PWS:Win32/Fotip.A
PWS:Win32/Fotip.A is a password-stealing Trojan that grabs an attcekd computer user's passwords for email and IM applications and passwords stored in web browsers. PWS:Win32/Fotip.A then transfers these passwords to a remote cybercriminal. PWS:Win32/Fotip.A aims to steal the target PC user's passwords. After PWS:Win32/Fotip.A has been uninstalled, affected PC users should change their passwords. While being installed on the victimized computer, PWS:Win32/Fotip.A makes system changes by dropping harmful files and modifying the Windows Registry. PWS:Win32/Fotip.A disables the Windows Firewall, and transfers the passwords stolen by a variety of programs to a remote FTP website.
File System Details
PWS:Win32/Fotip.A may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | ictd.bat | |
| 2. | image.exe | |
| 3. | icd.bat | |
| 4. | iewed.bat | |
| 5. | picture viewer.exe | |
| 6. | aatd.bat | |
| 7. | ied.bat | |
| 8. | msnd.exe | |
| 9. | cond.reg | |
| 10. | keeprun.ini | |
| 11. | bms.klm | |
| 12. | sad.vbs | |
| 13. | dd.vbs | |
| 14. | pid.pdf |
Registry Details
PWS:Win32/Fotip.A may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run stat2 = "aatd.bat"
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.