high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 20 January 2006 08:58:29 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Brospy-K is a Trojan for the Windows platform.
Troj/Brospy-K monitors browser activity, and attempts to steal passwords that are cached or in protected storgae, and email usernames and passwords. The Trojan includes functionality to access the internet and communicate with a remote server via HTTP. Troj/Brospy-K is a Trojan for the Windows platform.
Troj/Brospy-K monitors browser activity, and attempts to steal passwords that are cached or in protected storgae, and email usernames and passwords. The Trojan includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Brospy-K is installed it creates the file <System>\msnscps.dll, also detected as Troj/Brospy-K.
The file msnscps.dll is registered as a Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry entries under:
HKCR\CLSID\(78364D99-A640-4ddf-B91A-67EFF8373045)\
InprocServer32
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\List
<path to Internet Explorer>
<path to Internet Explorer>:*:Enabled:Internet Explorer
The following registry entry is set:
HKCU\Software\Microsoft\Internet Explorer\Main
Enable Browser Extensions
yes
Registry entries are created under:
HKLM\SOFTWARE\Windows\
|
