Trojaner: Infostealer.Gampass

    • smallframe
      smallframe
      Bronze
      Dabei seit: 15.04.2005 Beiträge: 174
      Meine Firewall hat gerade diesen "Infostealer.Gampass" entdeckt und anschließend anscheinend gleich entfernt.

      Kann ich meiner Firewall da vertrauen oder sollte ich mir sorgen machen, dass da
      doch noch irgendwo was hängengeblieben is?

      Is ne Norton Firewall von 2007 (aber natürlich täglich geupdatet)

      Vielleicht hat ja jemand nen Tip, was ich noch tun kann um zu prüfen ob alles OK is


      Hier mal die Beschreibung meiner Firewall:





      Discovered: November 12, 2006
      Updated: March 16, 2007 7:51:32 AM
      Also Known As: LIneage YI [Computer Associates], Bloodhound.KillAV [Symantec]
      Type: Trojan
      Infection Length: Varies
      Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows Server 2003, Windows 2000

      Once executed, the Trojan may copy itself with a random name in the %Windir% directory.

      It may then drop randomly named DLL files in the %System% directory.

      The Trojan also may end the following processes:

      RavMon.exe
      Ravmond.EXE
      IPARMOR.EXE
      adam.exe
      EGHOST.EXE
      MAILMON.EXE
      KAVPFW.EXE
      FilMsg.exe
      Twister.exe

      Next, it may add a value to one of the following registry subkeys so that it runs every time Windows starts:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

      The Trojan may modify the following registry entries:
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"Hidden" = "2"
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"ShowSuperHidden" = "0"
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDriveTypeAutoRun" = "145"
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL\"CheckedValue" = "0"

      It also may log keystrokes when users log into various online games and send them to a predetermined email address or web site.

      The Trojan may drop the following malware on to the compromised computer:

      Downloader
      Hacktool.Rootkit
  • 3 Antworten