W32/Small.DMA!tr.dldr - 06-09-01
, with file size 6728
- Copies itself to: undefinedSystemDirectoryundefined
Installation to System:
- When run, it copies itself to:
- And creates these registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ttool = "undefinedWINDOWSundefined\scvc.exe", where undefinedWINDOWSundefined refers to the Windows folder HKEY_CURRENT_USER\Software\Microsoft\InetData k1 = [random dword value] k2 = [random dword value] Data = [random hex value]
More Info:This is downloaded by W32/Dloadr.AMA!tr.dldr. When executed, it copies itself to the Windows folder as scvc.exe and executes that copy. This malware monitors window information for typed user IDs and passwords. It has the capability to send this information to a remote server.