Troj/PWS-ARZ

Category: Viruses and Spyware Protection available since:27 Jul 2008 15:30:31 (GMT)
Type: Trojan Last Updated:27 Jul 2008 15:30:31 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/PWS-ARZ is a password stealing Trojan for the Windows platform.

Troj/PWS-ARZ can arrive as a result of web browsing. Visiting certain web sites may initiate the download process. Typically the user will be coerced into downloading Troj/PWS-ARZ by a web page popup claiming to offer a free anti-virus product.

When Troj/PWS-ARZ is first run it copies itself to:

<System>\wins\setup\msmgrs.exe

and the following shortcut is created to run msmgrs.exe on startup:

<Startup>\ntdll.lnk

Troj/PWS-ARZ logs key strokes and process information to the following log file:

<System>\wins\syskl32.sys

Troj/PWS-ARZ sets the following registry entry, disabling the automatic startup of the system restore service:

HKLM\SYSTEM\CurrentControlSet\Services\srservice
Start
4

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy