McAfee > Theat Center > Virus Detail Page

Overview

This description is meant for many nondescript spyware trojans that have been received by McAfee Avert. The characteristics of such trojans in terms of files created, information logged etc. can differ from one another.

Hence, this is a general description.

Characteristics

When executed, spyware trojans run sliently in the background monitoring the victim's activity on the infected computer and record all or specific pre-defined data.

Recorded information could include the following:

• Instant messenger chat logs
• Information on websites visited
• User names and passwords for instant messenger software or other software
• Screen shots of user's entire desktop taken at regular intervals
• User information for banking related websites and e-commerce websites like paypal
• Information on file & folder activity. This could include information on files created, opened etc
• Emails composed by the victim

The recorded information is usually hidden on the victim's machine, meant for later retrieval.
It can also be uploaded to a pre-determined website or emailed to the attacker, as configured by him/her earlier.

Symptoms

• Presence of startup entries for the trojan, if any, in the registry
• Software based firewall, if any installed on the machine might alert about an unknown program attempting to connect to the internet

Method of Infection

Spyware trojans unlike worms do not self-replicate. They spread manually, often under the premise that they are beneficial or wanted. They can either be stand alone applications meant only for keylogging, or come bundled along with other Trojans/Rootkits.

Installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs.
Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Removal

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This description is meant for many nondescript spyware trojans that have been received by McAfee Avert. The characteristics of such trojans in terms of files created, information logged etc. can differ from one another.

Hence, this is a general description.

Characteristics

Characteristics -

When executed, spyware trojans run sliently in the background monitoring the victim's activity on the infected computer and record all or specific pre-defined data.

Recorded information could include the following:

• Instant messenger chat logs
• Information on websites visited
• User names and passwords for instant messenger software or other software
• Screen shots of user's entire desktop taken at regular intervals
• User information for banking related websites and e-commerce websites like paypal
• Information on file & folder activity. This could include information on files created, opened etc
• Emails composed by the victim

The recorded information is usually hidden on the victim's machine, meant for later retrieval.
It can also be uploaded to a pre-determined website or emailed to the attacker, as configured by him/her earlier.

Symptoms

Symptoms -

• Presence of startup entries for the trojan, if any, in the registry
• Software based firewall, if any installed on the machine might alert about an unknown program attempting to connect to the internet

Method of Infection

Method of Infection -

Spyware trojans unlike worms do not self-replicate. They spread manually, often under the premise that they are beneficial or wanted. They can either be stand alone applications meant only for keylogging, or come bundled along with other Trojans/Rootkits.

Installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs.
Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Removal -

Removal -

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A