Trj/GdSda.A

Trj/GdSda.A Description

Trj/GdSda.A is a detection name that AV companies might use to refer to a Remote Access Trojan (RAT). The Trj/GdSda.A RAT is classified as a mid-tier threat that is employed in campaigns to steal user credentials for online banking portals and social media accounts. Trj/GdSda.A is what some cyber security researchers might call an info stealer Trojan. Modern-day threats are complex programs that are not easily classified as Trojans, worms, ransomware, and RATs. Threats like the Trj/GdSda.A include a keylogger module that can be used to record your keyboard (virtual keyboard included) input and clicks on online forms. The careful examination of Trj/GdSda.A revealed that an attacker could use the threat to scan the compromised computer for data and extract files over HTTP data transmission protocol. Trj/GdSda.A is reported to include the ability to copy user credentials saved in software like Mozilla Thunderbird, Skype, mIRC, XChat, FileZilla, Google Chrome, Mozilla Firefox, Opera and Internet Explorer.

Malware researchers alert that the Trj/GdSda.A Trojan is installed on computers utilizing physical access. That means that a threat actor needs direct access to the targeted computer. The payload of Trj/GdSda.A may be saved to a USB drive, which can be used to inject a corrupted code via the PlugNPlay technology on Windows. The Trj/GdSda.A Trojan might be registered as a system service to avoid AV scanners and monitor the user's activity. The threat may run from the Temp, AppData and System32 folders on the primary local disk. Trj/GdSda.A appears to support 64-bit and 32-bit operating systems, and it can run on the latest versions of Windows. It is recommended that you run a complete system scan with a reputable anti-malware solution if you suspect infection with Trj/GdSda.A. The symptoms of Trj/GdSda.A infection include program errors, inability to access folders under the AppData directory, processes with random names in the Task Manager and failure to log in your email client. AV companies may use the following names to identify code that belongs to Trj/GdSda.A:

  • PSWTool.Win32.MPR!O
  • Riskware.PSWTool!
  • TROJ_GE.10E03BC1
  • SPY_STILLER.B
  • Win32/PSW.Delf.OAS

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

One Comment

  • Moritz Franz:

    I use the Antivirus Software called "Panda Security". Unfortunately my PC seems to be infected with this malware. My AV Software detected the virus on 3 days ago. I guess it put the malware files directly into a isolated place but I am still worry if this logged some of my data and send it to someone else. Is there the possibility that my program didn't detected the malware for some time and then detected it?
    Do you guys know, when this malware sends data to the "hacker"? Is it always the case?

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.