Troj/Goldun-I is a Trojan which attempts to steal E-Gold Account information.
When first run the Trojan drops csrss.dll and photo_show1.jpg into the Windows system folder and creates the following registry entries:
HKCR\CLSID\(92617934-9abc-def0-0fed-fad48c654321)\InProcServer32
@
%SYSTEM%\csrss.dll
HKCR\CLSID\(92617934-9abc-def0-0fed-fad48c654321)\InProcServer32
ThreadingModel
Apartment
HKCR\CLSID\(92617934-9abc-def0-0fed-fad48c654321)
script_patch
http://manvestmarketing.com/1/gold.php
photo_show1.jpg is a mild pornographic image used as a decoy.
The dropped DLL is a Browser Help Object which intercepts internet requests destined for the e-gold site and steals account information, forwarding it to a remote site.