MSIL/Spy.Agent.JG [Threat Name] go to Threat

MSIL/Spy.Agent.JG [Threat Variant Name]

Category trojan
Size 36864 B
Detection created Jul 19, 2013
Detection database version 10017
Aliases PSW.MSIL.DYD.trojan (AVG)
  TR/Spy.Gen (Avira)
Short description

MSIL/Spy.Agent.JG is a trojan that steals sensitive information. The trojan attempts to send gathered information to a remote machine.

Installation

The trojan does not create any copies of itself.


In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "winlogon" = "%malwarefilepath%"
Information stealing

The trojan collects the following information:

  • user name
  • computer name

The trojan is able to log keystrokes.


The trojan keeps various information in the following files:

  • %startup%\­datalog.txt

The trojan attempts to send gathered information to a remote machine.


The trojan sends the information via e-mail. The SMTP protocol is used.


Other information

The trojan checks for Internet connectivity by trying to connect to the following addresses:

  • http://www.google.com

Trojan requires the Microsoft .NET Framework to run.

Please enable Javascript to ensure correct displaying of this content and refresh this page.