Troj/LegMir-JB

Category: Viruses and Spyware
Type: Trojan
Prevalence: No Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/LegMir-JB is a Trojan for the windows platform.

The Trojan attempts to steal information (eg passwords) entered into the windows of other applications (eg FSOnline). The target file for stolen information is C:\gamesfs.txt. The Trojan then attempts to email this file to a remote location. Troj/LegMir-JB is a Trojan for the windows platform.

The Trojan attempts to steal information (eg passwords) entered into the windows of other applications (eg FSOnline). The target file for stolen information is C:\gamesfs.txt. The Trojan then attempts to email this file to a remote location.

When first run Troj/LegMir-JB copies itself to <Windows>\inf\rundll32.exe and creates the file <System>\fsdll.dll.

The following registry entry is created to run rundll32.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
loadMefs
<Windows>\inf\rundll32.exe

Troj/LegMir-JB attempts to terminate and uninstall the following anti-virus and security processes:

PasswordGuard.exe
RavMon.exe
ZoneAlarm
eghost.exe
iparmor.exe
kavpfw.exe
mailmon.exe

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy