Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
In the wild:
Method of propagation:
• No own spreading routine
• Symantec: PWSteal.Flecsip
• Mcafee: Keylog-KSpy.
• Kaspersky: Trojan-Spy.Win32.Agent.fa
• TrendMicro: TROJ_AGENT.VJ
• VirusBuster: TrojanSpy.Agent.RM
Platforms / OS:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Uses its own Email engine
• Records keystrokes
• Steals information
It copies itself to the following location:
The following file is created:
\servms.dll This file contains collected keystrokes.
The following registry key is added in order to run the process after reboot:
It doesn't have its own spreading routine but it has the ability to send an email. It is most likely that the receiver is the author. The characteristics are described below:
The sender of the email is the following:
The recipient of the email is the following:
%random character string%
The contents is the same as in the file: servms.dll
It tries to steal the following information:
• Window information
• Browser window
• Login information
Furthermore it contains the following string:
• coded by Flex[IP] <www.blacklogic.net>
The malware program was written in MS Visual C++.
Description inserted by Sergiu Oprea on Wednesday, August 3, 2005
Description updated by Sergiu Oprea on Tuesday, August 30, 2005