Home / malware Trojan.PWS.Kurz.A
First posted on 21 November 2011.
Source: BitDefenderAliases :
There are no other names known for Trojan.PWS.Kurz.A.
Explanation :
Trojan.PWS.Kurz.A is a password stealing program, meant to steal valuable in formations from the host computer like the Microsoft Windows Product ID CD Key or the Microsoft Windows XP CD Key.
It comes bundeled with some hacktool like a keygen or Yahoo! Hack utility.
The program hides himself under the name cmd32.exe or cmd_32.exe or boath in C:Windowssystem32 folder and sets himself to be run at startup.
The infection occurs when the host executes the bundled program. This drops the password stealer and sets the registry keys.
After infection, the program forces the deletetion of all the files with the extensions *.jpg, *.jpeg, *.bmp, *.xml, *.xsl, *.pst, *.doc, *.xls, *.ppt, *.txt, *.mp3, *.wav, *.mp4, *.avi, *.mpg, *.mpeg, *.wmv, *.iso, *.nrg, *.ccd, *.bin, and *.dll from C: and D: drives all it’s subdirectories through a *.bat file caught by BitDefender as Trojan.BAT.AAAH. It then sends a command to the system to shutdown. After restart, Trojan.PWS.Kurz.A starts in the background gathering information and sending them by email to [removed]z24@gmx.de.Last update 21 November 2011