Troj/PWS-ABU

Category: Viruses and Spyware Protection available since:04 Oct 2006 00:00:00 (GMT)
Type: Trojan Last Updated:04 Oct 2006 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/PWS-ABU is an information stealing Trojan for the Windows platform.

When run Troj/PWS-ABU creates the following files:

<Windows>\msnmess.exe - detected as Troj/PWS-ABU
<System>\scrrunus.dll - detected as Troj/PWS-ABU
<System>\spoo1sv.exe - detected as Troj/PWS-ABU
<System>\odbcus32.dll - can be safely deleted

The following registry entries are set to run Troj/PWS-ABU on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\RUNONCE
*winsocks
<Windows>\msnmess.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
winsocks
<Windows>\msnmess.exe

HKCR\CLSID\(C6031EC1-7EC9-1AB6-91C3-001111111111)\InprocServer32
ThreadingModel
Apartment

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
(6EC04B6E-1BE2-5BA8-0DA2-8C5B7C5D1E0D)
StubPath
<Windows>\msnmess.exe 2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
*winsocks
<Windows>\msnmess.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
spoo1sv
<System>\spoo1sv.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
winsocks
<Windows>\msnmess.exe

Troj/PWS-ABU includes functionality to:

- log keystrokes and send the information to a remote website

- harvest usernames and passwords from the Internet Account Manager, Foxmail, Eudora, Outlook including HTTP mail, IMAP and POP3 settings

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy