Sophos

Troj/Padodor-U

Aliases
  • PWSteal.Tarno
Category
Type
What to do
Prevalence low high

Summary

 
Affected operating systems Windows
Characteristics
  • Drops more malware
Protection available since 20 January 2005 14:21:24 (GMT)
Detected by All Sophos products
Download Free virus scan
Download the Threat Detection Test
  • Free virus, spyware, and adware scan
  • Test your existing anti-virus protection
  • Find threats your anti-virus missed

Action

More Information

Troj/Padodor-U is a password stealing Trojan.

When first run, Troj/Padodor-U will copy itself to the Windows System folder as SYSTEMIL.EXE. The Trojan will also create a copy of itself as IL.DAT.

Troj/Padodor-U will drop the files SYSIE.DLL and SYSIL.DLL. These files are detected as Troj/Padodor-N.

In order to run the Trojan automatically on startup, Troj/Padodor-U will set the following registry entries:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
ShellServiceObjectDelayLoad
systemil(Random CLSID)

HKCR\CLSID\(Random CLSID)\InProcServer32
(Default)
sysil.dll

Troj/Padodor-U monitors access to banking websites in order to steal username and password information.

RSS|Atom
Get reports about the latest virus and spyware threats delivered to your computer