Generic PWS.y!bhd

Generic PWS.y!bhd Description

Generic PWS.y!bhd is a password stealing Trojan that will put a victim's private data in danger of being stolen and used for malicious activities. Generic PWS.y!bhd usually spreads via infected spam e-mails or browser holes. Generic PWS.y!bhd is known to steal information such as online banking credentials, passwords, usernames and more. Victims are advised to utilize an anti-spyware program to detect and remove Generic PWS.y!bhd.

Technical Information

File System Details

Generic PWS.y!bhd creates the following file(s):
# File Name Detection Count
1 %WinDir%\system32\sdra64.exe N/A
2 %WinDir%\system32\lowsec\user.ds.lll N/A
3 %WinDir%\system32\lowsec\user.ds N/A
4 %WinDir%\system32\lowsec\local.ds N/A

Registry Details

Generic PWS.y!bhd creates the following registry entry or registry entries:
Registry key
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Current Version\Explorer\{4776C4DC-E894-7C06-2148-5D73CEF5F905}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Current Version\Explorer\{3446AF26-B8D7-199B-4CFC-6FD764CA5C9F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Current Version\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6}