high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | February 2006 (4.02) |
| Protection available since | 2 January 2006 06:40:24 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Horst-C is a keylogging Trojan for the Windows platform.
When run Troj/Horst-C may display a fake error message box with the title "Version" and the message "Software incompatibility occured! Please download another version." Troj/Horst-C is a keylogging Trojan for the Windows platform.
When run Troj/Horst-C may display a fake error message box with the title "Version" and the message "Software incompatibility occured! Please download another version."
When Troj/Horst-C is installed the following files are created:
<System>\hookreg.dll
<System>\ks.dll
<System>\wsock32.exe
The files hookreg.dll, ks.dll and wsock32.exe are also detected as Troj/Horst-C.
wsock32.exe is a keylogger Trojan which when run periodically steals information and sends the stolen information out via SMTP (port 25) to a remote address. The files hookreg.dll and ks.dll are helper DLL components used to provide keylogging functionality.
Troj/Horst-C may also create the files C:\payload.dat and <System>\verify.dat. These files can be safely deleted.
The following registry entry is created to run wsock32.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
wsock32
<System>\wsock32.exe
|
