Sophos

Troj/LegMir-JB

Aliases
  • Trojan-PSW.Win32.Lineage.bp
Category
Type
What to do
Prevalence low high

Summary

 
Affected operating systems Windows
Characteristics
  • Installs itself in the registry
Protection available since 18 September 2005 15:30:09 (GMT)
Detected by All Sophos products
Download Free virus scan
Download the Threat Detection Test
  • Free virus, spyware, and adware scan
  • Test your existing anti-virus protection
  • Find threats your anti-virus missed

Action

More Information

Troj/LegMir-JB is a Trojan for the windows platform.

The Trojan attempts to steal information (eg passwords) entered into the windows of other applications (eg FSOnline). The target file for stolen information is C:\gamesfs.txt. The Trojan then attempts to email this file to a remote location. Troj/LegMir-JB is a Trojan for the windows platform.

The Trojan attempts to steal information (eg passwords) entered into the windows of other applications (eg FSOnline). The target file for stolen information is C:\gamesfs.txt. The Trojan then attempts to email this file to a remote location.

When first run Troj/LegMir-JB copies itself to <Windows>\inf\rundll32.exe and creates the file <System>\fsdll.dll.

The following registry entry is created to run rundll32.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
loadMefs
<Windows>\inf\rundll32.exe

Troj/LegMir-JB attempts to terminate and uninstall the following anti-virus and security processes:

PasswordGuard.exe
RavMon.exe
ZoneAlarm
eghost.exe
iparmor.exe
kavpfw.exe
mailmon.exe

RSS|Atom
Get reports about the latest virus and spyware threats delivered to your computer