FANDOM


Trojan.Win32.Scar.dgje is a Microsoft Windows trojan which will attempt to steal passwords for multiple sites, it will also go to multiple lengths to prevent removal. This trojan was writen in Delphi.

Installation

Once the user has installed the file, it will copy itself into the AppData folder. It will also add a startup key to the System Registry. The trojan will constantly attempt to maintain this key, and will restore it when needed.

Payload

The trojan will prevent the booting into safe mode by deleting the "HKLM\System\ControlSet001\Control\SafeBoot" key branch. The virus will now attempt to steal usernames and passwords for various services via these programs:

  • WS FTP
  • CuteFTP
  • Total Commander
  • FileZilla
  • FTP Commander
  • Mozilla Thunderbird
  • The Bat!
  • Pidgin
  • ICQ
  • QIP
  • Miranda

It will also extract data from the following files:

  •  %WinDir%\VD3User.dat
  •  %WinDir%\Vd3main.dat
  •  %WinDir%\win.ini
  •  %UserProfile%\My Documents\*.rdp

It will then transfer the gathered data to the virus author. The trojan will also randomly download files from multiple IP addresses.

Aliases

  • Kaspersky: Trojan.Win32.Agent2.cosd; Trojan.Win32.Pasmu.gv

Sources

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.