high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | February 2007 (4.14) |
| Protection available since | 2 November 2006 14:32:09 (GMT) |
| Last updated | 12 December 2006 07:22:36 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Goldun-EH is a Trojan for the Windows platform.
Troj/Goldun-EH attempts to steal data from the victim computer and also monitors browser sessions in order to steal credentials entered during access to online payment systems. Troj/Goldun-EH is a Trojan for the Windows platform.
Troj/Goldun-EH attempts to steal data from the victim computer and also monitors browser sessions in order to steal credentials entered during access to online payment systems.
When Troj/Goldun-EH is run, the following files are dropped:
<system>\CsdDriver.sys
<system>\MemMan.dll
These are both detected as Troj/Goldun-EH.
The following Registry entry is set to load the dropped MemMan.dll:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
MemMan
(523455e4-abcd-abcd-1114-d709add3ddab)
Configuration data is stored within the following Registry entries:
HKCU\Software\Microsoft\Wwindows\CurrentVersion\Internet
xpup
HKCU\Software\Microsoft\Wwindows\CurrentVersion\Internet
xver
The dropped CsdDriver.sys is installed as a service. Once started, it attempts to stealth the presence of the dropped MemMan.dll file and its associated Registry entries.
Troj/Goldun-EH also contains instructions to download and execute files from a remote server.
|
