Full
Name: |
Srv.SSA-KeyLogger |
Type: |
Trojan |
Also Known As: |
Backdoor-CCT(Mcafee)
TrojanSpy.Win32.Dumarin.g
Backdoor.Nibu.E
Winldra |
Danger Level: |
10 |
Category Description: |
Trojans are malicious applications that pose themselves as legitimate software in order to trick users to install them. Once on the victim's machine, it may run any number of malicious process to steal vital information or inflict damage to other software. |
Official Description: |
Logs keystrokes and captures data from the windows clipboard, cached passwords,information from windows protected storage area and tries to steal Internet and mail account passwords and usernames.
Attempts to log finiancial and other information using the window titles containing the following strings:
Storm
e-metal
Money
money
WM Keeper
Keeper
Fethard
fethard
PayPal
invest
casino
bookmak
member
Invest
Casino
Bookmak
Member
login
Login
Changes the behaviour of Internet Explorer and Windows Explorer and opens up a random listening port for remote access.
Sets mappings in the windows host file to prevent access to Anti-virus and security sites.
127.0.0.1 www.trendmicro.com
127.0.0.1 trendmicro.com
127.0.0.1 rads.mcafee.com
127.0.0.1 customer.symantec.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 updates.symantec.com
127.0.0.1 update.symantec.com
127.0.0.1 www.nai.com
127.0.0.1 nai.com
127.0.0.1 secure.nai.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 download.mcafee.com
127.0.0.1 www.my-etrust.com
127.0.0.1 my-etrust.com
127.0.0.1 mast.mcafee.com
127.0.0.1 ca.com
127.0.0.1 www.ca.com
127.0.0.1 networkassociates.com
127.0.0.1 www.networkassociates.com
127.0.0.1 avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 www.avp.com
127.0.0.1 kaspersky.com
127.0.0.1 www.f-secure.com
127.0.0.1 f-secure.com
127.0.0.1 viruslist.com
127.0.0.1 www.viruslist.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 mcafee.com
127.0.0.1 www.mcafee.com
127.0.0.1 sophos.com
127.0.0.1 www.sophos.com
127.0.0.1 symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 us.mcafee.com/root/
127.0.0.1 www.symantec.com |
|
|
Properties: |
|
Manual Removal: |
Do a full scan with X-Cleaner or Regblock and then browse to the windows directory and delete the files prntk.log, prntc.log, netdx.log, progpath.dat, socks.dat, dvp.log if they exist.
Remove the 127.0.0.1 entries that point to an anti-virus or security site in the windows host file. |
Back to the list of products removed by X-Cleaner
|