|Detected||Aug 28 2010 12:15 GMT|
|Released||Aug 29 2010 00:17 GMT|
|Published||Oct 25 2010 14:24 GMT|
This Trojan has a malicious payload. It is a Windows .Net application (PE EXE file). It is 5120 bytes in size. It is written in Visual Basic .Net.
Once launched, the Trojan monitors the clipboard and upon detection of the following expressions, which correspond to WebMoney payment system wallets:
R<num1> U<num1> Z<num1> 41001<num2>where <num1> is a random set of 12 numbers, and <num2> is a random set of 9 numbers
It substitutes the found value to the following, respectively:
R5248***0497 U21356***03905 Z35200***35009 41001709***826A
If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:
This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.
This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.