Home / malwarePDF  

TrojanSpy:Win32/Goongush.A


First posted on 24 September 2010.
Source: SecurityHome

Aliases :

TrojanSpy:Win32/Goongush.A is also known as TrojanSpy.Goongush.A (VirusBuster), Trojan-Spy.Win32.Goongush (Ikarus).

Explanation :

TrojanSpy:Win32/Goongush.A is a trojan that steals user information from an infected computer.
Top

TrojanSpy:Win32/Goongush.A is a trojan that steals user information from an infected computer. Installation TrojanSpy:Win32/Goongush.A is installed in the system as a component of other malware. It usually arrives with the following file name:

  • sp.exe
    • Payload Steals information TrojanSpy:Win32/Goongush.A may steal the following information from an infected computer:
  • Address Book information
  • Autorun Registry entries
  • Browsed websites in Internet Explorer
  • Installed software, including antivirus software
  • Open ports
  • Outlook user names and passwords
  • Running processes
  • System information
    • The logged information is then encrypted and stored on the following file:
  • %Temp%\skytmp.dll


    • Analysis by Elda Dimakiling

    Last update 24 September 2010

     

    TOP

    Malware :

    Family: