high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 21 December 2005 10:11:10 (GMT) |
| Detected by | All Sophos products |
Sophos beta program
- Endpoint Security and Control 9.0
- Small business solutions 4.0
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/LegMir-CG is a pasword stealing Trojan for the Windows platform.
When run, Troj/LegMir-CG copies itself to <System>\winbery.exe and creates the following files:
<System>\GroupPolicy\Machine\Scripts\scripts.ini
<Windows>\vbarun.dll
The files scripts.ini and vbarun.dll can be safely deleted.
When run, Troj/LegMir-CG sets the following registry entry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
KernelCheck
<System>\winbery.exe
Troj/LegMir-CG may terminate processes related to the following file names:
apvxdwin.exe
assistse.exe
avengine.exe
avp.exe
ccapp.exe
ccenter.exe
ccevtmgr.exe
ccsetmgr.exe
defwatch.exe
filmsg.exe
frogagent.exe
fygtcleaner.exe
iparmor.exe
isafe.exe
kav.exe
kavpfw.exe
kavstart.exe
kavsvc.exe
kmailmon.exe
kpfwsvc.exe
kregex.exe
kvmonxp.kxp
kvsrvxp.exe
kvxp.kxp
kwatch.exe
mantispm.exe
mcdetect.exe
mcmnhdlr.exe
mcshield.exe
mcvsescn.exe
pavprsrv.exe
pavprsrv.exe
pavsrv51.exe
pccguide.exe
pcclient.exe
pcctlcom.exe
psimsvc.exe
ravmon.exe
ravmond.exe
rfwmain.exe
rfwsrv.exe
rtvscan.exe
srvload.exe
tmntsrv.exe
tmpfw.exe
tmproxy.exe
tpsrv.exe
trojanwall.exe
trojdie.kxp
vsmon.exe
webproxy.exe
xfilter.exe
zlclient.exe
Troj/LegMir-CG may terminate services related to the following names:
AVP
CAISafe
kavsvc
KPfwSvc
KVSrvXP
KVWSC
KWatchSvc
McDetect.exe
McTskshd.exe
PAVFNSVR
PavPrSrv
PAVSRV
PcCtlCom
pmshellsrv
PNMSRV
PSIMSVC
RfwService
RsCCenter
RsRavMon
Tmntsrv
TmPfw
tmproxy
TPSrv
vsmon
|
