Troj/Dermon-G

Category: Viruses and SpywareProtection available since:04 Mar 2006 00:00:00 (GMT)
Type: TrojanLast Updated:04 Mar 2006 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Dermon-G is a password stealing Trojan for the Windows platform.

When first run Troj/Dermon-G copies itself to &ltSystem&gt\abrada.exe and creates the following files:

&ltSystem&gt\abrada.dll
&ltSystem&gt\abradaload.dll

&ltSystem&gt\abrada.dll is a remote notification DLL component which sends stolen information to a remote website.

&ltSystem&gt\abradaload.dll is a process injector DLL component which will attempt to inject itself into other processes in order to stealth itself.

Troj/Dermon-G also attempts to create the following files:

&ltSystem&gt\abrada.ini
&ltSystem&gt\abrada.dat

These files may be deleted.

The following registry entries are created to run abrada.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Abrada win32
&ltSystem&gt\abradaload.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Abrada win32
&ltSystem&gt\abradaload.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Abrada win32
&ltSystem&gt\abradaload.dll