high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Protection available since | 8 December 2005 21:54:13 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Keylog-AU is a configurable keylogging application for the Windows platform.
Troj/Keylog-AU comprises the creator and a configurable server file that is bundled with another specifically chosen in each case executable so once the Trojan executed the server file runs hidden behind an executable it was wrapped with.
When installed Troj/Keylog-AU creates the following files:
<System>\fixapi.exe
<System>\rsn.exe
<System>\hotkey.exe
<System>\rcx<x>.tmp
<System>\<kbdmy>.dll
<Current folder>\<filename>.exe
where <filename> is the name of the file server host was bundled with, <x> is a random number and <kbdmy> is a random set of characters.
All other executables are copies of the server host and the dll is a text file that is not malicious and may safely be deleted.
In order to be able to run automatically at the start up Troj/Keylog-AU creates a service process with the following characteristics:
servicename = mysvc
displayname = "Extra Logs and Alerts"
imagepath = <System>\rsn.exe
The following registry entries are set:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\(CLSID)
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\(CLSID)\
StubPath
<System>\fixapi.exe
Troj/Keylog-AU can log keypresses and send the log files via FTP.
|
