan is a Windows DLL file. The file is approximately 50KB in size. It is packed using UPX. The unpacked file is approximately 141KB in size. InstallationThis Trojan will be installed on the victim machine by another Trojan program. The Trojan will be installed as a Browser Helper Object . It tracks Internet activity when the user views sites using Microsoft Internet Explorer.
The Trojan harvests data entered on the www.postbank.de site. This data will sent in a request to the remote malicious user's site, together with the URL of the page where the data was entered. The Trojan also harvests parameters for Microsoft Outlook accounts. It reads the following registry subkey [HKCU\Software\Microsoft\Internet Account Manager\Accounts] and harvests data from the following parameters: Mail User NaMeMail Password2 This harvested data will be sent to the remote malicious user by email. The Trojan will also send information about the operating system version and IP address of the victim machine to the remote malicious user. The Trojan is able to download files via the Internet from links on the remote malicious user's site. These files will then be launched for execution on the victim machine. In addition to this, the Trojan can be commanded by the remote malicious user to delete all files from %WinDir% and %Program Files%, as well as from the C: root directory. It will then shut down the system.
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
|
|||||||||||