Troj/Brospy-K

Category: Viruses and Spyware Protection available since:20 Jan 2006 00:00:00 (GMT)
Type: Trojan Last Updated:20 Jan 2006 00:00:00 (GMT)
Prevalence: No Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Brospy-K is a Trojan for the Windows platform.

Troj/Brospy-K monitors browser activity, and attempts to steal passwords that are cached or in protected storgae, and email usernames and passwords. The Trojan includes functionality to access the internet and communicate with a remote server via HTTP. Troj/Brospy-K is a Trojan for the Windows platform.

Troj/Brospy-K monitors browser activity, and attempts to steal passwords that are cached or in protected storgae, and email usernames and passwords. The Trojan includes functionality to access the internet and communicate with a remote server via HTTP.

When Troj/Brospy-K is installed it creates the file <System>\msnscps.dll, also detected as Troj/Brospy-K.

The file msnscps.dll is registered as a Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry entries under:

HKCR\CLSID\(78364D99-A640-4ddf-B91A-67EFF8373045)\
InprocServer32

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\List
<path to Internet Explorer>
<path to Internet Explorer>:*:Enabled:Internet Explorer

The following registry entry is set:

HKCU\Software\Microsoft\Internet Explorer\Main
Enable Browser Extensions
yes

Registry entries are created under:

HKLM\SOFTWARE\Windows\

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy