Home / malware Trojan:Win32/Tosy.A
First posted on 29 June 2010.
Source: SecurityHomeAliases :
Trojan:Win32/Tosy.A is also known as Trojan.Win32.Tosy (Ikarus).
Explanation :
Trojan:Win32/Tosy.A is a trojan that may collect sensitive information, such as logon credentials, Web form input data, and cookie data in Internet Explorer.
Top
Trojan:Win32/Tosy.A is a trojan that may collect sensitive information, such as logon credentials, Web form input data, and cookie data in Internet Explorer. Installation Trojan:Win32/Tosy.A is usually present in the computer as: <system folder>\comspol32.ocx Note: <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32. Payload Collects user information Trojan:Win32/Tosy.A may collect logon credentials, Web form input data, and session cookies data from within Internet Explorer. It does these activities by injecting code into IE. It may monitor traffic between the computer and the Web site, when the site address contains the following strings:.hotmail. gawab.com gmail.com live.com mail. maktoob.com rocketmail.com yahoo.co ymail.com Avoids detection Trojan:Win32/Tosy.A may try to avoid being detected by interfering with the following security processes: acs.exe almon.exe alsvc.exe alupdate.exe antihook.exe app_firewall.exe asr.exe authfw.exe avgamsvr.exe avgcc.exe avgemc.exe avgfwsrv.exe avginet.exe avgrssvc.exe avgupsvc.exe avp.exe avpm.exe blink.exe blinkrm.exe blinksvc.exe bootsafe.exe cclaw.exe cdas17.exe cdinstx.exe clamd.exe cmdagent.exe configmgr.exe cpf.exe dcsuserprot.exe df5serv.exe df5serverservice.exe dfadmin6.exe dfservex.exe dfw.exe dvpapi.exe eeyeevnt.exe elogsvc.exe emlproui.exe emlproxy.exe fameh32.exe fch32.exe firewall 2004.exe fpavserver.exe fprottray.exe frzstate.exe frzstate2k.exe fsaua.exe fsav32.exe fsbwsys.exe fsdfwd.exe fsgk32.exe fsgk32st.exe fsguidll.exe fsguiexe.exe fsm32.exe fsma32.exe fsmb32.exe fspc.exe fspex.exe fsqh.exe fsrt.exe fssm32.exe fw.exe fwsrv.exe fxsrv.exe gateway.exe icmon.exe ike.exe ipatrol.exe ipcsvc.exe ipctray.exe jpf.exe jpfsrv.exe kav.exe kavmm.exe kpf4gui.exe kpf4ss.exe licwiz.exe live help.exe lpfw.exe mpsvc.exe netguard lite.exe netmon.exe nip.exe njeeves.exe nstzerospywarelite.exe nvcoas.exe nvcsched.exe nvoy.exe oeinject.exe omnitray.exe onlinent.exe onlnsvc.exe op_mon.exe pcipprev.exe pf6.exe pfsvc.exe pgaccount.exe procguard.exe pxagent.exe pxconsole.exe r-firewall.exe rdtask.exe rtt_crc_service.exe sab_wab.exe savadminservice.exe savservice.exe scanwscs.exe smc.exe sp_rsser.exe spfirewallsvc.exe sppfw.exe spyhunter3.exe spywareterminator.exe spywareterminatorshield.exe ssupdate.exe superantispyware.exe swnetsup.exe swupdate.exe sww.exe tikl.exe tinykl.exe tray.exe tsansrf.exe tsatisy.exe tscutynt.exe tsmpnt.exe umxagent.exe umxcfg.exe umxfwhlp.exe umxlu.exe umxpol.exe umxtray.exe updclient.exe vcatch.exe vdtask.exe vsdesktop.exe vsmon.exe wsweepnt.exe wwasher.exe xauth_service.exe xfilter.exe zanda.exe zerospyware le.exe zerospyware lite.exe zerospyware lite_installer.exe zlclient.exe zlh.exe
Analysis by Marian RaduLast update 29 June 2010