Troj/Slsorve-E

Aliases	Trojan-PSW.Win32.Lmir.ajk
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Windows
Characteristics	Installs itself in the registry
Included in our products from	November 2005 (3.99)
Protection available since	17 September 2005 14:39:08 (GMT)
Detected by	All Sophos products

Action

Summary
Action
More Information

Please follow the instructions for removing Trojans.

More Information

Summary
Action
More Information

Troj/Slsorve-E is an information stealing Trojan for the Windows platform.

Troj/Slsorve-E collects online game related information and submits it to a predefined website. The Trojan also terminates anti-virus related processes.

When first run Troj/Slsorve-E copies itself to System folder as msm32.exe and creates the following files:

<CurrentFolder>\dela.bat
<System>\vbarun.dll

dela.dat is a harmless bat file.
vbarun.dll is a harmless text file.

The following registry entry is created to run msm32.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
27
<System>\msm32.exe

The Trojan terminates the following processes:

assistse.exe
ccapp.exe
ccsetmgr.exe
defwatch.exe
dfvsnet.exe
eghost.exe
iparmor.exe
kav32.exe
kavpfw.exe
kavplus.exe
kavstart.exe
kavsvc.exe
kavsvcui.exe
kpfwsvc.exe
kpopmon.exe
kvapfw.exe
kvcenter.kxp
kvfw.exe
kvmonxp.kxp
kvsrvxp.exe
kvxp.kxp
kwatch.exe
kwatchui.exe
mailmon.exe
navw32.exe
netbargp.exe
nmain.exe
passwordguard.exe
pfw.exe
ravmon.exe
ravtimer.exe
rfw.exe
rtvscan.exe
teregpct.exe
vptray.exe

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Troj/Slsorve-E

Summary

Action

More Information