Threat Information for "Trojan.PWS.Narod"

StopSign will automatically remove this infection with a paid membership.

• Name: Trojan.PWS.Narod
• Aliases:
• Date Discovered: 2006-10-30
• Protection Added: 2006-11-02

-- Ease of Removal

1: Uses running processes
2: Consistently named
3: Consistent file contents
4: Creates new registry entries with consistent data

-- Privacy Risks/Security Changes

1: Mimics legitimate file names
2: Transmits personal data to remote computers
3: Harvests personal data
4: Captures financial information

-- Damage/Intrusion/Annoyance

1: Creates new files

-- Propagation/Saturation

1: Infects from a link in an email
2: Infects from an email attachment

• Added Directory/File:
  FilePath: %SYSTEMDIR%\systemie.dll
• Added Directory/File:
  FilePath: %SYSTEMDIR%\sysie.dll
• Added Directory/File:
  FilePath: %SYSTEMDIR%\systemie.exe
• Added Directory/File:
  FilePath: %SYSTEMDIR%\systemie.dat
• Added Registry Key:
  Key: HKCR\CLSID\{C4330222-CEED-4DD6-831B-FE0F8F75F501}
• Added Registry Key:
  Key: HKLM\SOFTWARE\Classes\CLSID\{C4330222-CEED-4DD6-831B-FE0F8F75F501}
• Added Registry Value:
  Key: HKLM\%CURRENTVERSIONREG%\ShellServiceObjectDelayLoad Value: systemie
• Added Registry Data:
  Key: HKCR\CLSID\*\InProcServer32 Value: [RANDOM VALUE] Data: sysie.dll
• Added Registry Data:
  Key: HKLM\SOFTWARE\Classes\CLSID\*\InProcServer32 Value: [RANDOM VALUE] Data: sysie.dll