Troj/Tofger-AI

Category: Viruses and Spyware
Type: Trojan
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Tofger-AI is a password-stealing Trojan.

Troj/Tofger-AI will drop a DLL named BIGONT.DLL to the Windows system folder. This DLL is also detected as Troj/Tofger-AI. The Trojan will then register the DLL as a Browser Help Object and text filter protocol. In particular, the following registry entries will be created:

HKCR\CLSID\(B72F75B8-93F3-429D-B13E-660B206D897A)\InProcServer32
(default)
%SYSTEM%\bigont.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Browser Helper Objects\(B72F75B8-93F3-429D-B13E-660B206D897A)

HKCR\PROTOCOLS\Filter\text/html
CLSID
(B72F75B8-93F3-429D-B13E-660B206D897A)

HKCR\PROTOCOLS\Filter\text/plain
CLSID
(B72F75B8-93F3-429D-B13E-660B206D897A)

At the time of writing, Troj/Tofger-AI will attempt to download and run a password stealing Trojan, detected as Troj/PWS-CE.

Troj/Tofger-AI will log key presses and periodically send the keylogs and stolen passwords to a Russian website.

Troj/Tofger-AI may then attempt to download further files. At the time of writing, these files were unavailable.