Alias:Bitdefender: Trojan.Banker.BZ Dr.Web: Trojan.PWS.GoldSpy Kaspersky: Trojan-Spy.Win32.Goldun.z Sophos: Troj/Banker-BZ
Type:Trojan 
Size:
Origin: 
Date:03-25-2005 
Damage: 
VDF Version:6.30.00.26 
Danger:Low 
Distribution:Low 

General DescriptionAffected Platforms:
* Windows 95
* Windows 98
* Windows ME
* Windows NT
* Windows 2000
* Windows XP
* Windows Server 2003

SymptomsDamage routine
- Steals passwords

Technical DetailsIf TR/Drop.Goldun.AA is executed, it creates the following files:

<%Sysdir%>\msstuber.dll
<%Tempdir%>\delt.bat

and adds the following entries in the Windows Registry:

HKEY_CLASSES_ROOT\CLSID\{92617934-9abc -def0-0fed-fad682644311}
"script0001"=hex:18,b4,49,99,89,91,e1,eb,ac,6c,bf,2f, 4e,aa,19,44,a4,0f,57,05,\
2f,85,96,d4,87,c8,45,12,fc,9c

HKEY_CLASSES_ROOT\CLSID\{92617934-9abc -def0-0fed-fad682644311}\InprocServer32@="<%sysdir%>\\msstuber.dll"
"ThreadingModel"="Apartment"

The file "msstuber.dll" will be loaded due to the changes in the Windows Registry of Internet Explorer. If the user logs on to the site "www.e-cold.com", the trojan is able to spy out the login password.
説明の挿入者 Crony Walker の 2004年6月15日火曜日

戻る . . . .

© 2013 Avira Operations GmbH & Co. KG. All rights reserved.

マイアカウント

https:// このウィンドウは暗号化されています。