McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

--Update 01/13/2006--
An incorrect identification has been identified with an update to this generic detection with the 4669 and 4670 DATs. This is with a product called BC-Wedge. This incorrect identification has been fixed with the 4671 and later DAT files.
--

This is a generic detection for multiple keyloggers. At the time of writing AVERT are aware of over 150 unique keyloggers that are caught with this detection.

These keyloggers are designed to monitor keystrokes on the users system, and in some cases email the contents of these keystrokes to the hacker. Alternatively they may drop the text onto the local system and a second executable will email or transmit the contents to the remote hacker.

Symptoms

The majority of these keyloggers are designed to run "invisibly" on the affected machine.

Method of Infection

These keyloggers do not replicate. They are installed onto the users system by a variety of methods, including spammed emails containing the troja, visiting links on websites that may install the keylogger via an exploit in the browser, or additionally by being installed by other malware.

Removal

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Characteristics -

--Update 01/13/2006--
An incorrect identification has been identified with an update to this generic detection with the 4669 and 4670 DATs. This is with a product called BC-Wedge. This incorrect identification has been fixed with the 4671 and later DAT files.
--

This is a generic detection for multiple keyloggers. At the time of writing AVERT are aware of over 150 unique keyloggers that are caught with this detection.

These keyloggers are designed to monitor keystrokes on the users system, and in some cases email the contents of these keystrokes to the hacker. Alternatively they may drop the text onto the local system and a second executable will email or transmit the contents to the remote hacker.

Symptoms

Symptoms -

The majority of these keyloggers are designed to run "invisibly" on the affected machine.

Method of Infection

Method of Infection -

These keyloggers do not replicate. They are installed onto the users system by a variety of methods, including spammed emails containing the troja, visiting links on websites that may install the keylogger via an exploit in the browser, or additionally by being installed by other malware.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Variants

Variants -

N/A