Troj/Brogger-A is a password stealing Trojan for the Windows platform.
Troj/Brogger-A targets the customers of certain Brazilian online banking websites. The Trojan monitors browser usage and logs any account details entered, and may display fake user interfaces and record any entered details.
When first run, Troj/Brogger-A creates trhe following files:
<System>\dlldpoll.dll
<System>\jsario.dsw
<System>\sdxsys32.exe
<System>\sdxsys32.dll
dlldpoll.dll is a clean DLL, and can safely be removed. jsario.dsw is a clean data file, and can also safely be deleted.
sdxsys32.exe and sdxsys32.dll are detected as Troj/Brogger-A.
The following registry entry is set so Troj/Brogger-A will be run when an infected system starts:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
sdxsys32
<System>\sdxsys32.exe