high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | April 2008 (4.28) |
| Protection available since | 7 February 2008 17:14:40 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/LdPinch-RM is a password-stealing Trojan with backdoor functionality.
Troj/LdPinch-RM attempts to steal confidential information and send it to a remote location via HTTP or email.
The information that Troj/LdPinch-RM attempts to gather includes:
- keypresses
- computer details
- drive and volume information
- hostname and IP address
- information (including passwords and usernames) relating to selected applications installed on the computer, including: Miranda ICQ, mirabilis ICQ, The Bat!, Trillian, Windows Commander and Total Commander
- passwords and confidential information stored by the system in 'Protected Storage'
- POP3 and IMAP server information, usernames and passwords
- FTP usernames and passwords
- RAS dial-up settings
Troj/LdPinch-RM provides a backdoor server on a pre-configured port (the default is 2050). A remote intruder will be able to connect to this port and receive command shell access.
Troj/LdPinch-RM can arrive as a result of web browsing. Certain web pages may exploit vulnerabilities associated with Microsoft Internet Explorer to silently download and install/run the Trojan without user interaction.
Troj/LdPinch-RM includes functionality to:
- steal confidential information
- access the internet and communicate with a remote server via HTTP
When Troj/LdPinch-RM is installed the following files are created:
<Temp>\ecografi.mpeg
<Temp>\wmplayer.exe
The file wmplayer.exe is detected as Mal/Basine-C.
|
