Name Troj/CashGrab-C
Type
* Trojan
Affected operating systems
* Windows
Side effects
* Steals information
* Drops more malware
* Reduces system security
* Installs itself in the Registry
Aliases
* PWS-Cashgrabber
* Trojan.Win32.Agent.cc
* Trojan.Win32.Agent.cw
Description:
Troj/CashGrab-C is a password stealing Trojan which attempts to steal confidential information and send it to a remote location.
When the Trojan is installed the following files are created:
<Windows system folder>\msupdate.dll
<Windows system folder>\windows.idn
<Windows system folder>\winsetup.exe
<Windows system folder>\winst.msi
msupdate.dll is also detected as Troj/CashGrab-C. winsetup.exe is detected as Troj/CashGrab-A. windows.idn and winst.msi are harmless text files.
The file msupdate.dll is registered as a Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry entries under:
HKCR\CLSID\{3A4E6FF3-BF59-446E-9DC8-731BCE2F349A}\
Troj/CashGrab-C monitors browser windows for content indicative of an internet banking site. Upon encountering such windows, the Trojan attempts to record any data entered into these windows and send it to the author via an HTTP form submission.
Type
* Trojan
Affected operating systems
* Windows
Side effects
* Steals information
* Drops more malware
* Reduces system security
* Installs itself in the Registry
Aliases
* PWS-Cashgrabber
* Trojan.Win32.Agent.cc
* Trojan.Win32.Agent.cw
Description:
Troj/CashGrab-C is a password stealing Trojan which attempts to steal confidential information and send it to a remote location.
When the Trojan is installed the following files are created:
<Windows system folder>\msupdate.dll
<Windows system folder>\windows.idn
<Windows system folder>\winsetup.exe
<Windows system folder>\winst.msi
msupdate.dll is also detected as Troj/CashGrab-C. winsetup.exe is detected as Troj/CashGrab-A. windows.idn and winst.msi are harmless text files.
The file msupdate.dll is registered as a Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry entries under:
HKCR\CLSID\{3A4E6FF3-BF59-446E-9DC8-731BCE2F349A}\
Troj/CashGrab-C monitors browser windows for content indicative of an internet banking site. Upon encountering such windows, the Trojan attempts to record any data entered into these windows and send it to the author via an HTTP form submission.