Troj/LDPinch-Y

Aliases	Trojan.PSW.LdPinch.gen
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


Affected operating systems	Windows
Characteristics	Drops more malware Installs itself in the registry
Included in our products from	December 2004 (3.88)
Protection available since	12 October 2004 10:21:48 (GMT)
Last updated	16 October 2004 09:28:46 (GMT)
Detected by	All Sophos products

Troj/LDPinch-Y is a password-stealing Trojan.

When first run the Trojan creates the following files in the Windows folder:

lmp_klib.dll - a keylogging DLL,detected as Troj/LDPinch-EZ
65970136509315650916 - harmless
schwoch.exe - a copy of the Trojan

Troj/LDPinch-Y will create the following registry entry to ensure it is run on Windows login:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
TaskMrg = C:\WINDOWS\schwoch.exe

Troj/LDPinch-Y records keystrokes and periodically submits the logs to the author by sending them to a preconfigured webserver.

The Trojan also searches the registry for passwords used by the following applications:

mICQ
The Bat!
miranda
Trillian
Total Commander
Windows Commander
Far FTP
Internet Account Manager

Get reports about the latest virus and spyware threats delivered to your computer