Honyak
July 30th, 2006, 03:47 PM
Received this warning from DrWeb just now.
Beware of Trojan.PWS.LDPinch.1061 and take care of your passwords
July 28, 2006
Virus monitoring service of Doctor Web, Ltd. informs on a new
modification
of a Trojan program propagated via ICQ, classified by Dr.Web as
Trojan.PWS.LDPinch.1061. A received message invites a user to have a
look
at a "funny flash" and the link where this "flash is stored. The
downloaded file (oPreved.exe) has an icon of a flash movie, but is a
password-stealing Troj.
Description
When oPreved.exe is run (The file size is 354 304 bytes. It is detected
by
Dr.Web Anti-virus as Trojan.PWS.LDPinch.1061), the following files are
created:
%System%\Expllorer.exe (223 392 bytes detected by Dr.Web Anti-virus as
Win32.HLLW.MyBot)
\%windir%\temp\xer.exe (223 392 bytes detected by Dr.Web Anti-virus as
Win32.HLLW.MyBot)
temporary file C:\a.bat
Expllorer.exe creates the following keys in the system registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
"Shel"=Expllorer.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
"Shel"=Expllorer.exe
The passwords are being stolen via script at hxxp://220web.ru. All
passwords are being collected from the system — icq, ftp,
mailservices,
dialup, trilian, miranda, etc.
Trojan.PWS.LDPinch tries to evade firewalls – both inbuilt into OS
and
those of independent developers.
Doctor Web, Ltd. calls all users to never open links received in ICQ
messages from unknown addressees. If your computer has been infected
with
Trojan.PWS.LDPinch, we recommend to disconnect the computer from the
local
network and\or Internet and scan it with Dr.Web®. You can also check
your
computer for free and cure it, if necessary, with Dr.Web CureIt!.
IMPORTANT! Change all passwords in your computer.
Beware of Trojan.PWS.LDPinch.1061 and take care of your passwords
July 28, 2006
Virus monitoring service of Doctor Web, Ltd. informs on a new
modification
of a Trojan program propagated via ICQ, classified by Dr.Web as
Trojan.PWS.LDPinch.1061. A received message invites a user to have a
look
at a "funny flash" and the link where this "flash is stored. The
downloaded file (oPreved.exe) has an icon of a flash movie, but is a
password-stealing Troj.
Description
When oPreved.exe is run (The file size is 354 304 bytes. It is detected
by
Dr.Web Anti-virus as Trojan.PWS.LDPinch.1061), the following files are
created:
%System%\Expllorer.exe (223 392 bytes detected by Dr.Web Anti-virus as
Win32.HLLW.MyBot)
\%windir%\temp\xer.exe (223 392 bytes detected by Dr.Web Anti-virus as
Win32.HLLW.MyBot)
temporary file C:\a.bat
Expllorer.exe creates the following keys in the system registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
"Shel"=Expllorer.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
"Shel"=Expllorer.exe
The passwords are being stolen via script at hxxp://220web.ru. All
passwords are being collected from the system — icq, ftp,
mailservices,
dialup, trilian, miranda, etc.
Trojan.PWS.LDPinch tries to evade firewalls – both inbuilt into OS
and
those of independent developers.
Doctor Web, Ltd. calls all users to never open links received in ICQ
messages from unknown addressees. If your computer has been infected
with
Trojan.PWS.LDPinch, we recommend to disconnect the computer from the
local
network and\or Internet and scan it with Dr.Web®. You can also check
your
computer for free and cure it, if necessary, with Dr.Web CureIt!.
IMPORTANT! Change all passwords in your computer.