Trojan-PSW.VBS.Half
Trojan-PSW.VBS.Half is a malicious program designed to search your system to find stored passwords, usernames, logins, PINs or even registration data and send to a hacker via email, a FTP or HTTP connection. You need to look at Trojans, malicious programs or worms as virtual criminals armed and dangerous to attack your PC and data. From the time a Trojan like Trojan-PSW.VBS.Half gains entry onto your PC, it is busy at work executing steps to:
- Unload malicious programs or files it carried inside.
- Modify the system's configuration so that its executable will run at every boot or a hacker can control web communications to send/receive data.
- Add malicious program to approved programs listing to bypass firewall.
- Edit files or programs threatening existence and mission, which might include actually deleting some programs.
- Survey system and gather vital data to transmit it immediately or store on the infected system for later transmission to a remote server.
One of the security alerts or APBs (All Points Bulletin) indicated that Trojan-PSW.VBS.Half was a VBScript virus, and its file size was approximately 977 bytes. It further indicated Trojan-PSW.VBS.Half specifically targeted Win9x systems (Win 95, 98 and ME) having weak or no Internet security in place. Once inside, Trojan-PSW.VBS.Half was found to search directories on the victim's C:\ drive for files having a *.pwl extension, since these files are known to store user passwords. Trojan-PSW.VBS.Half may gather other data such as passwords, user names, PINs stored in the cache or system log data, encrypt it and send via email or using a HTTP or FTP connection.
When sending by email, Trojan-PSW.VBS.Half used an activeXobject 'MSMAPI.MAPISession' to transmit data to its boss (a hacker) under the address of onehalf***4@mail(dot)ru. The structure of the email may read as follows:
To: onehalf***4@mail(dot)ru
Subj: 'this is test for lame'
Body: 'hello my friend(c) onehalf***4:'.
An annoying but obvious sign is the circus act of a rogue security program. Rogue security programs use a series of false/positives and negatives to plant seeds of panic in the mind of its victims, in hopes they will blindly fall trap and hand a hacker their credit card information. Never entertain the tricks of some slick-looking interface that appears out of nowhere and runs an unauthorized quick scan. Security researchers who tested the architect of a basic rogue security program found the absence of the coding or script needed to initiate a scanning engine, so basically, what the victim sees is the simulation of a scan, created using JavaScript and imagery. Do not abandon your PC and allow some hacker to win! You should use a stealth anti-malware tool that is equipped with the necessary tools, such as an anti-rootkit, to not only remove Trojan-PSW.VBS.Half but to protect your system against future attacks!
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | msosdrop00.dll | |
| 2. | ttFKKFKK1065.dll | |
| 3. | yuiabct.exe | |
| 4. | wyrsdj.dll | |
| 5. | kavo0.dll | |
| 6. | winlogun.exe | |
| 7. | sgdewg.dll | |
| 8. | wzcfsw.dll | |
| 9. | RhdwE8NYdbqQ.dll | |
| 10. | iexplore.exe | |
| 11. | Slave.exe | |
| 12. | otrewe1.dll | |
| 13. | cvsdfw.exe | |
| 14. | hyrteas0.dll | |
| 15. | WowInitcode.dll | |
| 16. | 326xxx.dll | |
| 17. | kavo1.dll | |
| 18. | winsvr32.exe | |
| 19. | vshost.exe | |
| 20. | yxcsbhlp.dll | |
| 21. | dzmydf.dll | |
| 22. | WebPaper.exe | |
| 23. | msejfzrl.dll | |
| 24. | sichost.exe | |
| 25. | 08223b03.dll | |
| 26. | 49400W.exe | |
| 27. | 338448L.exe | |
| 28. | 3272xxx.dll | |
| 29. | tciocp64.exe | |
| 30. | zywmdime.dll | |
| 31. | svchosts.exe | |
| 32. | iexplorer.exe | |
| 33. | fsrgeb.dll | |
| 34. | jfdses.dll | |
| 35. | zgxfdx.dll | |
| 36. | pcidisk.sys | |
| 37. | yuiabct.dll | |
| 38. | ZCfgSvc.exe | |
| 39. | helper.dll | |
| 40. | rttrwq.exe | |
| 41. | antit.dll | |
| 42. | 1[1].exe | |
| 43. | fgjk4wvb.dll | |
| 44. | kavo.exe | |
| 45. | amvo.exe | |
| 46. | msmxjchn.dll | |
| 47. | wm1dap.dll | |
| 48. | ltsolvrz.dll | |
| 49. | 533931MM.DLL | |
| 50. | msuqddft.dll | |
| 51. | ctfmon.exe | |
| 52. | 10417sys.dll | |
| 53. | 2ef0d734.dll | |
| 54. | 533931M.exe | |
| 55. | 4138kou.dll | |
| 56. | mfchlp64.exe | |
| 57. | msosjtio00.dll | |
| 58. | wintunpce.exe | |
| 59. | fjyjy.dll | |
| 60. | yebaep.dll | |
| 61. | tdfhex.dll | |
| 62. | dndsaf.dll | |
| 63. | liser.dll | |
| 64. | fmsjhif.dll | |
| 65. | msasvc.exe | |
| 66. | gina_x86.dll | |
| 67. | mkfght0.dll | |
| 68. | isadisk.sys | |
| 69. | load[2].exe | |
| 70. | 7F1C46C1BD7F.dll | |
| 71. | 03518usc.dll | |
| 72. | msosfmsq00.dll | |
| 73. | mf[1].exe | |
| 74. | nodlogin.exe | |
| 75. | tavo1.dll | |
| 76. | WinSoft3.DLL | |
| 77. | csrns.exe | |
| 78. | WINSvr64.exe | |
| 79. | jsdb.dll | |
| 80. | 122b901e.dll | |
| 81. | 49400M.exe | |
| 82. | 55551.dll | |
| 83. | zAPWgSjGrSpdsE4.fon | |
| 84. | dat5.tmp | |
| 85. | z9gNwvuVDpyQqHSu.fon |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.