Troj/Goldun-EH

Category: Viruses and Spyware Protection available since:02 Nov 2006 00:00:00 (GMT)
Type: Trojan Last Updated:02 Nov 2006 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Goldun-EH is a Trojan for the Windows platform.

Troj/Goldun-EH attempts to steal data from the victim computer and also monitors browser sessions in order to steal credentials entered during access to online payment systems. Troj/Goldun-EH is a Trojan for the Windows platform.

Troj/Goldun-EH attempts to steal data from the victim computer and also monitors browser sessions in order to steal credentials entered during access to online payment systems.

When Troj/Goldun-EH is run, the following files are dropped:

<system>\CsdDriver.sys
<system>\MemMan.dll

These are both detected as Troj/Goldun-EH.

The following Registry entry is set to load the dropped MemMan.dll:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
MemMan
(523455e4-abcd-abcd-1114-d709add3ddab)

Configuration data is stored within the following Registry entries:

HKCU\Software\Microsoft\Wwindows\CurrentVersion\Internet
xpup

HKCU\Software\Microsoft\Wwindows\CurrentVersion\Internet
xver

The dropped CsdDriver.sys is installed as a service. Once started, it attempts to stealth the presence of the dropped MemMan.dll file and its associated Registry entries.

Troj/Goldun-EH also contains instructions to download and execute files from a remote server.

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy