Mal/Paymilon-A

Aliases	TR/Spy.Gen TR/Hijacker.Gen PWS:Win32/Paymilon.A Infostealer
Category	Viruses and Spyware
Type	Malicious Behavior
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Windows
Characteristics	Installs itself in the registry
Protection available since	23 July 2009 06:04:25 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Your options

Please send us a sample to assist in improving our technology
Use the instructions for removing generically detected files to delete the file from your computer
If problems persist, contact Sophos support for assistance with removal

More Information

Summary
Action
More Information

Mal/Paymilon-A is a malicious file for the Windows files.

Mal/Paymilon-A typically steals password information and acts as a keylogger.

When Mal/Paymilon-A is installed, some of the following files may be created:

<System>\UsrClassEx.exe
<System>\UsrClassEx.exe.reg
<System>\kklog
<Temp>\doc.exe
<Temp>\make.exe

The files make.exe, doc.exe and UsrClassEx.exe are also detected as Mal/Paymilon-A. The file UsrClassEx.Exe.reg is a clean registry file. The file kklog is a clean log of stolen data.

The following registry entry is created to run UsrClassEx.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
UsrClassEx
<System>\UsrClassEx.exe

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Sophos blogs

Mal/Paymilon-A

Summary

Action

Your options

More Information