Summary

Summary
Action
More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 5 October 2004 07:50:37 (GMT) |
| Last updated | 13 May 2005 08:47:52 (GMT) |
| Detected by | All Sophos products |
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action

Summary
Action
More Information
Please follow the instructions for removing Trojans.
More Information
When first run, the Trojan creates the following files in the Windows folder:
csrss.exe - A copy of the Trojan
taskmrg.exe - Another copy of the Trojan
dll.dll - A harmless helper dll
65970136509315650916 - A junk text file
The Trojan creates the following registry entries also:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run TaskMrg=
C:\Windows\csrss.exe
HKCR\CLSID\(42283f3b-8ff1-4b85-bc1f-399ba17d6246)\InProcServer32=
dll.dll
Troj/LdPinch-W records keystrokes and periodically submits the logs to a Russian website using HTTP POST.
The Trojan also searches the registry for passwords used by the following applications:
mICQ
The Bat!
miranda
Trillian
Total Commander
Windows Commander
