Troj_Platan: a password stealer
03/30/2000) This password stealing Trojan has been reported to collect system passwords from the infected PC and emails it automatically to the author. The virus moves itself from the current working directory to \Windows\system\iexpand.exe and adds an entry to the registry. The registry key is "iexpand" and the value is iexpand.exe. The key name is:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. <BR>
The virus depends on the user's email client software as it sends the email using SMTP. The mail is sent to onegin@mailru.com. The Trojan gets Windows password information including network password, windows password, dial-up password and other system passwords. It also includes the machine information in the email. The Trojan deletes the Windows system file REGEDIT.EXE and MSCONFIG.EXE.