Home / malware Trojan-PSW:W32/Lmir.BPG
First posted on 07 December 2007.
Source: SecurityHomeAliases :
Trojan-PSW:W32/Lmir.BPG is also known as Trojan-PSW.Win32.Lmir.bpg.
Explanation :
This is typical Trojan that logs keyboard strikes (key logger) and URLs visited by the user.
- C:xp2007.dat
- Detected as Trojan-PSW.Win32.Lmir.bpg
This malware installs itself as a Browser Helper Object. It creates the following autostart registry keys:
- HKLMSoftware{5FF908C9-578F-4A40-9643-E0CA07093990}
- HKLMSoftwareClassesCLSID{5FF908C9-578F-4A40-9643-E0CA07093990}
- HKLMSoftwareClassesCLSID{5FF908C9-578F-4A40-9643-E0CA07093990}InprocServer32
- HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{5FF908C9-578F-4A40-9643-E0CA07093990}
This malware logs keyboard strikes and mouse clicks of the user and then saves them in a file with a random name in the system's default temporary directory. It also logs the URLs (web site addresses) visited by the user and saves them in a separate log file, also with a random name.
Note: The temporary directory is normally C:Documents and Settings[account name]Local SettingsTemp.
Last update 07 December 2007