Troj/Oscor-L

Please follow the instructions for removing Trojans.

Troj/Oscor-L is a Trojan for the Windows platform.

Troj/Oscor-L has the ability to hide itself.

Troj/Oscor-L includes functionality to access the internet and communicate with a remote server via HTTP.

Troj/Oscor-L can steal information from the following:

- Pstore credentials
- Cached passwords
- POP3 credentials
- HTTPmail credentials
- Hotmail credentials
- Auto-complete passwords
- Internet Explorer auto-complete passwords
- MSN Explorer signup credentials
- Outlook and Outlook Express credentials
- Email addresses
- Windows address book
- Key strokes
- Data based on the current window's title bar text

When first run Troj/Oscor-L copies itself to <System>\mssujl.exe and creates the following files:

<System>\drivers\tuhdn.sys - also detected as Troj/Oscor-L
<System>\inlns.dll - detected as Mal/Behav-150
<System>\knmstu.dll - also detected as Troj/Oscor-L
<System>\perfl6381.dbl - detected as Mal/Packer
<System>\thiys.tb_ - detected as Mal/Packer

The following files also dropped by Troj/Oscor-L may simply be deleted:

<System>\shunver.exe - data
<System>\snlish.cpl - text file
<System>\stiven.ax - data
<System>\uhsfe.tlb - text
<System>\wflner.tlb - text

Troj/Oscor-L sets the following registry entries, disabling the automatic startup of other software:

HKLM\SYSTEM\CurrentControlSet\Services\srservice
Start
4