Troj/LdPinch-W

Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


Affected operating systems	Windows
Characteristics	Installs itself in the registry
Protection available since	5 October 2004 07:50:37 (GMT)
Last updated	13 May 2005 08:47:52 (GMT)
Detected by	All Sophos products

Sophos beta program
Register now for our latest beta tests

When first run, the Trojan creates the following files in the Windows folder:

csrss.exe - A copy of the Trojan
taskmrg.exe - Another copy of the Trojan
dll.dll - A harmless helper dll
65970136509315650916 - A junk text file

The Trojan creates the following registry entries also:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run TaskMrg=
C:\Windows\csrss.exe

HKCR\CLSID\(42283f3b-8ff1-4b85-bc1f-399ba17d6246)\InProcServer32=
dll.dll

Troj/LdPinch-W records keystrokes and periodically submits the logs to a Russian website using HTTP POST.

The Trojan also searches the registry for passwords used by the following applications:

mICQ
The Bat!
miranda
Trillian
Total Commander
Windows Commander

Get reports about the latest virus and spyware threats delivered to your computer