Selected viruses, spyware, and other threats: sorted alphabetically
Win32/Spy.Agent.NSO
|
Short description
Win32/Spy.Agent.NSO is a trojan that steals sensitive information. The trojan can send the information to a remote machine. Trojan is probably a part of other malware.Installation
When executed, the trojan creates the following files:- %temp%..%variable1%.dll (126464 B)
- %temp%%variable2%.tmp
- %allusersprofile%rundll32
- %system%%variable3%.dll
- %system%rundll32.exe, %temp%..%variable1%.exe
- %temp%..%variable1%.exe shell32.dll,Control_RunDLLA
"%temp%..%variable1%.dll"
- [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices
Iprip]
"Type" = 32
"Start" = 2
"ErrorControl" = 1
"ImagePath" = "%systemroot%system32svchost.exe -k
netsvcs"
"DisplayName" = "Iprip"
"ObjectName" = "LocalSystem"
"Description" = "Iprip"
- [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices
Iprip]
"Type" = 32
"Start" = 2
"ErrorControl" = 1
"ImagePath" = "%systemroot%system32svchost.exe -k
netsvcs"
"DisplayName" = "Iprip"
"ObjectName" = "LocalSystem"
"Description" = "Iprip" - [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices
IpripParameters]
"ServiceDll" = ".%variable3%"
A string with variable content is used instead of %variable1-3%.
Information stealing
Win32/Spy.Agent.NSO is a trojan that steals sensitive information.The trojan acquires data and commands from a remote computer or the Internet. The trojan contains an URL address. The HTTP protocol is used.
The following information is collected:
- operating system version
- CPU information
- installed software
- computer name
- list of disk devices and their type
- log keystrokes
- capture webcam video/voice
