Saturday, March 17, 2007

Troj/Singu-AQ Spyware Trojan

Name Troj/Singu-AQ
Type Spyware Trojan
Affected operating systems Windows
Side effects Steals information, Records keystrokes, Installs itself in the Registry, Installs a browser helper object

Troj/Singu-AQ is a password-stealing Trojan for the Windows platform.

When first run, Troj/Singu-AQ copies itself to \gdien32.exe and creates the following files:

\lmrtend.dll
\shlapi.dll

lmrtend.dll is also detected as Troj/Singu-AQ
shlapi.dll contains logged keypresses

The Trojan creates the following registry entries in order to be run automatically:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
gdien32
\gdien32.exe

lmrtend.dll is installed as a BHO (browser helper object).

Labels: , ,

posted by Xnet Solutions : Troj/Singu-AQ Spyware Trojan