PWSteal.Senhas

Discussion in 'malware problems & news' started by Randy_Bell, Jan 25, 2003.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Symantec Security Response - PWSteal.Senhas

    PWSteal.Senhas is a UPX-packed, password stealing Trojan that attempts to disguise itself as Macromedia's Flash Player.

    PWSteal.Senhas is written in the Borland Delphi programming language. Because this threat has been modified, UPX cannot unpack it.


    Type: Trojan Horse
    Infection Length: 194,560 bytes
    Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
    Systems Not Affected: Windows 3.x, Macintosh, OS/2, UNIX, Linux

    technical details

    When PWSteal.Senhas is executed, it attempts to connect to a specific FTP server. If it fails to connect, it displays this message:

    http://securityresponse.symantec.com/avcenter/graphics/pwsteal.senhas.1.gif

    Also, if PWSteal.Senhas does connect, it attempts to steal your ICQ number and password and send them to the FTP server.

    removal instructions

    The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.


    • 1. Update the virus definitions.
      2. Run a full system scan and delete all the files detected as PWSteal.Senhas.
     
Thread Status:
Not open for further replies.