Tro.fullbizzone.svchost
Category: Trojan
Risk:
Severe Risk
* Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.
Description: Tro.fullbizzone.svchost is a program used by attackers to steal sensitive information from the infected machine. Tro.fullbizzone.svchost installs itself as a BHO (Browser Helper Object) on the infected machine. Tro.fullbizzone.svchost steals information from form logs. This information can include user name and passwords, credit cards numbers and other sensitive information. Tro.fullbizzone.svchost steals passwords from E-mail programs as well as the Windows protected storage area. Tro.fullbizzone.svchost will steal any E-mail address that can be found on the infected system. Tro.fullbizzone.svchost also collects information about the infected such as the operating system installed, service packs and programs. Tro.fullbizzone.svchost creates 5 files in the %Windows% directory (f1.rlg, f2.rlg, f3.rlg, f4.rlg, f5.rlg) where this information is stored. This stolen information is then transferred via FTP to a pre-defined address. Tro.fullbizzone.svchost may also attempt to disable alerts from firewall programs in order to circumvent detection.
Alias: None
Signatures:
process: svchost.exe: MD5 Hash: f78beabac2c7e663b34..
Copyright @2006 THR Computer Solutions: Tro.fullbizzone.svchost