APS TRojan.pz
This Trojan horse, a.k.a. Mine.exe, is a Visual Basic 5 password stealer designed to attack AOL software installations in order to determine the password of user accounts. This Trojan is then believed to send the account detail to the author of the Trojan. This file could have been received by email as an attachment, with a subject line of "hey you".
The attachment is 216,576 bytes and has an icon which resembles a PKLite self-extracting file however it is not of this type. The file has been widely seen as the name "MINE.EXE". This trojan apparently makes several calls to system DLLs in order to write 4 files to the local system, mark them as hidden, edit the WIN.INI to load via the run line and also edit the registry to load at Windows startup. Attempts to analyze changes to they system by launching the RegEdit tool are diverted by a stealth monitor by the Trojan. The WIN.INI is marked as read-only also in an attempt to prevent removing the file information in the run line.
This Trojan is dependent on the file MSVBVM50.DLL without which it cannot run. This DLL exists on Windows 98 systems but does not exist on Windows 95 by default.