Troj/Brogger-A

Aliases	Trojan-Spy.Win32.Agent.du TSPY_BROGGER.A
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Windows
Characteristics	Installs itself in the registry
Protection available since	6 October 2005 17:37:07 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing Trojans.

More Information

Summary
Action
More Information

Troj/Brogger-A is a password stealing Trojan for the Windows platform.

Troj/Brogger-A targets the customers of certain Brazilian online banking websites. The Trojan monitors browser usage and logs any account details entered, and may display fake user interfaces and record any entered details.

When first run, Troj/Brogger-A creates trhe following files:

<System>\dlldpoll.dll
<System>\jsario.dsw
<System>\sdxsys32.exe
<System>\sdxsys32.dll

dlldpoll.dll is a clean DLL, and can safely be removed. jsario.dsw is a clean data file, and can also safely be deleted.

sdxsys32.exe and sdxsys32.dll are detected as Troj/Brogger-A.

The following registry entry is set so Troj/Brogger-A will be run when an infected system starts:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
sdxsys32
<System>\sdxsys32.exe

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Troj/Brogger-A

Summary

Action

More Information