|
Description:
This memory-resident Trojan usually arrives as the dropped file of another malware. It may also be manually installed by the user.
Upon execution, it checks if the following site is accessible:
Thinstallbetterinternet.com
If the said URL is accessible, it proceeds to gather the following system information:
- AOL (whether installed or not on the system)
- Default browser
- Installation ID
- Internet Explorer (IE) version
- List of running processes
- Machine ID
- Malware file name
- Operating system (OS) type and version
- Type of Internet connection
- User rights
It also obtains several registry keys.
It places the gathered information in a .XML file. It then sends the file to the previously mentioned Web site via HTTP POST protocol.
This Trojan runs on Windows 95, 98, ME, NT, 2000 and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Aug. 4, 2004 8:53:11 AM GMT -0800
Description updated: Aug. 4, 2004 9:21:10 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
