high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 7 June 2005 13:08:00 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
Change any data that may have become compromised.
Windows NT/2000/XP/2003
In Windows NT/2000/XP/2003 you will also need to edit the following registry entry for each user who ran the virus. The removal of this entry is optional in Windows 95/98/Me. Please read the warning about editing the registry.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export Range' panel, click 'All', then save your registry as Backup.
Each user has a registry area named HKEY_USERS\[code number indicating user]\. For each user locate the entry:
HKU\[code number]\Software\Microsoft\Windows\CurrentVersion\Run\
System
<Windows>\svchost.exe
and delete it if it exists.
Close the registry editor.
More Information
Troj/LdPinch-BD is a password-stealing Trojan for the Windows platform.
The Trojan may display an animated GIF image showing a lion and displaying the following text:
"You are the king today! Hope U have a R-O-A-R-I-N-G time on your Birthday!"
Troj/LdPinch-BD steals information, including passwords, from various applications. Information stolen may include:
computer details (OS version, memory, CPU etc.)
available drives (drive letter, type and free space)
hostname and IP address
Windows folder volume information
Passwords and confidential information from 'Protected Storage'
POP3 and IMAP server information, usernames and passwords
FTP usernames and passwords
RAS dial-up settings
The Trojan may steal information relating to applications including the following:
Mirabilis ICQ
Opera
CuteFTP
WS_FTP
Windows Commander
Total Commander
The Trojan attempts to download and run further malicious code. Troj/LdPinch-BD is a password-stealing Trojan for the Windows platform.
The Trojan may display an animated GIF image showing a lion and displaying the following text:
"You are the king today! Hope U have a R-O-A-R-I-N-G time on your Birthday!"
Troj/LdPinch-BD steals information, including passwords, from various applications. Information stolen may include:
computer details (OS version, memory, CPU etc.)
available drives (drive letter, type and free space)
hostname and IP address
Windows folder volume information
Passwords and confidential information from 'Protected Storage'
POP3 and IMAP server information, usernames and passwords
FTP usernames and passwords
RAS dial-up settings
The Trojan may steal information relating to applications including the following:
Mirabilis ICQ
Opera
CuteFTP
WS_FTP
Windows Commander
Total Commander
The Trojan attempts to download and run further malicious code.
When first run Troj/LdPinch-BD copies itself to <Windows>\svchost.exe.
The following registry entry is created to run svchost.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
System
<Windows>\svchost.exe
Stolen information is stored in a file C:\pass.bin and sent to a remote website.
|
