Symantec Security Response - PWSteal.Senhas PWSteal.Senhas is a UPX-packed, password stealing Trojan that attempts to disguise itself as Macromedia's Flash Player. PWSteal.Senhas is written in the Borland Delphi programming language. Because this threat has been modified, UPX cannot unpack it. Type: Trojan Horse Infection Length: 194,560 bytes Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me Systems Not Affected: Windows 3.x, Macintosh, OS/2, UNIX, Linux technical details When PWSteal.Senhas is executed, it attempts to connect to a specific FTP server. If it fails to connect, it displays this message: http://securityresponse.symantec.com/avcenter/graphics/pwsteal.senhas.1.gif Also, if PWSteal.Senhas does connect, it attempts to steal your ICQ number and password and send them to the FTP server. removal instructions The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines. 1. Update the virus definitions. 2. Run a full system scan and delete all the files detected as PWSteal.Senhas.