Warning from DrWeb

Discussion in 'other anti-virus software' started by Honyak, Jul 30, 2006.

Thread Status:
Not open for further replies.
  1. Honyak

    Honyak Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    346
    Location:
    Deep South
    Received this warning from DrWeb just now.

    Beware of Trojan.PWS.LDPinch.1061 and take care of your passwords
    July 28, 2006

    Virus monitoring service of Doctor Web, Ltd. informs on a new
    modification
    of a Trojan program propagated via ICQ, classified by Dr.Web as
    Trojan.PWS.LDPinch.1061. A received message invites a user to have a
    look
    at a "funny flash" and the link where this "flash is stored. The
    downloaded file (oPreved.exe) has an icon of a flash movie, but is a
    password-stealing Troj.

    Description


    When oPreved.exe is run (The file size is 354 304 bytes. It is detected
    by
    Dr.Web Anti-virus as Trojan.PWS.LDPinch.1061), the following files are
    created:
    %System%\Expllorer.exe (223 392 bytes detected by Dr.Web Anti-virus as
    Win32.HLLW.MyBot)
    \%windir%\temp\xer.exe (223 392 bytes detected by Dr.Web Anti-virus as
    Win32.HLLW.MyBot)
    temporary file C:\a.bat


    Expllorer.exe creates the following keys in the system registry:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    "Shel"=Expllorer.exe


    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
    "Shel"=Expllorer.exe



    The passwords are being stolen via script at hxxp://220web.ru. All
    passwords are being collected from the system — icq, ftp,
    mailservices,
    dialup, trilian, miranda, etc.


    Trojan.PWS.LDPinch tries to evade firewalls – both inbuilt into OS
    and
    those of independent developers.

    Doctor Web, Ltd. calls all users to never open links received in ICQ
    messages from unknown addressees. If your computer has been infected
    with
    Trojan.PWS.LDPinch, we recommend to disconnect the computer from the
    local
    network and\or Internet and scan it with Dr.Web®. You can also check
    your
    computer for free and cure it, if necessary, with Dr.Web CureIt!.

    IMPORTANT! Change all passwords in your computer.
     
  2. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    The link where this trojan was stored, was: ~snipped....dead or not....Please do not post possible links to malware IAW our TOS....Bubba~(link is dead now)

    So be aware, if you downloaded a file from here.
     
    Last edited by a moderator: Jul 31, 2006
Loading...
Thread Status:
Not open for further replies.