Troj/Progent-P

Category: Viruses and Spyware Protection available since:05 Jan 2006 00:00:00 (GMT)
Type: Trojan Last Updated:05 Jan 2006 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Progent-P is a backdoor Trojan for the Windows platform.

Troj/Progent-P includes functionality to:

- access the internet and communicate with a remote server via HTTP
- steal information and passwords from a number of games and applications
- send notification messages to remote locations
- log key presses Troj/Progent-P is a backdoor Trojan for the Windows platform.

Troj/Progent-P includes functionality to:

- access the internet and communicate with a remote server via HTTP
- steal information and passwords from a number of games and applications
- send notification messages to remote locations
- log key presses

When first run Troj/Progent-P copies itself to <Windows>\qservice.exe and creates the following files:

<Temp>\htmpl.htm
<Windows>\kurlmon.dll
<Windows>\services.dll
<System>\HookApi.dll
<System>\drivers\KeenSense.sys
<System>\drivers\ksdevice.sys

where DLL files are components of the Trojan and the rest are text files that are not malicious on their own and may safely be deleted.

The following registry entry is created to run qservice.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
qservices
<Windows>\qservice.exe

Troj/Progent-P sets the following registry entries, disabling the automatic startup of other software:

HKLM\SYSTEM\CurrentControlSet\Services\srservice
Start
4

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information