| |
|
|
| |
| Virus Information |
| |
| Profile | Prevalence:  Medium |
| |
| Name | W32/PrsKey-A |
| Type | Spyware Worm |
| How it spreads | Internet Downloads |
| Affected operating systems | Windows |
| Aliases | -- |
| Date of surface | 24 August 2005 |
Description |
This is a password stealing and keylogging worm that silently monitors keyboard activity waiting for the user to either play Priston Tale or access Yahoo! email accounts and begins keylogging information once access is found.
W32/PrsKey-A includes functionality to:
- access the internet and communicate with a remote server via HTTP
- send the logged information to a remote location
|
Recovery |
You have to remove the virus. You need to do one of the following things:
1) The latest virus vaccine update of eScan removes the worm from your system. Ensure that Internet access for your system is running. Right click on  and click Download eScan update. The latest updates are downloaded,your system is scanned and the worm is removed.
OR
2) Download the free MicroWorld Anti Virus Toolkit (MWAV Tool Kit). The tool checks your machine for viruses. If any illegal dialers or sniffer tools have been installed they are detected.
MWAV Tool Kit
(Download the free MicroWorld Anti Virus Toolkit that detects viruses in system registry and running processes)
Link 1
Link 2
Link 3
eScan Internet Security Suite (ISS)
(Download MicroWorld`s eScan that detects viruses in system registry,running processes and has a real time monitor)
Link 1
Link 2
Link 3
Link 4
Link 5
Link 6
|
Advanced |
This is a password stealing and keylogging worm that silently monitors keyboard activity waiting for the user to either play Priston Tale or access Yahoo! email accounts and begins keylogging information once access is found.
W32/PrsKey-A includes functionality to:
- access the internet and communicate with a remote server via HTTP
- send the logged information to a remote location
When run W32/PrsKey-A attempts to copy itself to the location:
"Program Files"\Common Files\Winllogo.exe
"Program Files"\Common Files\Win.exe
W32/PrsKey-A creates the registry entry to run Winllogo.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SpyEx
"Program Files"\Common Files\Winllogo.exe
Once installed, W32/PrsKey-A will begin keylogging information and store the logged information to the file C:\text.txt. This file is harmless and can be deleted.
W32/PrsKey-A spreads by attempting to copy itself to network shared folders at the following location:
\Documents and Settings\All Users\Start Menu\Programs\Startup\winllogo.exe
|
|
|
|
|
| |
|
|
|